Slashdot Mirror
Current Crypto Trends with Bruce Schneier
Saint Aardvark writes "SecurityFocus has published an interview with Bruce Schneier. Fascinating stuff, especially the level-headed assessments of the NSA, spam and the impact of full disclosure: 'Q: Since most crypto protocols on the internet, such as SSL or SSH, uses public-keys to build a secure channel, wouldn't a unexpected public disclosure create a chaos on the internet ? A: No. Chaos is hard to create, even on the Internet. Here's an example. Go to Amazon.com. Buy a book without using SSL. Watch the total lack of chaos.'"
Pbhyq lbh vagebqhpr lbhefrys ?
V'z n frphevgl grpuabybtvfg. Zl pnerre unf orra n frevrf bs trarenyvmngvbaf. V fgnegrq jbexvat va pelcgbtencul: zngurzngvpny frphevgl. Gura V ernyvmrq gung nyy gur pelcgbtencul va gur jbeyq jba'g uryc vs gur pbzchgre vf vafrpher, naq nyy gur pbzchgre frphevgl jba'g uryc vs gur argjbex vf vafrpher. Fvapr gura, V unir orra pbapragengvat zber ba gur fbpvny naq rpbabzvp nfcrpgf bs frphevgl, ernyvmvat gung nyy gur grpuabybtl va gur jbeyq jba'g uryc vs gubfr nera'g qbar evtug.
Zber ba zl onpxtebhaq pna or sbhaq ba fpuarvre.pbz
AFN yvprafrq Pregvpbz'f RP cngragf sbe $25 zvyyvba ynfg lrne, naq erpragyl naabhaprq gur arj HF tbireazrag fgnaqneq sbe xrl nterrzrag naq qvtvgny fvtangherf, pnyyrq Fhvgr O. Vg hfrf Ryyvcgvp Pheir Qvssvr-Uryyzna (RPQU) naq Ryyvcgvp Pheir Zrarmrf-Dh-Inafgbar (RPZDI) sbe xrl nterrzrag, naq Ryyvcgvp Pheir Qvtvgny Fvtangher Nytbevguz (RPQFN) sbe fvtangher trarengvba/irevsvpngvba. Qb lbh guvax gung AFN vf cebzbgvat RPP onfrq pelcgb orpnhfr gurl pnaabg penpx EFN/QFN onfrq bar ?
V qb abg. V oryvrir gur AFN oryvrirf gung RPP vf fgebat. V jebgr nobhg RPP urer:
uggc://jjj.fpuarvre.pbz/pelcgb-tenz-9911.ug zy#Ryyv cgvpPheirChoyvp-XrlPelcgbtencul
Nygubhtu V jebgr gung va 1999, V nz fgvyy fxrcgvpny nobhg ryyvcgvp pheirf.
Be znlor whfg orpnhfr gurl pna penpx EFN/QFN gurl cersre gb cebgrpg HFohfvarff jvgu RPP (fhccbfrq gb or uneqre gb penpx)?
Jvgu fhssvpvrag xrl yratguf, nyy bs guvf vf hapenpxnoyr. V qba'g oryvrir gung gur AFN unf nal frperg zngurzngvpf gung gurl hfr gb oernx EFN/QFN be RPP.
Jbhyq n dhnaghz pbzchgre qb gur wbo ?
Va gurbel, lrf. Va cenpgvpr, jr unir ab vqrn ubj gb ohvyq bar gb qb vg. Znlor va svsgl lrnef. Be gjragl-svir.
Fbzr gvzr ntb lbh pb-nhguberq n cncre ba fbsgjner zbabcbyl evfxf. Jung nobhg pelcgb zbabcbyl? Qba'g lbh guvax gung univat whfg n pbhcyr bs choyvp-xrl nytbevguzf onfrq ba gur fnzr zngu ceboyrz pbhyq yrnq gb n pngnfgebcur vs penpxrq ?
Gur frphevgl nqinagntrf bs n pbzzba pelcgbtencuvp nytbevguz sne bhgjrvtu gur qvfnqinagntrf. V'ir jevggra nobhg gung nf jryy:
uggc://jjj.fpuarvre.pbz/pelcgb-tenz-9904.ugzy#qv ss rerag.
Jung jbhyq lbh qb vs lbh sbhaq n fbyhgvba gb gur snpgbevmngvba ceboyrz?
Nal pelcgbtencure, vs gurl sbhaq fbzrguvat fb fvtavsvpnag nf n fbyhgvba bs gur snpgbevmngvba, jbhyq choyvfu gurve erfhygf. Fhpu n qvfpbirel jbhyq yvxryl erfhyg va cebsbhaq punatrf va ubj jr ivrj ahzore gurbel, naq jbhyq or gur zngurzngvpny qvfpbirel bs gur qrpnqr...naq znlor rira zber vzcbegnag.
Fvapr zbfg pelcgb cebgbpbyf ba gur vagrearg, fhpu nf FFY be FFU, hfrf choyvp-xrlf gb ohvyq n frpher punaary, jbhyqa'g n harkcrpgrq choyvp qvfpybfher perngr n punbf ba gur vagrearg ?
