Slashdot Mirror
Apple's "Warrant Canary" Has Died
HughPickens.com writes When Apple published its first Transparency Report on government activity in late 2013, the document contained an important footnote that stated: "Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us." Now Jeff John Roberts writes at Gigaom that Apple's warrant canary has disappeared. A review of the company's last two Transparency Reports, covering the second half of 2013 and the first six months of 2014, shows that the "canary" language is no longer there suggesting that Apple is now part of FISA or PRISM proceedings.
Warrant canaries are a tool used by companies and publishers to signify to their users that, so far, they have not been subject to a given type of law enforcement request such as a secret subpoena. If the canary disappears, then it is likely the situation has changed — and the company has been subject to such request. This may also give some insight into Apple's recent decision to rework its latest encryption in a way that makes it almost impossible for the company to turn over data from most iPhones or iPads to police.
Warrant canaries are a tool used by companies and publishers to signify to their users that, so far, they have not been subject to a given type of law enforcement request such as a secret subpoena. If the canary disappears, then it is likely the situation has changed — and the company has been subject to such request. This may also give some insight into Apple's recent decision to rework its latest encryption in a way that makes it almost impossible for the company to turn over data from most iPhones or iPads to police.
Here's an interesting follow up from Ars
http://arstechnica.com/tech-po...
Watch those corners
What's missing is a specific reference to Section 215, suggesting that a limited Section 215 order has been served on Apple.
The real "Libtards" are the Libertarians!
It either can or can't be done. Almost impossible means it still can be done.
Encryption is ALWAYS breakable by brute force. Question is how long does it take? Seconds? Hours? Months? Years? Decades? This is usually determined by key sizes. The longer the key, the longer it takes to brute force. (generally)
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
It either can or can't be done. Almost impossible means it still can be done.
Encryption is ALWAYS breakable by brute force. Question is how long does it take? Seconds? Hours? Months? Years? Decades? This is usually determined by key sizes. The longer the key, the longer it takes to brute force. (generally)
Decades?
Wow.
You must live pretty damn far away from a big city or something.
Takes me like fifteen minutes to buy a $5 wrench. Tops.
Encryption is ALWAYS breakable by brute force. Question is how long does it take? Seconds? Hours? Months? Years? Decades? This is usually determined by key sizes. The longer the key, the longer it takes to brute force. (generally)
Um, not quite, one time pads are provably impossible to break by brute force since the message can be decoded into any message of the right length.
Or, if a person knowing the key(s) is in custody, with the application of thermorectal or rubber-hose cryptanalysis methods.
In Soviet Washington the swamp drains you.
"Almost Impossible" can be made very precise. Indeed, modern cryptography is based on the understanding that certain algorithms are "almost impossible" to reverse. Cryptographers prove theorems with wording like "indistinguishable from random by any polynomial time algorithm" when they mean almost impossible. So, Apple may be quite correct in their statement.
My take on this is that Apple likely has received legal orders it can not disclose, and implementing real, strong security to protect user's data.
I'm sure he does, but like everyone else, if he wants to see tits, he has to pay (am I am not talking about the people lending him the binoculars).
Except for one-time pads.
And that's why I use throwaway / random passwords...authorize once, throwaway if it needs to reauthenticate. I can't give them what I don't know. ;-)
Nope. Not for everything. Perhaps every phone conversation, but I don't necessary use my smart phone for talking. If I, for example, work in 1Password which encrypts the data while synching, the NSA can listen in on that conversation and presuming they haven't broken my password or the companies algorithms, that conversation is not understandable.
If it goes into the modem encrypted, having the keys to the modem isn't going to help all that much.
And you're an idiot if you're doing anything remotely illegal on a cell phone system anyway.
Faster! Faster! Faster would be better!
"Apple Warranty Canary Caught Working in a Coal Mine"
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
Takes me like fifteen minutes to buy a $5 wrench. Tops.
That requires:
a) you know who to hit with it
b) the person you decide to hit with it knows the password
So if you shoot a "terr'ist" and retreive his encrypted smart phone... what are you going to do exactly with a wrench?
