Slashdot Mirror

← Back to Domains

Domain: die.net

Stories and comments across the archive that link to die.net.

Stories · 3

  1. Moxie Marlinspike: GPG Has Run Its Course

    It · Encryption · · posted by Soulskill · from the end-to-end-before-the-ends-moved dept. · 309 comments
    An anonymous reader writes: Security researcher Moxie Marlinspike has an interesting post about the state of GPG-encrypted communications. After using GPG for much of its lifetime, he says he now dreads getting a GPG-encrypted email in his inbox. "Instead of developing opinionated software with a simple interface, GPG was written to be as powerful and flexible as possible. It's up to the user whether the underlying cipher is SERPENT or IDEA or TwoFish. The GnuPG man page is over sixteen thousand words long; for comparison, the novel Fahrenheit 451 is only 40k words. Worse, it turns out that nobody else found all this stuff to be fascinating. Even though GPG has been around for almost 20 years, there are only ~50,000 keys in the "strong set," and less than 4 million keys have ever been published to the SKS keyserver pool ever. By today's standards, that's a shockingly small user base for a month of activity, much less 20 years." Marlinspike concludes, "I think of GPG as a glorious experiment that has run its course. ... GPG isn't the thing that's going to take us to ubiquitous end to end encryption, and if it were, it'd be kind of a shame to finally get there with 1990's cryptography."

  2. Distinguishing Encrypted Data From Random Data?

    Ask · Storage · · posted by timothy · from the is-this-a-solved-problem? dept. · 467 comments
    gust5av writes "I'm working on a little script to provide very simple and easy to use steganography. I'm using bash together with cryptsetup (without LUKS), and the plausible deniability lies in writing to different parts of a container file. On decryption you specify the offset of the hidden data. Together with a dynamically expanding filesystem, this makes it possible to have an arbitrary number of hidden volumes in a file. It is implausible to reveal the encrypted data without the password, but is it possible to prove there is encrypted data where you claim there's not? If I give someone one file containing random data and another containing data encrypted with AES, will he be able to tell which is which?"

  3. Optimizing Page Load Times

    · posted by ryuzaki0 · 186 comments
    John Callender writes, "Google engineer Aaron Hopkins has written an interesting analysis of optimizing page load time. Hopkins simulated connections to a web page consisting of many small objects (HTML file, images, external javascript and CSS files, etc.), and looked at how things like browser settings and request size affect perceived performance. Among his findings: For web pages consisting of many small objects, performance often bottlenecks on upload speed, rather than download speed. Also, by spreading static content across four different hostnames, site operators can achieve dramatic improvements in perceived performance."