Classic New B&N eReader $259 & will allow sharing

[kennyc]

Quote:

Originally Posted by DaleDe

The new server will support both. Either will work to enable reading, however the users system will likely need an upgrade to accept both. Once all the server and devices are compatible it won't make any difference which DRM is in use, the reader will accept both.

Of course there are ramifications as to the capabilities afforded the user depending on which one the eBook has. For example the one with eReader DRM can be loaned to a friend or moved to any device.

Dale

Thanks. If they are independent and both are offered that is good.

[Ankh]

Quote:

Originally Posted by pilotbob

You would have to loose your reader.

It is worse than that, one needs "only" to loose his files (encrypted ebooks). Say, keeping those files on a PC connected to the network that gets infected or hacked...

I generally don't have problem with DRM and content protection. But this practice of using credit card number for encryption keys (the mechanics of encryption algo are irrelevant, really) is, IMHO ... evil.

[pilotbob]

Quote:

Originally Posted by Ankh

It is worse than that, one needs "only" to loose his files (encrypted ebooks). Say, keeping those files on a PC connected to the network that gets infected or hacked...

I disagree. The password/hash will not be stored in the ebook file itself.

BOb

[kennyc]

Quote:

Originally Posted by pilotbob

I disagree. The password/hash will not be stored in the ebook file itself.

BOb

Exactly. The information is only used to encrypt the file, it is not included in the file and you can't generate the password/hash/cc# etc from the encrypted file.

[LoganK]

They do not store a hash, but it could be bruteforced (by decrypting until successful). It wouldn't be a lookup, but, if we assume that the name is already known, then it would take 50 million attempts on average to get half of a credit card number. (That is a lot of work.)

Four of the eight digits will also be quite available as they are printed on most receipts. That brings it down to 5000 attempts on average (although the utility of the information is also greatly decreased).

Quote:

Originally Posted by Ankh

I generally don't have problem with DRM and content protection. But this practice of using credit card number for encryption keys (the mechanics of encryption algo are irrelevant, really) is, IMHO ... evil.

So what would you use? Something that is easy to locate/remember but that you wouldn't want to share with other people?

The use of your Username and password is far worse since, with that information, people can generally charge purchases to my account and gather a wide range of personal information (probably including the last four digits of my credit card). At least with half of a credit card number the number is still useless to them.

[sforce]

Matthew Miller, over at ZDNet, has cleared up some confusion about the Nook's WiFi capabilities:

"I posted yesterday about the Barnes & Noble Nook and then read Mitch Ratcliffe’s post where he primarily focused on the apparent limited use of WiFi. I just posed a couple of questions on the Nook press call and have to now tell Mitch he is wrong about the WiFi access, but he should actually be quite pleased since there are no limits. I confirmed that you can access and purchase books via both WiFi and AT&T 3G from any place where you have access to a network, including your home WiFi network. The Barnes & Noble store experience is just an enhanced experience that presents you with free content and also allows you to browse through books, just like you can physically in the bookstore."

http://blogs.zdnet.com/mobile-gadget...col1;post-2101

[sircastor]

Quote:

Originally Posted by kacir

You can retrieve a password.
Even if it is stored as a one-way hash.
There are numerous programs (such as well known John The Ripper for unix passwords) and services (such as server in Switzerland that has database of hashes for all possible password combinations for Windows computers (there is maximum 26 letters allowed in Windows))
It can't be that difficult to brute-force CC number on a quad-core machine with more than of 4GB RAM

I think this is more complex than you're giving it credit.
In the case of the windows password, you're not just looking at 26 characters in any combination, you're looking for up to 26 characters in any combination.
With just the initial 26 characters in any order, you're looking at 26^25, or as an integer:
2,367,738,300,079,67,588,876,795,164,938,469,376

That's a large number.
(That's assuming only 26 alphabet characters and no case differentiation)

Your quad-core machine is capable of a significant number of operations, but even so, it has to test those possible combinations. If we go in order starting with 26 consecutive "A"s, this test is going to take us a LONG time. Even at a million tries/second, You're still looking at BILLIONS of years. Brute force is a wholly impractical way to resolve passwords. If you add some rules to your brute force, you'll be able to do it faster, at the cost of not trying some passwords.

Now, the game is a little more promising for our criminal if we're working with a name and a credit card number combination. While the number of characters is greater (often, but not always), the available combinations are fewer. Some of the numbers on your credit card identify the issuer, the industry, etc. Names are fairly limited to probably a few thousand or ten-thousand.

I think we can safely assume that the hash is generated out of the name and Credit Card number, So you have to brute-force both simultaneously. Either way, we're again talking about an absurdly high number of tests.

The advantage our criminal has is that if he has your nook, he probably knows your name, just by playing around in it. So he has half the puzzle to begin with. Brute-forcing the credit card is much more possible now. The hash will be stored in the file (most likely) and will be there to test against (I assume).

In the end though, I think we're giving our criminal way too much credit. This is a guy that either swiped your nook when you weren't looking, found it when you lost it, or broke into your house and took it. I seriously doubt his skill to take on hash-cracking, simply because I don't think he's that bright.

Corrections to my math/logic are welcome.