There is no try, only do
Ahh, Yoda's bathroom mantra...
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
The cost of complying with requests for this sort of data is not zero, and may in fact be considerable. The Agencies may do it at their own cost, but you can bet they really want the cost out of their own budgets and into someone else's.
If a company really has no way to deliver the information, impossibilium nulla obligatio (no legal obligation to do the impossible), they have no compliance costs.
Protoplasm. Quiet Protoplasm. I like quiet protoplasm.
Don't tell a probability theorist what you think "almost" means.
http://en.wikipedia.org/wiki/A...
systemd is Roko's Basilisk.
No. You don't know what you're talking about. See, OTPs use a random 'key' the same length as the data you're encrypting. It doesn't matter if there are known fields in the data, because matching those sections tells you nothing about any other section.
OTPs have a trivial proof that they provide perfect encryption as long as the key is never reused. They're just horribly impractical for everyday use.
Wouldn't it be amusing if the current batch of private celebrity photos actually came from an "intelligence community" leak after a pile of Apple data was seized.
An interesting thing that Snowden has show us is that there is a vast sprawling web of people extending deep into private enterprise that have access to "secret" information. Imagine someone with a few of those photos, they can make serious dollars - it's not as if they are compromising their values of national security and they are already working for profit instead of duty.
Obviously they are not hipster enough for Apple products, ironic beards not withstanding.
Android products are too "free", and therefore would encourage infidel proclivities.
They kill all their own intellectuals who could create a new phone, so... they must use WINDOWS!!!!
This issue is a bit more complicated than you think.
It can't be Apple - they download WESTERN music to your phone, without your permission, which could GET YOU KILLED.
No. It's impossible to add 2+2 and get 5. It's almost impossible to convince a pedant they're wrong.
You are wrong about 2+2=5 being impossible. Any C++ programmer can accomplish that. :-)
No, you can't... because of the "any message", you would have "virtually infinite" amount of messages matching the same patterns you're looking for and having valid data in any other place.
I literally don't know the password to my phone. I know of it, and how to type it in, but even at gunpoint / threat of contempt, I couldn't tell you what it is.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
If the key (the pad) is perfectly random, then there won't be any pattern. If the key was something like the first chapter of Moby Dick, and it's known that the key is an English-language text, and something is known about the contents, then you've got some patterns to work with, and it might be possible to retrieve the plaintext (and the key, simultaneously).
If the key is perfectly random, the plaintext won't be retrievable from the ciphertext, since for any candidate plaintext that you could construct, there would be a corresponding and equally-likely key paired with it. Trial and error can't decrypt a message encrypted via random one time pad.
It is pitch black. You are likely to be eaten by a grue.
No, one time pads cannot be broken. The key and the message have the same length. You xor the key and the message to encrypt, xor again to decrypt. Since the attacker knows neither the key nor the plain text, he cannot break it even if he is an immortal whose only objective is breaking the crypto.
Then why isn't it used everywhere? Because the key needs to be as big as the message, and the key is good for only a single use. That means you cannot send a new key encrypted with the one time pad (well, you can, but it won't help you). Any clever tricks you're thinking would make the crypto weaker.
That $5 wrench doesn't do anything in making entity A decrypt something that only entity B knows the key for.
Actually, it is not. In reality, a 256 bit key can not be brute forced because of physics - especially the second law of thermodynamics. One of the results of this law is that information needs energy to be represented. In an ideal computer, the representation of one bit requires kT energy, where k is the Boltzman constant and T is the temperature. Let's assume we can operate at the average temperature of 3.2 Kelvin, the average temperature of the universe. The required energy to represent a bit in this case would be around 4.416*10-23 Joule.
The annual amount of energy that our sun emits is about 1.21*10^34 Joule. Dividing this with the per bit-change energy, we could provide power for our ideal computer to perform 2.74*10^56 bit changes. This is just about enough to have a 187-bit counter go through all its states. This does not include the energy needed for the computations to test each key (our counter state in this case) for correctness.
