Why do you think so? Having a quick and easy way of remotely obtaining the unique hash of the fingerprint of any iPhone user could become very useful for the NSA and other agencies - law enforcement in particular. Say you lift off a fingerprint from some object and want to know whom it belongs to. You compute a hash by the same method as in the iPhone and obtain cell phone data of people who were in the vicinity of the crime scene (that's probably standard procedure by now anyway). Now wouldn't it be nice if you could quickly match your hash with those of the phone owners? The more phones have fingerprint readers, the more obviously useful would it be to have a database of fingerprint hashes or access them remotely on the phones.
Yes and no. The idea of free software is that users and developers are ultimately the same. If you encounter a bug as a user or need some feature, you can fix it on your own, or, if you don't know how to do that, you may send the source to some grey-bearded friend who will patch it for you. That's the idea. It means that users are informed and encouraged to learn about the technology they use and hack and adjust it to their like, rather than being forced to use a weird blackbox with paid upgrades every few months.
Unfortunately, the OP confuses open source with free software. Free software is always open source, but not all open source software is free (as in freedom).
By the way, the argument that most users don't care about free software is (a bit) on a par with the argument that most slaves in ancient Rome didn't care or that women don't want to have the same rights as men. These arguments are probably wrong, but even if they were right, they would completely miss the point.
I always thought that guys like Stephen King or Tom Clancy have their books written by a couple of ghostwriters and in the end only make a few corrections and put their approval stamp on it. Not that I have anything against that, publishing is a business... but I wonder whether I'm right or wrong?
Since I'm getting tired of these stories and it seems kind of unfair that you're getting all the heat recently, here is my suggestion how you could improve your PR image by doing something to our mutual benefit:
Please use your supercomputers for a few months to aggressively mine Bitcoins and Litecoins. That would make you (virtually) richer than you already are and free me and the rest of the world in future from annoying Bitcoin-mining stories.
If you like this idea, consider donating some Bitcoins to me. You know where to find me.
If you have a perfectly random source, and you xor it with anything, the result will still be perfectly random.
If you already have a perfectly random source, there is no need to mix it with anything.
Scrambling random data with ciphers or hash functions before using it is a different matter, since those actually decrease entropy.
Reversible ciphers by definition don't decrease entropy. Hash functions do.
But as long as the two streams are from a sufficiently different source, things can only get better by xoring them.
You'd have to show that, especially for the case when one of the sources is fully compromised. (I don't believe RdRand is, just saying it's not that simple...)
Of course, but if you XOR 4 different not-quite-random sources with each other you will still have not-quite-random. Entropy sources are not totally random.
The real problem, however, is that traditional random pools can deplete. Formerly, if you did it properly there had to be a delay in this case in order to gather new random data (e.g. the infamous "please move your mouse"). If instead RdRand is allowed to become the only source when other pools are depleted, this opens an attack vector provided that RdRand is compromised. Arguably, this depends on the implementation and I doubt that kernel developers would allow this to happen.
Anyway, if you don't trust some component in a security system (e.g. because you cannot audit it), then you ought not use, even if you think your use can do no harm. That's just plain common sense. Don't use what you don't trust.
Actually, you're both idiots, though you're the bigger one.
First, the halting problem concerns a program that can check of any input program whether it will halt or not. There is no problem with writing a program that checks whether some given input programs halt or not, conversely, this is done all the time e.g. in formal software verification. Second, there is no way to confirm that a random number generator is cryptographically secure by only looking at its output. In fact, it's completely trivial to write a program that produces pseudo-random numbers in a completely predictable way while passing all statistical tests (like the diehard suite). Every decent modern blockcipher can produce such output. That's what this debate is about, as long as RdRand is a blackbox and does not provide researchers with a way to inspect in the detail how it obtains true random data, it must be considered insecure from a cryptographic perspective. Third, the other guy is also a (lesser) idiot because there would be no need to check what some software does with the RNG. To make the hardware RNG exploitable it suffices to ensure that its actual random source is fairly low entropy and only looks random. The NSA was able to break alleged one time pads during Cold War by exploiting the fact that secretaries were told by the KGB to type letters randomly, a task at which humands are not very good. Or, so the story goes.
