Slashdot Mirror
Ask Security/Cryptography Expert Paul Kocher
Paul Kocher is unquestionably one of the highest-profile computer and network security experts around. He's president of Cryptography Research, Inc. and one of the architects of SSL 3.0. The floor is now open. Please try not to ask questions that can be answered with a few minutes' worth of online research. We'll post Paul's answers to 10 of the highest-moderated questions soon after he gets them back to us. Update: 03/13 18:18 GMT by M : Let's try this one more time, this time with feeling.
Therefore, "Please try not to ask questions that can be answered with a few minutes' worth of online research." should be rewritten as, "Please try not to ask or moderate up questions that can be answered with a few minutes' worth of online research. "
They can barely run the site without breaking things left and right. They can't even post your article without screwing it up. Plus, the inane commentary of dimwit "editors" leaves much to be desired, and they actually expect people to pay money for subscriptions!
+5 Insightful
They're called Neutron Bombs.
Honestly, as long as a system can be accessed by someone. It can be accessed by someone that shouldn't.
"Politicians are interested in people. Not that this is always a virtue. Fleas are interested in dogs." P.J. O'Rourke
Why not make stories have a ten or fifteen minute delay to allow people to actually READ the articles. Have a little timer that says how long until the story goes live for comments. This might take care of some of those who never read the articles.
Just a thought....
Along these lines, of your own personal communications and data storage, what do you encrypt and what do you leave unencrypted?
"I don't know half of you half as well as I should like, and I like less than half of you half as well as you deserve."
Can you present a brief argument that you believe should raise the interest level of the general public in the need for cryptography?
sig.
Which algorithm / program do you use to protect your "top secret" files? And is there any commonly-used algorithm / program that you wouldn't trust to protect your shopping list?
RMN
~~~
All of cryptology is built on a group of cryptographic primitives. Block ciphers, hash functions, factoring problems, discrete log problems, etc. are all used to build higher order cryptographic structures, such MACs, encryption, and signature schemes. However, all of these primitives are not proven secure. How do you feel about cryptology being built on such a fragile foundation, essentially making it a house of cards?
reducing the ability for outsiders to influence access isn't solving much?
The problem is not people figuring out people's passwords. I'd just like to pose: What happens when a buffer overflow is discovered in the biometric information acceptance daemon?
stop using bad programming practices and allow for dynamic length buffers, or at the very least use checked length function calls.
security is a multi prong problem that demands multiple solutions, saying that one solution doesn't solve all the issues is a no duh type statement.
However, I was not referring to the same kinds of VPNs the AC mentions. I understand why TCP over TCP is a bad idea.
I was thinking of these kinds of products:
-------
Warning: Slashdot may contain traces of nuts.
Had to mod this down... It really is funny, but I don't think it should take up space with the answerable questions that are sent. (That is, of course, unless he really can read it, and it wasn't meant to be funny.)
Others have suggested that comments obviously intended as 'funny' should not be sent in the interview (as I remember the Kevin Mitnik "What's my PayPal account password?") but I don't believe it has been instituted yet.
I'll probably take a metamoderation hit for it...
"We demand rigidly defined areas of doubt and uncertainty!" - Vroomfondel, H2G2
First, it's not well-known that the NSA is years ahead of the pack. That's purely speculation. The NSA says so little about how much they know that anyone who says "they're years ahead" just shows they don't know what they're talking about.
In the '70s, '80s, and on up into the '90s, the NSA was certainly ahead of the civilian cryptanalytic community. DES, for instance, had its S-boxes strengthened against differential cryptanalysis in the '70s--about a decade and a half before the civilian cryptanalytic community discovered differential cryptanalysis.
But recently, there've been tantalizing signs the NSA is not as far ahead as people once thought. The civilian cryptanalytic community has grown tremendously in just the last ten years, and the quality of scholarship is the best we've seen since Turing and Shannon established the field. The civilian cryptanalytic community is now breaking NSA designs.
For instance: the NSA submitted a pretty cool cipher mode (Dual Counter Mode) for use with AES. People were looking forward to the opportunity to beat on an NSA design--and lo and behold, Dual Counter Mode was broken within a matter of weeks. The cryptoparanoids out there will say the NSA intentionally put out a weak mode in order to fool their enemies into underestimating their talents, but--really. Occam's Razor applies to the NSA as much as it applies to anyone else. The simpler explanation is that the NSA got egg on their face, just like everyone else has had. If you're going to be active in the crypto community, you're going to get your fair share of brain-os. Bruce Schneier presented MacGuffin at one conference only to have his brainchild be broken before the conference ended. If something like that can happen to Bruce, why should the NSA be immune?
The really fascinating NSA braino is, undoubtedly, SKIPJACK, the cipher which was going to be the heart of the Clipper Chip. It had a very solid design and 32 rounds. 32 rounds is a lot of rounds--the idea the NSA would make a 32-round cipher struck a lot of people as evidence that the NSA was being extremely conservative.