A 256 bit counter would require ~400.000.000.000.000.000.000 stars like our sun just to represent in the counter of our ideal computer.
Or, to say it in the words of Bruce Schneier:
"...brute force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space".
Note: I am not talking about potential attacks against the algorithms here, etc. only pointing out that encryption is definitely not ALWAYS breakable by brute force.
My blog, if you're interested: http://www.purp
One warrant canary conveys 1 bit of data. How many are allowed? Has anyone gotten away with using more than one?
It's interesting that this story hits Slashdot the same day as the story about Apple double-pinky swearing that they'll never, unh-uh, not ever unlock your iPhone for law enforcement any more.
I don't believe a fucking word. They'd throw a baby off a bridge for a $2 bump in their stock price. It's the same with any corporation, but they're closed ecosystem just means there's no way to protect yourself.
All this "canary" bullshit begs the question why, if Apple really cared one little bit about their customers, don't they just come out and say what they have to say. Apple may be one of a very small handful of corporations that actually could stand up to the surveillance regime. As far as I'm concerned, tacit complicity is worse than loud complicity. Especially when your selling yourself as someone who can be trusted with peoples' mobile payments and personal information and when you pretend you "Think Different". Remember the famous 1984 Apple ad? They are now part of the problem.
You are welcome on my lawn.
Tighten a loose bolt! I can always use a good wrench.
It's five dollars well spent, in my opinion.
How can I believe you when you tell me what I don't want to hear?
FYI Apple's privacy site is here: http://www.apple.com/privacy/p...
Of course there will be plenty of cynism here but I think it is in general a good & commendable effort for transparency. Interesting is the section on government information request:
National Security Orders from the U.S. government.
A tiny percentage of our millions of accounts is affected by national security-related requests. In the first six months of 2014, we received 250 or fewer of these requests. Though we would like to be more specific, by law this is the most precise information we are currently allowed to disclose.
No warrant canary required, it is here in the open.
So what could be the kind of thing asked taken into account the other the other privacy information on the site?
They really think you're stupid.
No, the rest of us that understand encryption think you are.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Apple double-pinky swearing that they'll never, unh-uh, not ever unlock your iPhone
That's not what they said - they said the've altered it so they CANNOT unlock your iPhone, even if they want to.
Given how the technology works, that is a quite reasonable assertion. iOS devices have had full device encryption for some time, without that key you have nothing.
All this "canary" bullshit begs the question why, if Apple really cared one little bit about their customers, don't they just come out and say what they have to say.
That just shows a misunderstanding of what companies are legally ALLOWED to say. Once you get the order you CANNOT talk about it, thus the device of the canary.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
With a gov/mil buying spy software thats ready for average consumer phone products? :)
The running process and modules are looked at to ensure different drop/inject methods will get around any antivirus products found.
With your average consumer OS and devices, seconds after you enter your pw
Its like the 1950's and been given Western encryption hardware. The code works and the message will not be broken as sent.
Its just that using TEMPEST every plaintext keystroke in and print out is readable near the hardware.
That same fun idea has never left signals intelligence, get the world fixated on encryption, company branding, while a input layer just offers up all plaintext.
Domestic spying is now "Benign Information Gathering"
Won't last. Someone will forget his passcode about 8 seconds after the iOS 8 goes public. Then comes the flood of unhappy customers locked out of their unbreakably encrypted phones. "Sorry, we can't help you" won't be accepted as an answer.
There will either be a back door or a user revolt.
1. Police seize iPhone
2. Police arrest owner.
3. Police tell owner to unlock the phone.
4. Owner refuses.
5. Police grab finger, press to button/fingerprint reader.
6. Phone is unlocked.
What encryption?
How would a quantum computer change the equations?
Thats why govs use number stations and one time pads. The data around any encryption use found is just so useful.
Every product sold that can be connected and used with a telco has to conform tech thats wide open to "Communications Assistance for Law Enforcement Act"
https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act
Domestic spying is now "Benign Information Gathering"
Instead of providing just one global canary.... more canaries, so the identity of which canaries were withdrawn, could be used to help ascertain the nature of the request(s) received.