Of course it would matter, it would significantly lower entropy and make entropy estimates incorrect. If RdRand was broken, for which there does not seem to be any proof.
How do you think RNGs got broken in the past? They got broken by carefully exploiting the fact that people grabbed some not sufficiently random input from the system and "scrambled" it a bit with a block cipher or hash functions, assuming that would suffice.
Based of my knowledge from spy novels I'd say there are two sorts of spies: officials and illegals. The mostly former operate from the embassy and spend most of the day with trying to get rid of their pursuers. If they fuck something up, they go home as a persona non grata. The latter are under deep cover, should never meet the former, and their existence will be denied by every embassy. They use stuff like code books, dead drops and run-off-the-mill short wave receivers to listen to number stations. If they get caught, they face life long prison or execution.
If a spy doesn't want to take too much risk, he can always abort mission and send the bluprints of a vacuum cleaner back to headquarters instead. Nobody will figure out what it means.
Sure, if you want to die on Mars, go ahead and chuckle while you suffocate. I'm not against suicide. As long as participants realize that it's really just for TV entertainment, that's okay.
Agreed but if you're of the opinion that nothing can be trusted anymore so there's no point trying then you might as well just resign yourself to the fact that it's all over, the spy agencies have won and just let all your data be public.
I think his idea was that Google cannot be trusted, because they are a US and Prism partners, not that nothing can be trusted anymore. Sounds reasonable to me.
What you have to understand is that Apple is fundamentally a software company.
That's simply wrong and everybody knows it, no matter what Jobs might have said once in one of his promotional videos. Apple's profit still mostly comes from hardware sales and it has always been that way. If they were a software company, they could easily open OS X and iOS to other hardware manufacturers, but in fact that would be their immediate death sentence.
It amazes me that despite the need for random data everywhere there are so few consumer devices with built-in hardware RNG. It doesn't seem very hard or expensive to add one.
To generate the final 256-bit key that is used for the block cipher, KeePass first hashes the user's password using SHA-256, encrypts the result N times using the Advanced Encryption Standard (AES) algorithm (called key transformation rounds from on now), and then hashes it again using SHA-256.
That's a fairly meaningless description, because it doesn't tell you with what key the hash of the key is "encrypted".
Using a block cipher instead of extensive repeated hashing is not a bad idea in general, because in contrast to hashing it is guaranteed not to loose entropy. However, the password also needs to be salted.
If I remember correctly, there is a proof for Triple Encryption with Minimum Keys (TEMK) that shows that if you encrypt three times with two independent keys, it will be at least twice as secure as one encryption with one key. The keys must be completely independent, though, derived from two different high-entropy passphrases or random keys that are long enough.
Anyway, encrypting twice with the same key can make it less secure, as others have pointed out. Increasing the rounds of a block cipher might be a better choice in this case, but without extensive cryptanalasis the security gain could still be illusory.
a software product company founded by Alok Bhardwaj and based in Washington DC
In the "About Us" section of the web site. US-based, so it won't protect your privacy against the spooks (Patriot Act *wink* *wink*). Neverthless, it's nice to see more software made with privacy in mind.
"Government shouldn't allow foreign governments to kill civilians"?
Incidentally, that policy also applies to the Syrian government versus the US. Cos', you know, the US is a foreign government and airstrikes would surely also kill civilians.
The good news is that although the botnet itself is bad, the number of connections and extra clients improves Tor security overall for all the other users.
Not necessarily. As it seems that the CIA can print their own money, they could try to purchase massive amounts of botnet nodes in order to attack TOR's anonymity should the need arise.
What does this have to do with risk aversity of the people to whom Schneier refers to by "we"? All I'm asking is that he backs up his claims that "our" risk aversity has increased with some empirical research rather than just pulling it out of his ass from anectodical evidence. If you knew the slightest bit about this topic you would know that it is not at all obvious that people have generally become more risk averse. It's a purely empirical question.
As I've said, there is plenty of empirical research in behavioral economics and mathematical psychology on people's actual risk behavior since (at least) the seventies of last century, so it's not too much to ask for evidence. But apparently on/. it is, since otherwise your rather dumb commentary wouldn't have been modded "insightful".