Eli Biham took a look at the SKIPJACK design and, pretty much on a mental lark, decided to play around with some numbers. Before SKIPJACK had been published a month, Biham had invented an entirely new differential cryptanalysis scheme--"impossible differential cryptanalysis"--and had used it to break 31 of SKIPJACK's 32 rounds.
Remember: SKIPJACK was the NSA's effort at making a safe, strong cipher. They swore before Congressional intelligence subcommittees that SKIPJACK didn't have back doors, and they allowed a small number of outside experts (incl. Dorothy Denning, who's a crypto luminary) to review major portions of the classified cipher.
So either you've got to believe the NSA lied to Congress, deliberately deceived Denning, and that Denning wasn't smart enough to know she was being deceived... or you can believe the civilian cryptanalytic community is getting good enough to challenge the NSA on the NSA's own terms.
Anyway. Come to your own beliefs as to how far ahead the NSA is of the civilian cryptanalytic community. I think the answer is "not very", but reasonable people will certainly disagree on these things.
*sigh* I really wish people wouldn't mod up questions which can be adequately answered with a quick Google search. That said--please mod the parent down, since it's not worth Paul's time. But I'm not going to leave the poster emptyhanded, either.
0 00 0000000
... joules of power.
... joules of power.
In order to flip a bit requires a thermodynamic minimum of 4.4 * 10**-26 joules of energy. (Ignore the time/power theoretical tradeoff and energyless reversible computing, please: those are still purely theoretical, and we have no computers which can do it. For that matter, we have no computers which can approach the thermodynamic minimum, but let's give the NSA some credit.)
That means it requires a minimum of 1.1 * 10**-23 joules of power to store a 256-bit AES key. Let's assume you have some kind of truly bizarre key cracker that can do an energyless rekey and key trial: all you have to do is have 1.1 * 10**-23 joules of power for each key you want to test. That's the thermodynamic minimum energy you need just to store the key.
To break a 256-bit key by brute force requires, on average, 2**255 operations. Multiply 1.1 * 10**-23 joules of power by 2**255, and you get 6.5 * 10**53 joules of power.
Let me repeat this.
It requires
65000000000000000000000000000000000000000000000
By comparison, the Sun's annual power output is in the realm of 1.2 * 10**34 joules.
Or
120000000000000000000000000000000000
Are you beginning to see why it's such a silly question to ask whether or not modern ciphers can be brute-forced with Crays?
Please. Use Google before asking questions.
SSL VPNs have one advantage going for them that IPSEC can't compete with- "stealth" mode. Ok, it's surely not invisible, but you can usually configure the port you want it to run on. OpenVPN is what I have converted five of us over to from working FreeS/WAN VPNs, as most of us have the same ISP who has claimed they will be blocking IPSEC packets from residential customers. We don't want our VPN to disappear, so we're forced to use this TLS VPN package.
I'm unaware of any weaknesses this has versus a real IPSEC solution, but I'm not an expert and that does lead me into my point- lots of people here have struggled with FreeS/WAN- OpenVPN takes about 3 hours to read up on, build, install, configure, and get running.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
oops, that's extricate
The way to cut down on e-fraud is to have the people in charge educating businesses etc in IT security. There is also an "embarassment factor" - which means that a lot of e-fraud goes unreported. Personally - my thoughts are of employing ex- e-fraudsters - but that wouldn't go down too well!
The banks have major IT security flaws they do nothing about anyway. *whistles innocently*
Personally I feel if the private individual can afford it then yes - they have access to powerful & secure computers. There is still a big digital divide between the rich and poor. People are still pretty ignorant when it comes to cryptography. RSA are still running that key competition though.
Criminals use the internet to commit e-fraud as they could be based in Russia (with lax computer laws) and yet be virtually in the US (or UK). Most attempts are script kiddies though. There is a grey line between what's illegal and a nuisance - and what's illegal and something you'd sue an individual over (civil or criminal). Criminals will always find a way to commit crime. What's more worrying is that with cryptography they can communicate with each other in ways that are very difficult to decode.
The whole escrow key thing & liasing with the "authorities" - well - it's been the source of at least one Tom Clancy novel! I live in the UK - we're well - quite a bit behind the US in regards to IT.
Video Game cheats, hints a
When we talk about crpytography, people go around saying that one method is stronger than another, however, I haven't seen quantifiable measures of strength presented. What (if any) strength measurements do security analysts use and how are
these measurements computed?
It seems that the primary problem with cryptography is sociology, not mathematics. I spent about two weeks signing messages before co-workers complained that it made mail more difficult to read. A talk I gave last year on the importance in securing reseach data was attended by a total of 3 people. What do you see as the biggest barriers to adoption of digital signatures?