Ab. Punbf vf uneq gb perngr, rira ba gur Vagrearg.
Urer'f na rknzcyr. Tb gb Nznmba.pbz. Ohl n obbx jvgubhg hfvat FFY. Jngpu gur gbgny ynpx bs punbf.
Va gur frphevgl pbzzhavgl gurer ner inevbhf jnlf bs guvaxvat nobhg ihyarenovyvgvrf qvfpybfher (choyvp-, shyy-, erfcbafvoyr-, ab-). Jung vf gur fvghngvba va gur pelcgb pbzzhavgl ? Jung glcr bs qvfpybfher cebprff vf gurer ?
Zbfg frphevgl cebsrffvbanyf oryvrir va shyy qvfpybfher, naq pelcgbtencuref ner ab rkprcgvba. Gur nqinaprzrag bs gur fpvrapr vf orfg freirq ol gur serr rkpunatr bs vqrnf.
Jul vf bsgra hfrq n zbarl-erjneqrq punyyratr gb irevsl n pelcgb nytbevguz?
Orpnhfr vg'f serr pbafhygvat jbex, naq zbarl vf na nggrzcg gb nqq fbzr svanapvny vapragvir. Zbfg bs gur gvzr vg'f n funz. Juvyr gurer ner fbzr yrtvgvzngr pbagrfgf, zbfg ner whfg nggrzcgf gb tnva choyvpvgl.
Erpragyl fbzr cncref nqqerffvat unfu shapgvbaf jrer choyvfurq, naq lbh fhttrfgrq ba lbhe oybt gung vg'f gvzr gb trg gb jbex ercynpvat FUN. Lbh jebgr: "Gur AVFG nyernql unf fgnaqneqf sbe ybatre -- naq uneqre gb oernx -- unfu shapgvbaf: FUN-224, FUN-256, FUN-384, naq FUN-512. Gurl'er nyernql tbireazrag fgnaqneqf, naq pna nyernql or hfrq. Guvf vf n tbbq fgbctnc, ohg V'q yvxr gb frr zber." Jul q
Is it just me, or does the interview read mostly like "Stop asking me dumb questions"?
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Oh crap, the article must be encrypted!
even within chaos, there may appear to be order...in fact, I think I'll order another beer.
rewriting history since 2109
from the my-password-is-***** dept.
Has a weak password.
Proud owner of BOT2K3 [ bot2k3.net ]
http://www.schneier.com/blog
Sorry about that!
Carousel is a lie!
That would give at least as much chaos as the millenium bug gave us.
If you mod this up, your slashdot background will turn into a beautiful sunset!
It's http://www.schneier.com/
Don't anthropomorphize computers, they don't like it.
Every posting in his cryptogram seems to be telling me the same thing - nothing anyone is doing is actually secure, and no currently proposed measures are going to help. So basically he's telling me to live in a shack in the woods like the Unabomber if I want security. Also he seems to be drifting more and more into political banter...and I don't consider him to be any more informed that the next blogger.
I am certainly no grammar Nazi--actually, English is my third language, so I am far from perfect. But for the love of God, could the people at Security Focus please try to do some rudimentary editing and proofreading? I don't mind typos, but some of their questions are so wrong that they are very hard to read and understand.
"Do you think that NSA is promoting ECC based crypto because they cannot crack RSA/DSA based one?"
What?
"Or maybe just because they can crack RSA/DSA they prefer to protect USbusiness with ECC (supposed to be harder to crack)?"
Huh?
"What about crypto monopoly? Don't you think that having just a couple of public-key algorithms based on the same math problem could lead to a catastrophe if cracked ?"
This doesn't follow any European-language grammar.
But the next question takes the cake:
"Why is often used a money-rewarded challenge to verify a crypto algorithm?"
The general public doesn't get it and doesn't want to get it. They don't care about computer security, once pwned they buy a new computer.
They don't care about homeland security either, just wave your arms and tell them that everything is more secure and they'll buy it. Restrict them as well and they'll swear it's more secure.
Security LOLOLOLOLOLOLOLOLOLOLOLOLOLOL
I thoroughly recommend reading the linked articles. Some fascinating stuff (e.g. on why elliptic curve crypography is current considered secure and why this may not last).
Tsunami -- You can't bring a good wave down!
You have a real talent for writing things that seem logical and interesting but are, in fact, complete fabrications.
Somewhat unrelated to the above, but saw this article Bruce wrote for American Airlines magazine when he won 3rd place in the annual Road Warriors competetion. He's a pretty funny guy. I had no idea. My apologies to AA for pasting the below but it's prob better than having your webserver taken out back and shot.
"Bruce Schneier
Minneapolis, Minnesota
I had a free day on a business trip to Seoul, so I decided to do a bit of sightseeing. Yoseu, a random town at the end of a train line, seemed as good a place as any to explore, so I bought a round-trip ticket.
The market was still crowded even though it was dusk by the time my train arrived. I stopped in front of what looked to be a restaurant. On the floor in front of the store were water-filled pails with things inside. I recognized squid in one, oysters in another, and clams in a third. There were three others: orange bulbous things with puckers, long brown things with puckers, and long smooth white things that half floated and half sank. I assumed they were all alive.