The least thing Schneier could have done is to lay out why the policies he mentions are cases of 'bad risk avoidance' whereas spending money on cancer research is (presumably) 'good risk avoidance', because that's the real issue here - policy making, not risk attitude in general. And there are many rational ways in which you could argue, based on decision theory and operations research, that public policies about risks set the wrong priorities.
As someone who is familiar with a lot of theoretical work on decision making and the work of Tversky and Kahneman, but not with current empirical research, I am wondering where he gets his data from. By looking at a few examples you cannot establish general claims about how risk prone or averse we have become. Likewise, how does he know that risk aversity depends on the culture? Perhaps it does, but I want to see the study. And yes, there are plenty of studies in this field, it just seems that Schneier doesn't read them, or otherwise he should mention them.
It's a matter of an old-fashioned thing called 'common decency' to call it GNU/Linux. Without the thousands of GNU components the OS wouldn't even have a working compiler suite. Credit to where it's due.
As for Android, it's just Android although it should be Android/Linux. That's because the company that made Android is not very decent.
the guy is a self-aggrandizing scam artist and charlatan
However, if he wore a suit with tie and had not only fullfilled DMCA requests (which he always did) but also had proactively given away his customers data to any US authority and private copyright holders like the RIAA without any real legal basis and had additionally given money to the two leading US parties, he'd be considered quite a decent fellow in the US now. In other words, while he never did anything else than Google and thousands of other companies, including US ones today, he hasn't shown "the right attitude" and that is the main and real reason why he is being persecuted now. He doesn't act the way you are expected to act as a rich entrepreneur with a serious business. Such misbehavior is usually sanctioned. They even wondered whether they could turn an inflatable tank he had in his garden into some kind of evil plot, but didn't manage to find the right legal angle to it...
Regarding trust... well, at least New Zealand law cannot force you to install backdoors and lie to everyone about it, but of course you cannot trust any closed source company with data security. Encrypt on your own before storing something on Mega and you're fine.
Slashdot Mirror
Why do you think so? Having a quick and easy way of remotely obtaining the unique hash of the fingerprint of any iPhone user could become very useful for the NSA and other agencies - law enforcement in particular. Say you lift off a fingerprint from some object and want to know whom it belongs to. You compute a hash by the same method as in the iPhone and obtain cell phone data of people who were in the vicinity of the crime scene (that's probably standard procedure by now anyway). Now wouldn't it be nice if you could quickly match your hash with those of the phone owners? The more phones have fingerprint readers, the more obviously useful would it be to have a database of fingerprint hashes or access them remotely on the phones.
Yes and no. The idea of free software is that users and developers are ultimately the same. If you encounter a bug as a user or need some feature, you can fix it on your own, or, if you don't know how to do that, you may send the source to some grey-bearded friend who will patch it for you. That's the idea. It means that users are informed and encouraged to learn about the technology they use and hack and adjust it to their like, rather than being forced to use a weird blackbox with paid upgrades every few months.
Unfortunately, the OP confuses open source with free software. Free software is always open source, but not all open source software is free (as in freedom).
By the way, the argument that most users don't care about free software is (a bit) on a par with the argument that most slaves in ancient Rome didn't care or that women don't want to have the same rights as men. These arguments are probably wrong, but even if they were right, they would completely miss the point.
I always thought that guys like Stephen King or Tom Clancy have their books written by a couple of ghostwriters and in the end only make a few corrections and put their approval stamp on it. Not that I have anything against that, publishing is a business... but I wonder whether I'm right or wrong?
Any professional ghostwriters among the /. crowd?
Dear NSA,
Since I'm getting tired of these stories and it seems kind of unfair that you're getting all the heat recently, here is my suggestion how you could improve your PR image by doing something to our mutual benefit:
Please use your supercomputers for a few months to aggressively mine Bitcoins and Litecoins. That would make you (virtually) richer than you already are and free me and the rest of the world in future from annoying Bitcoin-mining stories.
If you like this idea, consider donating some Bitcoins to me. You know where to find me.
Thank you for your attention and best regards,
aaaaaaargh!
If you have a perfectly random source, and you xor it with anything, the result will still be perfectly random.
If you already have a perfectly random source, there is no need to mix it with anything.
Scrambling random data with ciphers or hash functions before using it is a different matter, since those actually decrease entropy.