They should also provide each user their own 'custom' canary.
For example: an option to receive every month, every quarter, every week, or every day, a personalized canary statement that "Apple has never received an order under Section 215 of the USA Patriot Act which included information related to your account records. We would expect to challenge such an order if served on us."
The huge machinery behind the NSA / CIA / FBI and all those alphabet agencies wants total control, and it has the enthusiastic support of private companies such as Google, Microsoft, Apple, Cisco, amongst others
Obama? That one is but a puppet
When the term of this puppet ends, by 2016 they will have another puppet installed. But of course, they will give us an "illusive election", whereby no matter who we vote for, it will be their puppet who will be installed inside the Casa Blanca!
Viva la Maquinaria !!
Muchas Gracias, Señor Edward Snowden !
I believe that there are theoretical designs for computers (using reversible computation) that can compute without using any energy in computation. What I'm not sure about is that there's anyway to retrieve the results of the computation. (I've also got no idea of the speed of the computation. It might depend on random motions for all I can remember.)
Whatever, that's merely a theoretical quibble about your point. But then your point itself was a theoretical quibble.
The real weakness of 256 bit keys is poor implementation (of something). And you can't know that everything is properly implemented.
I think we've pushed this "anyone can grow up to be president" thing too far.
This is one of the most informative and insightful comments I've ever read on slashdot. thanks!
Some drink at the fountain of knowledge. Others just gargle.
The reference cartoon is http://xkcd.com/538/
Another reason why biometry is great to establish identity but poor for authentication.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
You underestimate the stupidity of your adversary. And their sadism.
Or, in other words, just 'cause you can't confess doesn't mean the torture ends.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Well, on the other hand, OTPs are the wet dream of our law enforcement.
"And here we have the decoded text, it clearly tells us that he's behind every crime committed in the past 20 years, at least that's what it decrypts to..."
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
It's trivially easy to do that. All it takes is a redefinition of the value of numbers. Or have some fun with subclasses.
I know what you're trying to say, but you're dealing with people here who do math for fun. If anything I dare say that you should have someone coming up with at least five ways to prove you wrong before the sun goes up today over California.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Is it a European wrench, or an African wrench?
“He’s not deformed, he’s just drunk!”
It would flip a coin...
“He’s not deformed, he’s just drunk!”
It is an excerpt from Applied Cryptography by Bruce Schneier.
The full section is available on Schneier's personal blog.
You could use the data itself as key. Sure, that might make decrypting it a bit harder when you do not have the key, but it is pretty good encryption.
Don't fight for your country, if your country does not fight for you.
Three words: one time pad.
Brute force THIS.
>Encryption is ALWAYS breakable by brute force. ...with the exception One Time Pad encryption.
That's not the problem. You can always restore the phone from a backup or set it up as new phone. "Unbreakable encrypted" is not the same as "bricked".
Errr no it isn't Here is my encrypted password: ABIKLY It is encrypted with a symbol substitution. Enter it incorrectly three times and the data gets wiped.
Good luck cracking that with brute force.
Sig (appended to the end of comments you post, 120 chars)
Really. When the NSA is able to dissect an iPhone to read out the encryption key right from the chip or can brute-force their way in with huge efforts this is still useless for mass surveillance. You can expect to be able to buy a consumer product that is secure against this kind of effort about as much as you can expect to buy a consumer car that is secure against an attack with nukes.
But this does not mean that this kind of encryption doesn't help with guarding your privacy. Very much as a car not being secure against nukes does not mean it is "unsafe".
It's a fairly practical approach to make breaking the thing so expensive and bothersome that it will only be used with very good reasons just for reasons of time and cost. Making effortless mass-surveillance harder is a good thing.
Encryption is ALWAYS breakable by brute force. Question is how long does it take? Seconds? Hours? Months? Years? Decades? This is usually determined by key sizes. The longer the key, the longer it takes to brute force. (generally)
256 bit = physically impossible, unless some hugely unexpected mathematical breakthrough happens. Plus each file in the file system has its own 256 bit key and needs to be decrypted individually.
