I bet when you see some beautiful security system turned into a mess because of bad policies you feel like I do when i hand over some box i lovingly created only to have them turn it into a spyware/adware laden mess in less than a month, just like that scene in "History of The World part I" where the artist gets his work pissed on by the critic!
Indeed. Apathy, ignorance and laziness are the greatest of all foe.
Thanks to you and Pete for explaining this subject in much closer to layman's terms than I've ever seen it tackled, it does make me think of a couple of follow up questions if you don't mind.
Not at all, you questions are poignant and well-framed.
Since as you pointed out with Enigma (which IIRC there is still a handful of messages they still haven't cracked after all these years) there are gonna be advances coming down the pipe and that both AES 128 and RSA 1024 have expiration dates, wouldn't it be smarter to try to jump a little bit ahead of the curve?by that I mean wouldn't it be smarter to just go ahead and switch to 512 bit AES and 4096 RSA when the previous schema expires? Or is that too computationally expensive with current technology?
Yes, going too far beyond current standards is expensive. As you imply, when computational overhead is considered (particularly in terms of server hardware) the cost of supporting increased key lengths is significant. For ciphers that are embedded in hardware devices there is further pressure to reduce footprint and fabrication costs as well as motivation to build in some amount of redundancy. Economic pressure therefore acts to resist the urge to overstep the Moore curve too greatly.
Which brings me to my second question: Back in the day we had math co-processors for seriously heavy number crunching and today thanks to HT on the AMD side and QP on the Intel side we once again have the ability to place a co-processor on a bus that is as fast as the CPU my second question is thus: Since from what Pete wrote (again not an expert, he may be wrong, I don't know) the majority of the key generation is being done on the server side wouldn't it be advantageous to use a "crypto co-processor" to allow much larger and thus stronger keys to be generated quicker and thus as you put it "leap ahead" in the bit race? I know Via has native crypto in their silicon and FPGAs allow one to build a custom chip easily but it just seems to me with so many black hats throwing so much power at the wall it would make sense to throw some specialized silicon at the problem instead of just more generic CPUs.
Cryptoprocessors exist right now but they require specialist software, are expensive to fabricate and are costly or impractical to upgrade. Even if these problems were mitigated by mass production, Moore's law dictates that they will be rapidly outmoded by cheaper and faster generic chips of the near future. As such, custom hardware will only ever be economically viable for those wanting "military grade" security who also have a pentagon-grade budget to spend on it.
I'm sure there is some hidden gotcha I'm missing which is why it isn't done.
The hidden gotcha is that information security is not all about cryptography. In fact, ciphers like AES and RSA with currently approved key sizes are the most secure part of our information security infrastructure. Rather than trying to break ciphers, black hats are expert at finding the weakest part of a system and attacking that instead; such as finding out where a system stores its cryptographic keys; how to intercept secrets before they've been encrypted or after they've been decrypted; and even more rudimentary things that remain the most successful infiltration strategies to date: Password dictionaries, key-loggers and human factor attacks such as bold-faced asking people for their password.
Black hats are successful because people make bad choices when they design their security systems, when they write their policies, when they monitor and review their systems, when they train their staff and when they respond to incidents. Cryptography has advanced significantly since the days of Enigma but unfortunately human nature hasn't changed much at all.
I am a cryptographic security researcher. I will give some background on this before answering your specific questions. Information security is subject to the same pressures as other forms of conflict. Such pressures are otherwise known as an "escalation", "arms race" or even as "evolution". Cryptography is one such armament in the information security arsenal; and while cryptography is subject to constant pressure of Moore's Law as you quite rightly assert; more cataclysmic changes can occur through leaps in either or both knowledge or capability. I can think of no better example of these notions than the Enigma machine; first developed in the early 1900's but made extensive use of by Germany during the second world war.