The woman who sat behind this menagerie looked up at me. I pointed to the orange things, pointed to the brown things, pointed at the tables inside of the store, and smiled.
She smiled back, got up, and walked into the restaurant. I followed her.
There were four long tables, all empty. I sat down at the far table. The woman brought three orange things and three brown things and proceeded to clean them. She set two bowls of water out in front of her: a green one and a white one. She cut open the orange things and put the orange insides in the green bowl, and the orange outsides in the white bowl. Then she cut open the brown things and put the brown outsides in the green bowl with the orange insides, and the brown insides in the white bowl with the orange outsides. I didn't have the foggiest idea which bowl was for eating and which was for throwing away.
After she was finished, she started cutting up the orange insides and the brown outsides. All I could think at this point was: Please cook this. Whatever you do, please cook this. Then I noticed that there wasn't a stove anywhere.
She put the orange and brown things on a plate and set it in front of me. Then she gave me a bowl of hot sauce, a bowl of kimchi, and a cup of cold tea.
I looked at my plate. I didn't even know what phylum the stuff came from.
She then presented something to me with a flourish and a big smile. It was a fork. Well, I had to take it. I really didn't want it, but she'd probably had this fork for years, it was probably her only one, and I was probably the first American brave enough to eat there. I couldn't spoil it for her.
I took the fork and stabbed a brown thing. She was watching me as I put it in my mouth. It was chewy, but it tasted pretty good. I tried an orange thing. It wasn't as good. I smiled at her. She smiled back and went outside.
She poked her head in from time to time. Once she brought a friend. She told her something in Korean. Probably something like: "Look at that. I gave him the orange insides and the brown outsides, and he doesn't even know the difference."
I just smiled. What else could I do?
Chief Technical Officer, Counterpane Internet Security, Inc.
Age: 41"
Hes coming out with a new movie, Deuce Bigalow: European Gigolo. Oops, sorry I thought it said Rob not Bruce!
Q: Since most crypto protocols on the internet, such as SSL or SSH, uses public-keys to build a secure channel, wouldn't a unexpected public disclosure create a chaos on the internet ? A: No. Chaos is hard to create, even on the Internet. Here's an example. Go to Amazon.com. Buy a book without using SSL. Watch the total lack of chaos.
[Emphasis mine.]
How is that an unexpected public disclosure? With that example, he alters the conditions of the experiment, just like opening Schroedinger's box.
If 5,000 people went to Amazon.com and bought something with the expectation that the connection was via SSL, and it turns out it wasn't, the smarter of those 5,000 people would be closing their credit card accounts and their Amazon.com accounts, and demanding restitution from Jeff Bezos for their compromised personal information. Amazon.com would fight them tooth and nail.
Now, tell me that isn't chaos.
With such a pronouncement "from on high" like that, my respect for Mr. Schneier took a serious hit.
While not truly broken security, for the many many people fooled it is broken security. Yet despite countless victims or increasingly elaborate phishing scams, online commerce continues without chaos. Indeed, online banking continues without chaos! And this, at a time when, I am telling the general computer illiterati to avoid online banking of any kind.
Chaos is when you yell fire in a movie theater. Chaos is when an earthquake/hurricane/tsunami wipes out an entire city/country. Not being able to post on Slashdot or even to buy books on Amazon is not chaos.
Do you have a particular issue with the simplified model of adiabatic switching or the admittedly optimistic rendition of theoretical advances in computing in conventional desktop hardware? Or do you simply have a need to snipe at experts on Slashdot?
Since you seem to have read more on the subject, let me ask you a simple question about since you'll hopefully have the asnwer mroe readily available.
Is a reversible computing system Turing Complete? What's the speed/space loss of interpreting a turing machine in the reversible equivalent of a universal turing machine? If this loss is exponential or compounded by runing time (i.e. unavoidable memory leak) then that's your answer to your question.
I ask this because intuitively, it looks to me like forcing all programs to be reversible would wither limit their functionality or require you to keep around useless data for the purposes of reversing a computation, whicch you never do in normal operation but would be very nice for debugging.
(I've worked on capture/replay systems, profiling, analized program traces, tried to keep dynamic slices of a running program and read a lot about related problems. When I ask about memory overhead I mean it)
BTW, On reading your post again, it seems you have your terminology a little wrong. Erasing a bit (in the page you describe) is taken as destroying information, rather than setting a bit to 0. The argument is thermodynamic in origin (insert simpson quote here), even appearing in Hawkings' "A brief history of time" as part of his discussion about why time flows and entropy increases. Basically the idea is something like: if you have random data (strings of 1s and 0s) and you draw a conclusion (all 0s, or in some order that's not random), you have decreased the amount of entropy inside the computer and therefore the rest of the universe must have more entropy to make up for it, or something like that. So, you perceive time flowing because you are gathering information, and it feels like it flows in the direction of more entropy. I probably botched the description, so if anyone wants, I can go get my copy of the book and explain it better.