So that's the kind of situation where an honest statement says "almost impossible" although it is of course possible that the first of about 100,000 billion billion billion billion billion billion billion billion possible guesses might be right. And that's the situation where idiots say "it's almost possible, therefore the NSA can crack it".
Won't last. Someone will forget his passcode about 8 seconds after the iOS 8 goes public. Then comes the flood of unhappy customers locked out of their unbreakably encrypted phones. "Sorry, we can't help you" won't be accepted as an answer.
That's the answer they already had to accept. The guy in the Apple Store _never_ could get your passcode. Apple in Cupertino _could_ get your passcode by brute forcing at a rate of one passcode every 80 milliseconds. They would do that if the police hands over a phone together with a search warrant, but not because a customer is too stupid.
(MacOS X uses a clever trick to reduce the number of cases: You turn on full disk encryption. At some point you will have to enter your password for the very first time, proving that you remembered it at least that far. At that point nothing is encrypted yet! Only when you demonstrate that you have actually remembered your password does the encryption start.
If by brute force you mean a wrench , this is true. If by brute force you mean going over all possible key , this is false. One Time pad actually are not reversible by brute force, since essentially you do not know the key length , youa re going thru building by brute force *all* possible string of byte of a specific length which will contain all the text of the world of that length. OTP of unknown length are not breakable by force.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Actually, you will generally know an upperbound on the length of whatever is encypted given the encrypted text. That is something, so it is not quite perfect (In theory anyway).
Which is different to anything in the past how? If the police in 1920 turned up at a lawyers and threatened to break his knees if he didn't give them all of a client's paperwork they'd have everything in minutes. As long as law enforcement can use force it can get this information.
There is however a big difference between a world in which they can get all that data secretly behind the scenes, and one in which they have to overtly threaten/force people to hand it over in person.
Well, with the exception of a random, message-length one-time pad. Technically even that can be brute-forced, but even then you have no way of telling which result is the original message.
Don't just stand there, get that other dog!
My issue with calling OTPs encryption in this sense, although I accept it is encryption, is that it's really more like giving someone half the message than almost any other type of encryption. If I said I could encrypt the entire Bible to "1" by having a key that contained enough data to produce the contents of the bible then people might take exception to how useful my scheme was.
Thankfully, there is no way for this to actually work unless you were tranquilized as well. TouchID requires the finger to be very steady when touching the sensor and I don't see it being particularly feasible to force your finger to be steady unless you were drugged.
There won't be and never has been a user revolt due to this because Apple has NEVER ever helped users recover from a forgotten security code to an iPhone/iPad. Nothing is changing in this regard.
Your reply is an excellent confirmation of his second point, though ...
Make a key that is so large that it would be expected to break only if
you use every atom in the observable universe for computation for as
along as the expected age of the sun to crack it.
Sure that would be breakable, but it would not matter in the real wold.
Well, decrypting may be a bit harder, but on the other hand it compresses extremely well.
Any encryption can be broken with enough processor power and time.
As explained elsewhere, there is encryption for which "enough processor power and time" doesn't exist in the universe. The limit is (total energy in the universe) divided by (smallest possible amount of energy to make any change, as dictated by quantum physics). That limit isn't anywhere close to 2^256.
It would flip a coin...
Maybe it should just ask the cat.
It would flip a coin...
Maybe it should just ask the cat.
You could, but there's an even chance it's dead :)
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
I've possibly not understood how a National Security Letter works but if the government can compel you to not tell anyone about the letter, can't it compel you to not indicate that you've received a letter too?
Some language like "You may not disclose or in any way indicate you've received this letter (including but not limited to altering/amending/removing any warranty canaries)"?
Is the feeling that this would be the line that the government wouldn't cross to protect national security or is the warranty canary simply unreliable?
A hundred and twenty characters ought to be enough for anyone...
if he wants to see tits, he has to pay
No he doesn't all he would have to do would be to go sit in on a session of congress.