Reversible ciphers by definition don't decrease entropy. Hash functions do.
But as long as the two streams are from a sufficiently different source, things can only get better by xoring them.
You'd have to show that, especially for the case when one of the sources is fully compromised. (I don't believe RdRand is, just saying it's not that simple...)
Of course, but if you XOR 4 different not-quite-random sources with each other you will still have not-quite-random. Entropy sources are not totally random.
The real problem, however, is that traditional random pools can deplete. Formerly, if you did it properly there had to be a delay in this case in order to gather new random data (e.g. the infamous "please move your mouse"). If instead RdRand is allowed to become the only source when other pools are depleted, this opens an attack vector provided that RdRand is compromised. Arguably, this depends on the implementation and I doubt that kernel developers would allow this to happen.
Anyway, if you don't trust some component in a security system (e.g. because you cannot audit it), then you ought not use, even if you think your use can do no harm. That's just plain common sense. Don't use what you don't trust.
Actually, you're both idiots, though you're the bigger one.
First, the halting problem concerns a program that can check of any input program whether it will halt or not. There is no problem with writing a program that checks whether some given input programs halt or not, conversely, this is done all the time e.g. in formal software verification. Second, there is no way to confirm that a random number generator is cryptographically secure by only looking at its output. In fact, it's completely trivial to write a program that produces pseudo-random numbers in a completely predictable way while passing all statistical tests (like the diehard suite). Every decent modern blockcipher can produce such output. That's what this debate is about, as long as RdRand is a blackbox and does not provide researchers with a way to inspect in the detail how it obtains true random data, it must be considered insecure from a cryptographic perspective. Third, the other guy is also a (lesser) idiot because there would be no need to check what some software does with the RNG. To make the hardware RNG exploitable it suffices to ensure that its actual random source is fairly low entropy and only looks random. The NSA was able to break alleged one time pads during Cold War by exploiting the fact that secretaries were told by the KGB to type letters randomly, a task at which humands are not very good. Or, so the story goes.
Of course it would matter, it would significantly lower entropy and make entropy estimates incorrect. If RdRand was broken, for which there does not seem to be any proof.
How do you think RNGs got broken in the past? They got broken by carefully exploiting the fact that people grabbed some not sufficiently random input from the system and "scrambled" it a bit with a block cipher or hash functions, assuming that would suffice.
Based of my knowledge from spy novels I'd say there are two sorts of spies: officials and illegals. The mostly former operate from the embassy and spend most of the day with trying to get rid of their pursuers. If they fuck something up, they go home as a persona non grata. The latter are under deep cover, should never meet the former, and their existence will be denied by every embassy. They use stuff like code books, dead drops and run-off-the-mill short wave receivers to listen to number stations. If they get caught, they face life long prison or execution.
If a spy doesn't want to take too much risk, he can always abort mission and send the bluprints of a vacuum cleaner back to headquarters instead. Nobody will figure out what it means.
Sure, if you want to die on Mars, go ahead and chuckle while you suffocate. I'm not against suicide. As long as participants realize that it's really just for TV entertainment, that's okay.
Even if that means I'm stupid, I can't wait to get the popcorn and see people like you die on Mars. :-)
Agreed but if you're of the opinion that nothing can be trusted anymore so there's no point trying then you might as well just resign yourself to the fact that it's all over, the spy agencies have won and just let all your data be public.
I think his idea was that Google cannot be trusted, because they are a US and Prism partners, not that nothing can be trusted anymore. Sounds reasonable to me.
What you have to understand is that Apple is fundamentally a software company.
That's simply wrong and everybody knows it, no matter what Jobs might have said once in one of his promotional videos. Apple's profit still mostly comes from hardware sales and it has always been that way. If they were a software company, they could easily open OS X and iOS to other hardware manufacturers, but in fact that would be their immediate death sentence.
It amazes me that despite the need for random data everywhere there are so few consumer devices with built-in hardware RNG. It doesn't seem very hard or expensive to add one.
Yes, that's called an All-or-nothing Transform. It's computationally cheap but not yet used very widely.
To generate the final 256-bit key that is used for the block cipher, KeePass first hashes the user's password using SHA-256, encrypts the result N times using the Advanced Encryption Standard (AES) algorithm (called key transformation rounds from on now), and then hashes it again using SHA-256.