Reversible computing comes in so you don't throw away that randomness, and so your entropy doesn't change (since you can go back anyway) so it is theoretically and thermodynamically possible to create a machine to do the calculations with a minimum drawing of power. That's the context I've heard it in, but it doesn't mean that such a machine exists now, that it is practically feasible, or that the needed chaos storage unit won't overflow.
And BTW, if your operations are fully reversible and you don't want to end up with a chaos overflow/information underflow, you'd have to transmit all the byproducts of your encryption(chaos) along with the encrypted data (which has information) and since your calculation is reversible, any eavesdropper can decode it. So no, it's not useful for crytography at all.
I believe this was to be the fourth sign of the apocalypse: ESL students correcting native English speakers on their grammar. The end is nigh, people, the end is nigh...
"I assumed blithely that there were no elves out there in the darkness"
Another analogy for you: Dave Clark once commented that using cryptography to communicate with a stranger is like meeting that stranger in a dark alley. Whatever happens, there won't be any witnesses.
I guess the lesson is to use the right tool for the right job. No dogma.
-Fzz
Puh-leaze. While in a reasonable amount of time he is contextually correct, "uncrackable" indicates that there is no way of cracking the code, which isn't true. These things can all be brute forced, even though it might take a really, really long time to crack.
Could you introduce yourself ?
I'm a security technologist. My career has been a series of generalizations. I started working in cryptography: mathematical security. Then I realized that all the cryptography in the world won't help if the computer is insecure, and all the computer security won't help if the network is insecure. Since then, I have been concentrating more on the social and economic aspects of security, realizing that all the technology in the world won't help if those aren't done right.
More on my background can be found on schneier.com
NSA licensed Certicom's EC patents for $25 million last year, and recently announced the new US government standard for key agreement and digital signatures, called Suite B. It uses Elliptic Curve Diffie-Hellman
(ECDH) and Elliptic Curve Menezes-Qu-Vanstone (ECMQV) for key agreement,
and Elliptic Curve Digital Signature Algorithm (ECDSA) for signature generation/verification. Do you think that NSA is promoting ECC based crypto because they cannot crack RSA/DSA based one ?
I do not. I believe the NSA believes that ECC is strong. I wrote about ECC here:
http://www.schneier.com/crypto-gram-9911.html#Elli pticCurvePublic-KeyCryptography
Although I wrote that in 1999, I am still skeptical about elliptic curves.
Or maybe just because they can crack RSA/DSA they prefer to protect US business with ECC (supposed to be harder to crack)?
With sufficient key lengths, all of this is uncrackable. I don't believe that the NSA has any secret mathematics that they use to break RSA/DSA or ECC.
Would a quantum computer do the job ?
In theory, yes. In practice, we have no idea how to build one to do it. Maybe in fifty years. Or twenty-five.
Some time ago you co-authored a paper on software monopoly risks. What about crypto monopoly? Don't you think that having just a couple of public-key algorithms based on the same math problem could lead to a catastrophe if cracked ?
The security advantages of a common cryptographic algorithm far outweigh the disadvantages. I've written about that as well:
http://www.schneier.com/crypto-gram-9904.html#diff erent.
What would you do if you found a solution to the factorization problem?
Any cryptographer, if they found something so significant as a solution of the factorization, would publish their results. Such a discovery would likely result in profound changes in how we view number theory, and would be the mathematical discovery of the decade...and maybe even more important.
Since most crypto protocols on the internet, such as SSL or SSH, uses public-keys to build a secure channel, wouldn't a unexpected public disclosure create a chaos on the internet ?
No. Chaos is hard to create, even on the Internet.
Here's an example. Go to Amazon.com. Buy a book without using SSL. Watch the total lack of chaos.
In the security community there are various ways of thinking about vulnerabilities disclosure (public-, full-, responsible-, no-). What is the situation in the crypto community ? What type of disclosure process is there ?
Most security professionals believe in full disclosure, and cryptographers are no exception. The advancement of the science is best served by the free exchange of ideas.
Why is often used a money-rewarded challenge to verify a crypto algorithm?
Because it's free consulting work, and money is an attempt to add some financial incentive. Most of the time it's a sham. While there are some legitimate contests, most are just attempts to gain publicity.
Recently some papers addressing hash functions were published, and you suggested on your blog that it's time to get to work replacing SHA. You wrote: "The NIST already has standards for longer -- and harder to break -- ha
For the uninitiated... ROT13 encoder/decoder is available as a FireFox plugin over at MNenhy
Isn't it funny how the people who really know security are rarely seen making doom and gloom predictions about the end of society as we know it? Most times I see a real security wizard speaking either at a conference or in an interview, they're pragmatic and reasoned in their answers to questions, even stupid ones. Why is it that the people in the best position to know about the security or insecurity of our networks are so calm and circumspect and the remainder of the industry seems hell bent of FUD?
Why is it that the more I know about a topic on slashdot the less intelligent the slashdot community seems?
The thermodynamic cost of erasing bits gives a lower bound on the energy dissipation of (non-reversible) computation. Currently computers dissipate energy that is larger by many orders of magnitude, so reversibility is just not a concern. For example, about half the energy in a modern CPU is wasted on leakage across transistors, even if the transistor is not changing its state; that's a property of current chip building technology, and has nothing to do with the reverisibility of the computed function.
from the my-password-is-hunter2 dept.