Time to offend someone
$5 doesn't get you a good wrench for hitting someone with as they are too small to be worth while. In the $20 to $30 range now you are talking. Personally I would just use a piece of 1/2" re-bar that is a couple of feet long much cheaper.
Time to offend someone
Just knock them out with a $5 wrench and call it good.
Time to offend someone
The Brits use metric now it is only those old dodgy whitworth ones you have to be on the lookout for.
Time to offend someone
I'm not worried about things that happen after the heat death of the universe though. I will be long dead and gone.
Time to offend someone
Careful there. A lot of people trying to make an example created a martyr.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Ok, ok. But it's usually enough outside the world of 24.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Apple removed a sentence from their quarterly filings and obviously this is a sign of imminent fascist genocide.
Smart people are some of the stupidest people I've ever met.
It has nothing to do with perfection at any level and never has in the history of mankind, ever.
I have altered the agreement...pray I do not alter it further...
However in practice it is trivial to use key sizes, and we do, which bump those time frames up into the utterly impractical to the point that even trying can't be justified. If it takes decades to crack one key, nobody is going to waste the resources on one key to find out if it was worth it. Its just silly. If it takes hundred of years, it was already silly at decades.
This is exactly why they go after service providers and end nodes....specifically because attacking the encryption by brute force or any method that doesn't start with the key or some other leak of information, is worthless.
"I opened my eyes, and everything went dark again"
There are two things you as a soon-to-be defendant can do:
1) Power down your phone if you believe you are about to be detained. On power-up, the device requires your passcode to unlock. TouchID doesn’t work after reboot until the passcode is entered once. You can do this without unlocking the device by holding the power & home button for 10 seconds.
2) Either before arrest while you can still surreptitiously access your phone or after when they’re trying to get your finger on the screen, use the wrong finger (one you haven’t enrolled in TouchID) or move your finger enough to smudge and get a bad read. You only get five attempts before the phone stops accepting TouchID, and you need to provide your passphrase again. If successful, the screen will say, “Touch ID does not recognize your fingerprint,” so it’s detectable to someone who knows what they’re doing, but also confirmation to you that it worked. As far as I know, there’s no timeout to this status. You will not be able to use TouchID until the passcode is entered.
Either way, TouchID is disabled and they need to get your passcode out of you. Assuming you’re still in ordinary LEO territory, a $5 wrench isn’t going to work out when it comes to admissibility. If you’re already in TLA non-citizen territory, you’re done for anyways. Your call if “making it easier on yourself” is a good play or not...
Best laugh of the day. Thank you, Anonymous Coward.
You need to understand the problem better. A quantum computer doesn't change the equations, it changes what is being searched, and the class of problem you are searching for.
WIthout being great with QM, I can tell you that quantum computers can definitely solve the class of NP Complete problems easier, but probably can't solve the set of NP Hard problems. Maybe.
Given the presence of a quantum computer and a 256 bit key, the question becomes one of "can we recognize a solution when we see it?" based upon the ability to simultaneously test all 256 bits in parallel. Depending upon the class of encryption used, the answer might be "No"
256 Bits "obviously" refers to symmetric ciphers. And more specifically these days, probably a class of them known as feistel networks, which probably aren't ...very quantum computable, although they are (often) engineered to be hardware friendly.
If it was 2048 or 4096 or more bits, it's probably referring to asymetric keys -- e.g. RSA. The factoring of numbers -- is very quantum friendly (hence you see a push to DSA algorithms). You'll never see a 256 bit RSA key (I hope) though, because even my desktop can factor something in that size pretty quickly given a sieve.
The short of it is...
"a quantum computer probably isn't interesting for a 256 bit key, because it's not the type of problem they know how to recognize" (today, at least).
If you want to exploit quantum computation, you need a way to recognize a solution immediately when you test it.
Is it dead or not ? is debatable ... https://www.techdirt.com/artic...
I think you then get into an interesting conversation about how easy you want to make it for a clever criminal to avoid getting caught.
The single use part is inconvenient, but the killer is the key exchange. You need to have a new 'pad' for each person you need to communicate with, and you need to get it to them in the first place, without it being compromised. And you need very high quality randomness, which is surprisingly difficult to generate.
