If you really want to use SSN, couldn't you atleast make a lossy hash out of it? Then the SSN could be used to find you but the database couldn't be used to find the SSN.
Why would the data needed for the distributed warehouse system ever need to leave the central server? If you want to give the data to various consultants to perform optimisations it would make alot more sense to anonymize it before you put it on a freakin' laptop.
Only the server needs the real data.
In your example of deciding where to grow, it would be patheticly easy to just export the adresses with the numbers stripped out(I seriously doubt you need higher accurasy then per street) together with generated keys.
On your questions, if you reported it was secure to the CEO when infact it wasn't, you're liable, if you reported that it's insecure to the CEO and he didn't tell you to fix it he's liable.
With that aproach you still never get the secret key, you only become able to read small messages since the space of plaintexts is actually gargantuan.
The users of a public key algorithm can also protect themselves by just adding random noise to their messages.
Well, they rely on knowing what method you used but so does any cryptography attack, it's impossible to create an attack that can target any encryption since it's impossible to tell the difference between something encrypted and random noise.
So if the attacker knows you're using two different methods he just has to crack them both one at a time. It's not terribly different from knowing you use one method.
What you're doing is just attempting to practise security through obscurity when you layer encryption on encryption.
Everything uses polynomial equations, what matters is the degree. Elliptic curve crypyography uses really high degree polynomials so you don't have to worry.
Did you actually read what she said? She doesn't want them taken offline, she just wants to make them semi-anonymous so you can't google for people. They'll still be at the net.
They don't lie, they assume that if a site is self-signed it has been hijacked which is very resonable, if my bank suddenly changed to self-signed I'd want a proper warning.
It would take forever due to the fact it gets disabled after 3 failures. Most people that put up the fake readers also put up a small camera so they get the pins.
Also you're most likely insured against hacking so your average loss would be even less. It's much more in the banks interest to keep the accounts secure becasue it's them that have to pay up when they get hacked.
I buy bottled water, not because it's better (swedish tap water is actually better then most bottled waters) but because I like the bubbles and dislike the various machines to do that at home.
Well, actually there is a rather large organisation that is actively lobbying for the metro becoming free and tax financed. What they do is that they each pay a sum to a mutual account every month (think it's about 1/3rd of what hte metro would charge) and then they all just jump the turnstile and if they get caught the organisation will pay the bill.
That feels rather similar to the pirate community, maybe someone should set up a mutual account to pay for RIAA legal threats.
Re:It's summer, and Slashdot is trolling
on
UK P2P Fight Brewing
·
· Score: 2, Informative
>let me ask you this question: let's say the subway (metro, tube) cost $20 per ride, but the ride wasn't to work or particurly >necessary, it was just fun. What sort of punishment would be appropriate for somebody who was caught after jumping the turnstyle >every day for 10 years? After all, the nominal "cost" to the metro company of another rider is effectively zero. Clearly $20 x (10 >years) is not a reasonable punishment since there's no disincentive in this - we'd then ALL jump the turnstiles and just pay if we >got caught, since we'd be no better off.
Atleast in sweden the punishment for jumping the turnstyle every day for 10 years is exactly the same as the punishment for jumping it once, aproximately the cost of 2 months of metro access.
I'm interested in games, i'm even directly interested in WoW and i'm planning to get myself a deathknight, it's just that this isn't terribly new or interesting information.
What exactly makes this newsworthy? The NDA was lifted over a week ago and it's still alpha and in my experiance alot changes between alpha and release when it comes to blizzard.
Slashdot Mirror
If you really want to use SSN, couldn't you atleast make a lossy hash out of it? Then the SSN could be used to find you but the database couldn't be used to find the SSN.
Why would the data needed for the distributed warehouse system ever need to leave the central server? If you want to give the data to various consultants to perform optimisations it would make alot more sense to anonymize it before you put it on a freakin' laptop.
Only the server needs the real data.
In your example of deciding where to grow, it would be patheticly easy to just export the adresses with the numbers stripped out(I seriously doubt you need higher accurasy then per street) together with generated keys.
On your questions, if you reported it was secure to the CEO when infact it wasn't, you're liable, if you reported that it's insecure to the CEO and he didn't tell you to fix it he's liable.