That's a fairly meaningless description, because it doesn't tell you with what key the hash of the key is "encrypted".
Using a block cipher instead of extensive repeated hashing is not a bad idea in general, because in contrast to hashing it is guaranteed not to loose entropy. However, the password also needs to be salted.
If I remember correctly, there is a proof for Triple Encryption with Minimum Keys (TEMK) that shows that if you encrypt three times with two independent keys, it will be at least twice as secure as one encryption with one key. The keys must be completely independent, though, derived from two different high-entropy passphrases or random keys that are long enough.
Anyway, encrypting twice with the same key can make it less secure, as others have pointed out. Increasing the rounds of a block cipher might be a better choice in this case, but without extensive cryptanalasis the security gain could still be illusory.
a software product company founded by Alok Bhardwaj and based in Washington DC
In the "About Us" section of the web site. US-based, so it won't protect your privacy against the spooks (Patriot Act *wink* *wink*). Neverthless, it's nice to see more software made with privacy in mind.
"Government shouldn't allow foreign governments to kill civilians"?
Incidentally, that policy also applies to the Syrian government versus the US. Cos', you know, the US is a foreign government and airstrikes would surely also kill civilians.
Also, your entire post is a false dichotomy.
The good news is that although the botnet itself is bad, the number of connections and extra clients improves Tor security overall for all the other users.
Not necessarily. As it seems that the CIA can print their own money, they could try to purchase massive amounts of botnet nodes in order to attack TOR's anonymity should the need arise.
What does this have to do with risk aversity of the people to whom Schneier refers to by "we"? All I'm asking is that he backs up his claims that "our" risk aversity has increased with some empirical research rather than just pulling it out of his ass from anectodical evidence. If you knew the slightest bit about this topic you would know that it is not at all obvious that people have generally become more risk averse. It's a purely empirical question.
As I've said, there is plenty of empirical research in behavioral economics and mathematical psychology on people's actual risk behavior since (at least) the seventies of last century, so it's not too much to ask for evidence. But apparently on /. it is, since otherwise your rather dumb commentary wouldn't have been modded "insightful".
The least thing Schneier could have done is to lay out why the policies he mentions are cases of 'bad risk avoidance' whereas spending money on cancer research is (presumably) 'good risk avoidance', because that's the real issue here - policy making, not risk attitude in general. And there are many rational ways in which you could argue, based on decision theory and operations research, that public policies about risks set the wrong priorities.
As someone who is familiar with a lot of theoretical work on decision making and the work of Tversky and Kahneman, but not with current empirical research, I am wondering where he gets his data from. By looking at a few examples you cannot establish general claims about how risk prone or averse we have become. Likewise, how does he know that risk aversity depends on the culture? Perhaps it does, but I want to see the study. And yes, there are plenty of studies in this field, it just seems that Schneier doesn't read them, or otherwise he should mention them.
So how about some empirical evidence?
It's a matter of an old-fashioned thing called 'common decency' to call it GNU/Linux. Without the thousands of GNU components the OS wouldn't even have a working compiler suite. Credit to where it's due.
As for Android, it's just Android although it should be Android/Linux. That's because the company that made Android is not very decent.
However, only 860 were fixed. Double logic impairment.
the guy is a self-aggrandizing scam artist and charlatan
However, if he wore a suit with tie and had not only fullfilled DMCA requests (which he always did) but also had proactively given away his customers data to any US authority and private copyright holders like the RIAA without any real legal basis and had additionally given money to the two leading US parties, he'd be considered quite a decent fellow in the US now. In other words, while he never did anything else than Google and thousands of other companies, including US ones today, he hasn't shown "the right attitude" and that is the main and real reason why he is being persecuted now. He doesn't act the way you are expected to act as a rich entrepreneur with a serious business. Such misbehavior is usually sanctioned. They even wondered whether they could turn an inflatable tank he had in his garden into some kind of evil plot, but didn't manage to find the right legal angle to it...
Regarding trust ... well, at least New Zealand law cannot force you to install backdoors and lie to everyone about it, but of course you cannot trust any closed source company with data security. Encrypt on your own before storing something on Mega and you're fine.