Just make sure you encrypt the backup... oh wait...
That seems to me this is when The Simpsons meets Monty Python's Dead Canary sketch! http://img1.wikia.nocookie.net...
Do you mean to say that you encrypt important data using passwords that you can't remember? That doesn't make sense to me.
cf/authentication/authorization/g
You are authenticated by your fingerprint but that might not be good enough for reliable authorization.
Encryption is ALWAYS breakable by brute force. Question is how long does it take? Seconds? Hours? Months? Years? Decades? This is usually determined by key sizes. The longer the key, the longer it takes to brute force. (generally)
Um, not quite, one time pads are provably impossible to break by brute force since the message can be decoded into any message of the right length.
One Time Pads are incredibly difficult to implement because you have to securely distribute the pads AND you have to make sure your pads are indeed random. So, for use on any kind of digital device, nobody can usually afford to use a One Time Pad for encrypting their phone.
I had assumed that the context ruled out the One Use Pad, so I didn't put an exception in for that. Sorry.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
I've tried to use this logic when explaining "solving chess" and "replacing IPv6".
I had a too-long argument with a coworker about whether it is possible to "solve chess". I said no, because the computer memory required has more bits than there are photons in the universe. He wasn't convinced so I modified my argument: "It's not that solving chess is impossible, but that it is impossible in this universe." Give me a different universe and then we'll reconsider.
Same thing with IPv6. I've heard educated people say "It'll be a few more years until we just run out of address space there, too." I say, no. We have enough addresses to individually address every atom in the solar system, with spare addresses. Once we start addressing atoms in other star systems then we'll reconsider.
Actually, it is not. In reality, a 256 bit key can not be brute forced because of physics - especially the second law of thermodynamics. One of the results of this law is that information needs energy to be represented. In an ideal computer, the representation of one bit requires kT energy, where k is the Boltzman constant and T is the temperature. Let's assume we can operate at the average temperature of 3.2 Kelvin, the average temperature of the universe. The required energy to represent a bit in this case would be around 4.416*10-23 Joule. The annual amount of energy that our sun emits is about 1.21*10^34 Joule. Dividing this with the per bit-change energy, we could provide power for our ideal computer to perform 2.74*10^56 bit changes. This is just about enough to have a 187-bit counter go through all its states. This does not include the energy needed for the computations to test each key (our counter state in this case) for correctness. A 256 bit counter would require ~400.000.000.000.000.000.000 stars like our sun just to represent in the counter of our ideal computer. Or, to say it in the words of Bruce Schneier: "...brute force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space". Note: I am not talking about potential attacks against the algorithms here, etc. only pointing out that encryption is definitely not ALWAYS breakable by brute force.
I have no clue what all the above really means.... If you are saying that 256 bit keys are hard to break, I would concur. If you are saying that it would take a long time, I would again agree. However, if you look at "possible" it is totally possible to brute force a 256 bit key, it just takes TIME to do, LOTS of time OR lots of computers. Either way, it is perfectly possible... Now it may take a LOT of computers (more than are physically possible) or it may take a LONG time (more than we likely have before the sun destroys the earth) but that is all about being practical and not about being possible.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Ok.. One time pads... So you going to remember that to unlock your phone?
Practical encryption is ALWAYS crackable. (OTP usually CAN be hacked by attacking the pad generation and distribution process, but if you do that right, not crackable. It's just that it is REALLY hard to do it right.)
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
>Encryption is ALWAYS breakable by brute force. ...with the exception One Time Pad encryption.
Granted.... AND it's a TOTALLY unusable technique in most cases... It's REALLY HARD to do in the real world which is why I didn't put in an exception to my statement.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Your shopping at the wrong places. $5 will get you a pipe wrench at Harbor Freight. Useless for plumbing, but great for braining someone.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Same thing with IPv6. I've heard educated people say "It'll be a few more years until we just run out of address space there, too."