There are some people that if they don't know, you can't tell 'em.
Or do you simply have a need to snipe at experts on Slashdot?
Well, in all fairness, the OP is not an expert.
Read the page he linked to. If you have any knowledge of the field you can see the introduction is either complete rubbish or watered down so much that it makes no sense. He doesn't even make a distinction between physical and logical reversibility. Look at the wikipedia page for a better introduction.
Likewise his suggestion that crippling both ends of a comunication by forcing them to do reversible operation without using any sort of quantum transmission would somehow make things impossible to eavesdrop. This doesn't follow at all. An eavesdropper just puts in the middle a non-reversible device which can copy all the bits and send off the original undisturbed. Or you can pull off a man in the middle attack, where you get the data, process it, read, whatever and then reverse your calculations and send off the original.
Unless you come up with a completely different transmission method this is utter BS, with impressive sounding terminology to make it sound informed.
Now, that's not to say reversible computation is useless. I could see it combined with quantum computing for use during transmission, or during the first stages of a computation. Though I'm not sure whather the final measurement stage of a quantum computation can be considered reversible by its very definition. Anyone with experience in thermodynamics and quantum theory care to comment?
Likewise if you figure out how to build a fast enough reversible computation device that can be miniaturized, I'm sure Intel would look into it and at the very least make a coprocessor and fund development of reversible code libraries to drive it. I doubt it would happen anytime soon though.
Maximally-entropic randomness is by nature wasteful. On the other hand, there should be a way to create a reversible PRNG algorithm (one probably exists). I suspect there are other common algorithms that could be farmed out to a coprocessor that would greatly reduce heat. I've heard that one group has already shown an advantage in using reversible computing with large capacitive loads, like LCD or CMOS access, and hopefully it'll scale down... quantum computing is based on reversible computing principles, so it looks like it's expected to.
I know that in theory it's possible to build a Turing-complete reversible computer.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
1. Reversible computing is Turing complete. In fact, this is a standard part of the intro chapters of quantum computing books (as all quantum gates are reversible -- unitary operators). You have to pad extra zeroes to your input to use as scratch paper for the reversible computation (so, your intuition about useless data is correct). However, there is a general technique for reusing the scratch padding (but nobody actually shows the steps in their papers anymore because it is so common). You can find it in a book on quantum computing. Unfortunately, I dropped the course, and don't remember the specifics (and though I can see the book, it is too far to reach).
2. As far as using the Turing model, there is one for reversible computing. Nobody I know uses it when discussing reversible computing. Most people use a circuit model (complexity of the "algorithm" is length of the circuit). Someone obviously did the comparison at some point, but turing machines are painful to work with (very verbose). In general, reversing a computation to recapture the scratch work requires double the "run time" -- you just CNOT the bits you want to save out of the answer part and reverse the whole computation (minus the bits you just saved). What remains is the input plus scratch plus the output. OK, I guess I do remember the specifics.
Network Security: It always comes down to a big guy with a gun.
This is a joke, but not a funny one. Loaded with enough bits at the factory? Worrying about a deficit of bits when hotswapping parts? Guys, when the power goes off there are no more bits. What a ludicrous exercise in mental masturbation.
Here's an example. Go to Amazon.com. Buy a book without using SSL. Watch the total lack of chaos.
What prevents the user from getting pissed off at not getting the book and going on a shooting rampage in an apartment complex? That, my friend, would cause a lot of chaos.
This guy obviously doesn't run any mail servers.
Sure, new spam filters can be pretty effective. But it takes a lot of resources to deal with spam in terms of hardware and network bandwidth. 75% of all e-mail traffic is SPAM. Millions upon millions a day.
SPAM is a real problem and it's not getting better, it's getting worse. The better we get at blocking it the more spam gets sent to counter this.
Some people might think that if we get good enough at blocking spam, it won't be profitable to send it anymore. I beg to differ. It costs almost nothing to send a million spams. And with all the bot-nets and hijacked mail servers, it's not hard to get them out.
So, because of this very brushed-off response and attitude like he's an authority, I can't take any of his other responses seriously.
- It's not the Macs I hate. It's Digg users. -
I don't think the interviewer has much knowledge about cryptography, or even security in general. I am judging solely based on the questions asked:
I mean TCP/IP does not use crypto, while a VPN does. Do you think that in the future we'll use crypto for every type of communication?
Which displays a fairly simplistic, and unfortunately common, grasp of security principles, which is: crypto makes things secure, and everything must be secure. The reality is that cryptography is part of a greater security process, and that not every communication *must* be secure. Do you care if someone hears you discussing the newest Family Guy episode at the office, or hears you say "Hi" to your coworkers? No. So why should you be concerned if you're transmitting SYN/ACK or a comment to Slashdot in a relatively clear manner? Secure processes should be implemented where they are needed, and nowhere else, or else security becomes a burden forcing users to find ways to circumvent it.
Should we use crypto to stop the spam problem ?