Tell me again what part of those features require my personal data? Learn to use a serial number seriously.
With that aproach you still never get the secret key, you only become able to read small messages since the space of plaintexts is actually gargantuan.
The users of a public key algorithm can also protect themselves by just adding random noise to their messages.
Well, they rely on knowing what method you used but so does any cryptography attack, it's impossible to create an attack that can target any encryption since it's impossible to tell the difference between something encrypted and random noise.
So if the attacker knows you're using two different methods he just has to crack them both one at a time. It's not terribly different from knowing you use one method.
What you're doing is just attempting to practise security through obscurity when you layer encryption on encryption.
Everything uses polynomial equations, what matters is the degree. Elliptic curve crypyography uses really high degree polynomials so you don't have to worry.
Low degree polynomals are relatively easy to crack, news at 11?
I thought most people used RSA nowadays because of it's mathematical ubreakability. (Huge polynomal):
Breaking of the stream ciphers can be a problem though.
The physical records got a slightly higher barrier of entry, people don't casually look up eachothers physical records the way they google eacother.
You'd still be able to do that, you'd just not be able to get it online.
So you want the first thing that shows up if you google your name to be your divorce?
Did you actually read what she said? She doesn't want them taken offline, she just wants to make them semi-anonymous so you can't google for people. They'll still be at the net.
They don't lie, they assume that if a site is self-signed it has been hijacked which is very resonable, if my bank suddenly changed to self-signed I'd want a proper warning.
Because it wouldn't look completely alien? Seriously, IPv6 adresses are not human usuable.
It would take forever due to the fact it gets disabled after 3 failures. Most people that put up the fake readers also put up a small camera so they get the pins.
Wouldn't that table he heavily referenced? If you really want to cause damange you're meant to do CASCADE ;)
Also you're most likely insured against hacking so your average loss would be even less. It's much more in the banks interest to keep the accounts secure becasue it's them that have to pay up when they get hacked.
Google is responsible for how THEY use their technology. You can't evade responsibility by claiming the task is automated.
If I made an automated killing robot would you then say I'm innocent of murder just because I let an automated robot do the killing instead of me?
The act of taking the photo is the invasion of privacy.
Fair use does not explicitly say "perfect backups are allowed", fair use is based on the purpose of the copying.
Downloading a song from the internet for backup purposes and ripping a cd for backup purposes are the exact same thing in the eyes of the law.
Why would they be different?
They copy the same thing (what matters is the abstract content not the actual bits)
They copy for the same purpose
Fair use gives you the right to make backup copies, downloading the song from the internet is the same as making a backup copy.
I buy bottled water, not because it's better (swedish tap water is actually better then most bottled waters) but because I like the bubbles and dislike the various machines to do that at home.
Well, actually there is a rather large organisation that is actively lobbying for the metro becoming free and tax financed. What they do is that they each pay a sum to a mutual account every month (think it's about 1/3rd of what hte metro would charge) and then they all just jump the turnstile and if they get caught the organisation will pay the bill.
That feels rather similar to the pirate community, maybe someone should set up a mutual account to pay for RIAA legal threats.
>let me ask you this question: let's say the subway (metro, tube) cost $20 per ride, but the ride wasn't to work or particurly >necessary, it was just fun. What sort of punishment would be appropriate for somebody who was caught after jumping the turnstyle >every day for 10 years? After all, the nominal "cost" to the metro company of another rider is effectively zero. Clearly $20 x (10 >years) is not a reasonable punishment since there's no disincentive in this - we'd then ALL jump the turnstiles and just pay if we >got caught, since we'd be no better off.
Atleast in sweden the punishment for jumping the turnstyle every day for 10 years is exactly the same as the punishment for jumping it once, aproximately the cost of 2 months of metro access.
I'm interested in games, i'm even directly interested in WoW and i'm planning to get myself a deathknight, it's just that this isn't terribly new or interesting information.
What exactly makes this newsworthy? The NDA was lifted over a week ago and it's still alpha and in my experiance alot changes between alpha and release when it comes to blizzard.
He said doing it in real time would be though, not going through the datafile retroactively.