Careful there. By design, the IPv6 address space is very sparse. For instance, my house has a /48 netblock allocated to it. If that were the universal rule, the effective address space would be 2^48 networks, not 2^128 hosts. That's also assuming that all of the /48 space is allocated perfectly and densely, and not like a /16 per ISP which would mean that we'd never be able to have more than 66,000 ISPs.
IPv6 will not feasibly support 2^128 hosts because it was never meant for each host to be consecutively numbered. While your coworker is incorrect, your standpoint isn't exactly right, either.
Dewey, what part of this looks like authorities should be involved?
. Is forcing someone's finger onto their iPhone's sensor forcing them to reveal information under duress?
It would be no different then forcing a suspect to provide fingerprints or dna samples. They'd need a warrant for it, but they could absolutely do it.
I agree if they just forced you without a warrant, that you'd probably get it all ruled inadmissible.
I have no clue what all the above really means.... If you are saying that 256 bit keys are hard to break, I would concur. If you are saying that it would take a long time, I would again agree. However, if you look at "possible" it is totally possible to brute force a 256 bit key, it just takes TIME to do, LOTS of time OR lots of computers. Either way, it is perfectly possible... Now it may take a LOT of computers (more than are physically possible) or it may take a LONG time (more than we likely have before the sun destroys the earth) but that is all about being practical and not about being possible.
It's mathematically possible. It's humanly impossible. No human will ever build a machine using normal matter that is capable of it.
Encryption is ALWAYS breakable by brute force. Question is how long does it take? Seconds? Hours? Months? Years? Decades? This is usually determined by key sizes. The longer the key, the longer it takes to brute force. (generally)
Chuck Norris can brute force a 256-bit key in the time it takes to blink his eyes.
Chuck Norris never blinks. Never.
I work in this field and there is something about these machines that you are missing. Firstly your human replacement robot worker is going to cost about $300,000 to build then maybe up to $40,000 to $50,000 per year in maintenance. How will humans compete with that? (Don't expect those prices to fall much with mass production either.)
In fact robots might not reduce the actual workforce that much because each will require the equivalent of roughly one permanent human worker to keep it running and that worker will need to be a highly trained engineer. People seem to have some kind of mental comparison that puts these machines as somehow equivalent to cars - in reality they are far more complicated - like say jet helicopters - or maybe spacecraft - they are actually probably more complicated than either.
These machines are immensely complicated, they have thousands of moving parts, tens of thousands of tiny wires and connectors and circuits, all packed into tiny difficult fiddly spaces. Even the software cores of these machine will require regular monitoring and maintenance - and this will be a complex, hyper specialised job.
The other special problem is that in 'normal' operation robot workers will constantly suffer wear and tear and frequent or near constant damage. Your human manual worker takes constant knocks and minor abuses to their body everyday in their job, these just heal. For every one the robot has to call out maintenance.
Actually the best real apps for Strong AI look like office work, large scale management, writing software, creative work, brain surgeons, monitoring CCTV systems, 'home' systems, autonomous cars. Its more likely to replace people like CEO's and executives than fast food workers or farmers or the guy carrying the mail. In certain kinds of maths and science work Strong AI's will really excel - especially things like DNA and genetic analysis and comprehension.
The main manual jobs AI's are actually likely to threaten are things like truck drivers, pilots, taxi drivers - and even in these jobs they will probably still need humans watching the machines.
Below the speed of light Special Relativity is one of the most accurate theories in physics - above the speed of light..
this would appear to mean that apple users, up to now, have not been "interesting" to the U/NSA...
... But your "new singularity" has been tried and abandoned by most cultures. (It's more familiar name is "slavery")
was re: if we ever make a robot that's better at everything than humans, and then fail to recognize its civil rights, we will simply be repeating history. I can quote you some nice scifi books that workshop this premise if you like.
It's exactly the same, just an especially pointless variation. You need to get these OTP to someone in a way that is completely secure from interception (which begs the question why not send the message itself that way). Most people aren't going to take up an encryption mechanism which means sharing USB pens loaded with OTPs to everyone they communicate with.
Besides which, talking of splitting hairs, given that I said "I accept it is encryption" how exactly was I claiming it wasn't?