I hardly know where to begin. How should we use cryptography to prevent spam? There are ways and ways to reduce spam, and perhaps cryptography in the form of some type of message authentication will play a role in that or not, but this is like asking "Should we use hydrogen molecules to cure cancer?". Hydrogen molecules in what context or construct?
I'm no cryptographer, but (call me crazy) I expect a guy writing for SecurityFocus to know more than I do. Or at least to ask questions in an intelligent manner.
Arr! The laws of physics be a harsh mistress!
244321
Cthon98: hey, if you type in your pw, it will show as stars
Cthon98: ********* see!
AzureDiamond: hunter2
AzureDiamond: doesnt look like stars to me
Cthon98: AzureDiamond: *******
Cthon98: thats what I see
AzureDiamond: oh, really?
Cthon98: Absolutely
AzureDiamond: you can go hunter2 my hunter2-ing hunter2
AzureDiamond: haha, does that look funny to you?
Cthon98: lol, yes. See, when YOU type hunter2, it shows to us as *******
AzureDiamond: thats neat, I didnt know IRC did that
Cthon98: yep, no matter how many times you type hunter2, it will show to us as *******
AzureDiamond: awesome!
AzureDiamond: wait, how do you know my pw?
Cthon98: er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw
AzureDiamond: oh, ok.
The grass is always greener on the other side of the light cone.
Try leaking the private key for MS Verisign's root certificate.. THEN watch the chaos.
No chaos at amazon because noone wants to see schneiers reading list in animal husbandry
I've sent a credit card number unencypted over the Internet and - nothing bad happened!
It's just a matter of probability - if you have a 1 in 1000000000000000 chance of having a number stolen because of a problem with SSL, you probably have a 1 in 1000000000 chance of having THE packet with your credit card number stolen in transit because some baddie is snooping on the connection.
Of course, once your CC number arrives on the destination server, whether it arrives via SSL or plain-text HTTP, it is logged in world-readable log files and you are doomed.
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
That was the most hack crap amateur 10th grade journalism I've ever seen. Pureeing a can of alphabet soup will give you more well-constructed sentences that this dude. The interview was chopped. Sentences were short. Things were said tersely. Nothing was explained. It was all linked. He said, "I wrote about that." Then he linked. Elaboration was stopped.
Fucking crap man.
"Should we use hydrogen molecules to cure cancer?". Hydrogen molecules in what context or construct?
Haven't you thought of the cancer sufferers?!? How can you be against using hydrogen molecules to cure cancer?
I'm imagining something like... setting a 0 to a 1 takes a particular amount of energy, and in current computers changing back to a 0 requires negating that charge, using an equal amount of energy; and released waste heat.
If instead of blowing away the charge that indicates a 1, you somehow moved the charge to a vacant holding area, the movement might take less energy than the negation. as mentioned, like moving the beads on an abucus, instead of moving pebbles in and out from a pile.
One simple method would be to simply use 2 cells for each bit; such that 01 becomes 1, and 10 becomes 0; the total energy in the system is constant and power is only required to flip bits. Much like the magnetic grains on a hard drive platter.
However, you would then need twice as many elements, which would lower production yeilds, and draw more power; possibly negating any benifit.
thinking of 2 charges in 4 cells, you could have 1100 1010 1001 0110 0101 0011 which is 6 states in twice the space of 2 states; perhaps efficency grows with size.
3 charges in 6 cells, 111000 110100 110010 110001 101100 101010 101001 100110 100101 100011 011100 011010 011001 010110 010101 010011 001110 001101 001011 000111 which is 20 states...
4 charges in 8 cells, 11110000 11101000 11100100 11100010 11100001 11011000 11010100 11010010 11010001 11001100
11001010 11001001 11000110 11000101 11000011 10111000 10110100 10110010 10110001 10101100
10101010 10101001 10100110 10100101 10100011 10011100 10011010 10011001 10010110 10010101
10010011 10001110 10001101 10001011 10000111 01111000 01110100 01110010 01110001 01101100
01101010 01101001 01100110 01100101 01100011 01011100 01011010 01011001 01010110 01010101
01010011 01001110 01001101 01001011 01000111 00111100 00111010 00111001 00110110 00110101
00110011 00101110 00101101 00101011 00100111 00011110 00011101 00011011 00010111 00001111
, which is 70 states...
if 2 becomes 1, 4 becomes 6, and 6 becomes 20, and 8 becomes 70...(n factorial) / (((n/2) factiorial) ^2) maybe?
so applying that to 40 base bits gives 137846528820, and 38 gives 1767263190; so you need 40 cells to hold what 32 can in regular binary.
but only 68 cells to hold what 64 regular binary bits can do; with the added bonus of error dectection.
but this is just storing and retrieving enumeratable patterns of bits; converting these values to and from binary, integers, text characters, and pixels; adding and multipling them, and doing neat things like XOR, bit masking, and such...
In reguards to reversable computing, The thing about Information is that is is not subject to the laws of thermodynamics; teaching someone how to do something does not reduce your ability to do it. It may lower the value of that information is a marketplace; but it may also increase it.