[Ankh]

Quote:

Originally Posted by kennyc

Exactly. The information is only used to encrypt the file, it is not included in the file and you can't generate the password/hash/cc# etc from the encrypted file.

Buy that book yourself, reverse engineer PC reader and decrypt the content using your own key. Obtain encrypted file purchased by other user. Brute force (or slightly more clever) attack will fairly quickly give you all the encryption keys that produce resulting (encrypted) file.

You narrowed your search too close for comfort. Now weaken the key by other means (a hacker figures out what is the name of the victim from other file on infected computer)...

I know that my credit card number is safe if it is not used as (a part of) an encryption key. I am not so sure what gives you certainty that credit card number can not be retrieved from the encrypted file. What about so far unknown weaknesses of the encryption scheme?

You guys believe in unbreakable encryption? I don't, as a matter of principle.

[Ankh]

Quote:

Originally Posted by LoganK

So what would you use? Something that is easy to locate/remember but that you wouldn't want to share with other people?

I generally don't believe into the practicality of the DRM protection (all it does is pisses normal people off to search and consume pirated material), but if I was asked to design a solution, the decryption key (processor ID, really), and the decryption algorithm itself would be buried deeply into the silicon of the reader. Can't read it on PC, sorry.

[kennyc]

Quote:

Originally Posted by Ankh

Buy that book yourself, reverse engineer PC reader and decrypt the content using your own key. Obtain encrypted file purchased by other user. Brute force (or slightly more clever) attack will fairly quickly give you all the encryption keys that produce resulting (encrypted) file.

...

I know that my credit card number is safe if it is not used as (a part of) an encryption key. ..

Sheeh. See above.

And no, there are many other ways to get your credit card number as is demonstrated daily.

[pilotbob]

Quote:

Originally Posted by Ankh

Buy that book yourself, reverse engineer PC reader and decrypt the content using your own key. Obtain encrypted file purchased by other user. Brute force (or slightly more clever) attack will fairly quickly give you all the encryption keys that produce resulting (encrypted) file.

How much time have you spent studying encryption? It isn't that simple.

Also, lets assume your correct, and Charlie Epps is the one that stole your nook with the idea that he will figure out your CC/Name.

1. It is ONLY the last 8 digits of your credit card number.
2. Your name is probably written on the device. You don't want it returned if you loose it right?

But, lets even go further an say that this infinitesimally small probability happens... your credit card has fraud protection, you are not liable for the charges and your CC company will issue you a new number. Yes, a bit annoying... I'll admit since it happened to me recently.

But, lets face it... stealing your wallet with all your CC's in it is exceedingly easier than stealing your nook or encrypted files and being able to get your CC number from that.

BOb

[phenomshel]

Ok, I just got an answer out of Kevin (an admin at the BN forums) about navigation of content on the Nook:

Quote:

"A few questions here about navigating the content on your nook.
nook's touchscreen has a keyboard to help you search, lend and annotate your eBooks and other content.
The cover flow view is a great and fun feature, but you can also browse the content on nook a number of ways: by type (eBooks vs subscriptions vs other content you've loaded on nook, for instance), by title, or by author.
You can also use the touchscreen keyboard to search for the particular eBook or content. (We'll be getting a picture of the keyboard on the site soon.)
You can't put your eBooks into "folders" or tags at this time, but we've heard the request, and we're looking into it for down the road. (Thanks for the suggestion.)"

I just hope that "down the road" means pretty darn soon.

[rocket]

Quote:

Originally Posted by phenomshel

Ok, I just got an answer out of Kevin (an admin at the BN forums) about navigation of content on the Nook:



I just hope that "down the road" means pretty darn soon.

Don't worry. They're listening...

[phenomshel]

Quote:

Originally Posted by rocket

Don't worry. They're listening...

I would LOVE to know how you know that, but I'll take your word for it!

[Elfwreck]

Quote:

Originally Posted by phenomshel

you can also browse the content on nook a number of ways: by type (eBooks vs subscriptions vs other content you've loaded on nook, for instance), by title, or by author.
You can also use the touchscreen keyboard to search for the particular eBook or content. (We'll be getting a picture of the keyboard on the site soon.)
You can't put your eBooks into "folders" or tags at this time, but we've heard the request, and we're looking into it for down the road. (Thanks for the suggestion.)"

That doesn't sound promising for a 1000-ebook collection, much less a 5000+ ebook collection.

No folders, no tags can mean an awful lot of scrolling. I read Harlequin romances. I tag them as "romance." I sure don't want to have to wade through my entire author list trying to remember who wrote what, and the titles are a blur of inanity. (I think Harlequin ran out of good titles in about 1982.)

I also read a lot of fanfic, and sometimes I'll download and convert an entire fest's worth of fic at a time. (Fests are writing exchange contests where up to several dozen authors exchange stories on a themed topic.) I tag those with the fest name or abbreviation--again, when I want to find them, I don't want to scroll through hundreds (or thousands!) of authors or titles, trying to remember which ones are attached to that fest.

Amazing how they hype how many books it can hold... but shy away from discussing how bad the software is at actually dealing with full capacity.

(Presumably, it'll have an alphabet to jump to authors or titles of that starting letter, because otherwise it would be too painful to even think about. But that still doesn't help finding themed collections by different authors.)