The real flaw, as I see it, with a fully reversable system, is that it would be basically useless for most encryption tasks; hash codes are basically irreversable; and even multipling two numbers together... 27*37 is easy, but finding the prime factors of 713 isn't quite so easy. You would have to store every single intermediate result, "occasionally you get more bits than you have space for" would be a hell of a lot of bits.
But a reversible PRNG makes no sense. At least not a cyptographically secure PRNG. The whole point is to distribute entropy over a larger number of bits. You have to either zero out your extra bits of scratch space (which goes against reversibility) or reuse results or scratch from previous computations, which means an attacker can influence the results of the PRNG.
Besides, even the proponents of reversible computing don't argue that RC will pay off until 2020. And additionally, the amount of energy spent seems to be temperature dependant. Does supercooling help? e.g. running your non-reversible computer near absolute zero? I mean, for really, really computing intensive tasks you could put your computer in space and bring down your 2kT loss.
Hell, for the additional price for the extra memory for the reversible computing you can probably buy a rather large cooling solution.
I disagree: the two you corrected aren't very readable without the modifications. Worse, they're confused on the technical details so a technically-informed reader will stumble: this still doesn't make sense:unless "RSA/DSA" is a compound crypto scheme - which it isn't. Better: "because they cannot crack RSA- or DSA-based schemes".
Similar complaints with the second one. Additionally the "just" spoils the inferred rhythm as-read (and so the readability), and "USbusiness" should clearly be "U.S. businesses".
Third: he's talking about putting all your eggs in one basket cryptographically. That isn't "monopoly". Again there's readability problems with "having just a couple of" and writing "based" as an intransitive. I really don't think "if cracked" is well-formed either: I'd expect you'd need an explicit subject for "cracked".
But the fourth one? That can't possibly be right!"often used" here *isn't* an adverb phrase. It's not hyphenated for a start
as far as i understood TCP/IP, these protocols (specificaly TCP) DO use cryptography. just not encryption. sepcificaly one of the main security features of TCP are it's sequence numbers. the idea is that they are an unpredicatble (to the attacker), i.e. pseudo-random, sequence of numbers. generating such a sequence of numbers is a classical cryptographic problem. (Common solutions to this problem are the usage of stream cipher outputs or a pseudo-random number generater such as the one sugested in Schneier et al.'s paper about the Yarrow design methodology.)
as to useing crypto to deal with the Spam problem... well there have been sugestions that email's should cost computing power to send. i.e. in order for A to send an email to B it must first solve a mathematical problem which B sends it. once B has verified that the problem has been correctly solved it accepts the email from A. The thing is that coming up with such a problem which is difficult to solve (say an NP-complete problem) is boardering on if not part of cryptography. Of course this is NOT an optimal solution for Spam but merely a suggestion; just think of mailing lists or sending email from computationaly constrained devices. but my point is that crypto is more then just secure message exchange (encryption). so i wouldnt rull out crypto as a field for solving (or at least reducing) the problem of spam email.
Quoth the poster: "The reality is that cryptography is part of a greater security process, and that not every communication *must* be secure."
Ah, but sometimes not having every communication secure can cause an insecurity in another way.
1. The fact that some of your communications are encrypted/secured gives an observer the information that you are transmitting something secret/sensitive when that occurs. That in itself can be valuable knowledge. For example, if the Army normally sends messages unencrypted to field personnel, and suddenly starts sending a lot of secure communications, that can give away that something big is about to happen.
2. If you secure all your communications, then someone trying to intercept a particular communication message must spend time decrypting all of them to get anything. They don't know which ones to look at.
I'm not arguing that all web traffic should be encrypted or anything like that. And you and I both know that VPN runs on top of TCP/IP, which makes the comparison a bit weird. But it is true that if the underlying transport mechanism (TCP/IP) were trustably secure, we might not need to worry about all these different kinds and layers of security on top of it. Just a thought.
is it darker at night than outside?
...the story about how the next day after eating those sea-things, he spent so many hours sitting on the toilet, that his legs almost fell off from the blood circulation being cut off due to... well, having to sit on the toilet all day long.
in the last 25 years there has been another development in cryptography which bruce has seemingly left. namely the formal what is often refered to as provable cryptography. i.e. the proccess:
1) Formaly defining both the working model (network, involved parties, computational & other capbabilities...)
2) Defining the variouse forms of security to be achieved. (For example a protocol must be secure if run once, many times in a sequential manour or even in a concurrently manour. Each is a different kind of security and results in a different protocol.)
3) Designing a solution (algorithmn, protocol,...) and useing mathematical methods to PROVE the defficulty of breaking the stated security in the given model is equivalent to some common mathematical problem. (such as certain "large" integers or calculating the descreet log in "large" algebraic groups.)
Public key cryptography is the first practical product of this type of cryptography, however theoretical cryptography is almost nothing BUT this kind of work. the problem with protcols and algorithms designed in such a way is that they are often alot more inefficient then there conventional counter parts. thus most practical cryptographic algorithms (SHA-*, RC*, MD*, DES, AES,...) are not designed in such a rigorouse manour. (if this were the case then the entire field of cryptanalysis would be relegated to efficiently solving a few basic mathematical problems efficiently.) A quick example of a compareson is the note that one provably secure hashing algorithm requires a modular exponentiation per bit hashed. compare that with md5...
As Bruce said, desiging secure protocols is VERY difficult even for the most experienced of cryptographers. This has been the main motivation behind developing and applying a provable approach to cryptography. as the cost of computation and communication decrees and the theoretical tools become more and more efficient i think we will be seeing more of this type of cryptography in practical use. (Zero Knowlege proofs, for example, are already being used in some authentication schemes.) In any case IMHO it is a "trend" to be watched as it is the FIRST line of research in cryptography that truely quantifies security. (i.e. by reduceing the security of a scheme to the difficulty of solving a specific mathematical problem of a given size.)
Obviously the interviewer didn't know much about crypto. His main focus was fear mongering about the NSA and break-ins. But Schneier seems to discount quantum cryptanalysis out of hand. Doesn't he realize that quantum programs have been written already to do factoring and list searches? It's just a matter of overcoming manufacturing/quality issues with qubit design.
It's not exactly like there are 2^8192 8192 bits RSA keys, because, well, they have a little structure. Not only product of two primes but in order to achieve the rigt level of security product of two 4096 bit primes. So we are really well under 2^8192 here. I don't have numbers at hand for 8192 but to achieve 128 bits of security you must use 1620 bit long RSA keys (from http://www.rsasecurity.com/rsalabs/node.asp?id=208 8).
Extrapolating from here you 8192bit RSA key is likely at most "only" as expensive to crack as a 1024 symetric key.
But using that kind of key is really having CPU to spare, it is beyond pananoia and well into moronism.
For decades, in some cases centuries, there have been known bad and good approaches to security and still people violate evidence and common sense on security.
Security professionals know there are certain basic ideas to apply towards security. If they consult, they apply the same basic lessons again and again to several people and often repeat themselves to repeat customers. If the work as a security profession in one organization, they repeat the same thing for their whole career.
The good thing about Schneier's blog is he takes the rudimentary ideas of security and shows the diversity in their applications.
If repetition wasn't necessary, there wouldn't be a plethora of security sites, publications and blogs - or the abundance of exploits, succesfuly viruses, worms, etc.
How many of you don't have a relative whose computer you can sit down on and immediately find some spyware, adware, trojan, virus or other bugger? Can you quiz them on how to handle their id online and on the phone without tripping them up?
That depends on how paranoid you are. If most of your messages are unencrypted, then the few encrypted ones stand out. Selective encryption is like putting a big sign on the encrypted messages telling eavesdroppers that they're worth listening to. If you encrypt everything (and run in through a good anonymizer proxy), then somebody who wants to monitor you has to decrpyt all your Family Guy discussions to find your few subversive messages. If you're really worried about security, you might want to keep up a high backround level of meaningless messages, which would both increase a listener's decryption load and help to foil attempts at traffic analysis.
There's no point in questioning authority if you aren't going to listen to the answers.
But I DON'T want any witnesses in that dark alley, can you imagine what my wife would think of me if she saw me getting fisted up the ass with a Pepsi bottle.
Or just http://www.rot13.com/, if you don't mind sending your cleartext via HTTP.
it's a blue bright blue Saturday hey hey
Has anyone got any recommendations for sites/books that take you right from beginner to advanced crypto?
You can understand it as: "Why is a money-rewarded challenge often used to verify a crypto algorithm?"
I'm french, this may explain why I can parse it.
You can understand it as: "Why is a money-rewarded challenge often used to verify a crypto algorithm?"
Thanks. I've no trouble understanding it - I'm arguing with the other AC that it's not perfectly-formed English.
I'm french, this may explain why I can parse it.
Ah yes - I haven't studied French for years but I remember that construction now you've pointed it out! Thanks.
I agree. In addition, hey, Mr. Interviewer, how about proofreading? It's jarring to come across verb tense mismatches like "Since most crypto protocols ... uses public-keys ...". And, is the interviewer related to Yoda? - "Why is often used a money-rewarded challenge to verify a crypto algorithm?"
Evil Overlord Rule #86. I will make sure that my doomsday device is up to code and properly grounded.
"Some famous hackers that were caught such as Mitnick or Poulsen, now work as security consultants for big companies in the US. This doesn't happen in every part of the world. Especially in Europe there is a different feeling about convicted hackers: they cannot be trusted, because if they did once, it's probable they'll do it again."
oh yeah? who says so?
You should instead apply ROT13 twice. If you're really paranoid, then 4 times.
Ok, I didn't mean to be rude.
Actually the french interogative form isn't exactly like this, but would be more like:
"Why a money-rewarded challenge is it often used to verify a crypto algorithm?",
'it' refering to the challenge (yuk, mixing french and english like this, I feel dirty now).
There were actualy experiments with this in the early days of trying to design quantum gates. The problem is: reversible computing tends to spontaneously reverse. Without entropy, the hardware doesn't move from state to state in a process of computation, ecause it just moves back and forth between the first few states. Entropy really is the arrow of time.
Socialism: a lie told by totalitarians and believed by fools.
Probably something like "is it Tuesday already?"