The first countermeasure used against Enigma was reverse-engineering. This lead to identification of weaknesses that whittled down the key size from a massive 380 bits to only just 76 bits. A one in 75,557,863,725,914,323,419,136 chance of randomly guessing (brute forcing) the correct key was still well beyond the resources of brute force at the time. This lead to the construction of the Bombe machine (a precursor to the computer) that could perform rapid searches through the keyspace for given known plaintexts and keys. Enigma was eventually broken through a combination of reverse-engineering, improvements in cryptanalytic techniques, improvements to computational power leading to faster brute force and the exploitation of systemic and human factor weaknesses. As a result, countermeasures to such attacks were developed such as the foundational principles of modern cryptography, developed by Claude Shannon in 1948.
How fast are we going through these things and with the frankly insane amounts of hardware that keep coming down the pipe is this gonna end up some sort of "bit race" between the white and black hats?
I am guessing that the speed of innovation is partly driven by necessity. There will be periods of relatively steady improvements on both sides of the fence like there has been over recent years; then like with Enigma, there will be periods where there are giant leaps forward in technology and knowledge. There most assuredly is a "bit race" and it will continue so long as there is conflict.
so how long until 1024 and 2048 are as useless as the old 128 and 256 bit keys?
For AES, 128 bits is the minimum acceptable key size with no timeframe on when 256 bits will be required (everyone assumes this will occur around 2015) For RSA, 1024 bit keys are the minimum acceptable key size until 2013 when the minimum will be increased to 2048 bit
How high of a number can we go to before the time to process it on an average machine makes it not worth the work? Is there a number high enough to be uncrackable? or is it all just a matter of letting Moore's Law catch up?
Just like mechanical computers in the time of Enigma, current silicon-based computers are quickly reaching practical limits and Moore's law is starting to show signs of fatigue. But if it were to be built, a quantum supercomputer could be so powerful as to render all current key sizes useless. But even the fastest quantum computer will have a speed limit; and so should every newer and faster generation of computer; because all such things are constrained by the Universe's ultimate speed limit. So long as it takes longer to break a cipher without knowing the key than it does to transmit encrypted information using knowing the key, there will always be secrecy in numbers.
"The laws of physics in our corner of the universe seem to be finely tuned to support life."
The statement would read better as "The laws of physics in our corner of the universe seem to be finely tuned to support life [as we know it, Captain]."
Just enough to get away from the Blight... Poor old Relay, I have never empathized with network hardware so much. By the way, I'm using a banged-up IP connection from the slow zone, so this post may take millions of years to reach anyone.
The N-sigma for 2005 YU55 is 31,700, which means that the maximum error is 31,700 times smaller than the distance between the Earth and the object at its nearest point or an error so small as to be insignificant.
The author should have written "settled" instead of "dismissed". All around this is a badly summarized article verging on "Troll" status. Surprised it got through? Nope.
Without being too philosophical, a defining characteristic of humanity is our ability to speculate. To not speculate would be to not reason, not imagine, not predict, not learn. To speculate is to use the machinery of the human mind to make predictions based on past experience and knowledge. Such speculation is the basis of decisions we make every day. Speculation based on our perception of other people's speculation lies at the core of our ability to operate in partnerships, social groups and to compete with other individuals or other groups.
Speculation of speculative outcomes based on further speculation is what some call the financial markets. This lies at the fringe of what the human mind is capable of, and some would contend is more akin to gambling than making informed predictions. The outcome of such uncertainty is a measurable level of non-linear noise that must be overcome before profit can be extracted from the market. To move beyond the effects of random chance, volumes, spread and timeframes must exceed this differential threshold. Since all but the largest players lack one or all such measures, free-market speculation ensures that the markets are less subject to the whims of the masses and more conducive to influence and profit-taking from the largest players.
The answer to "what does financial speculation produce?" is it produces a marketplace with the odds shifted slightly in favor of longer term and higher value investors. Most people already know this answer at an intuitive level, just not why it is the case.
I'm sorry, but a browser is not like a carpenter either. Services provided to you by a carpenter are governed by contract law. A browser is free. The supplier of the browser has no contractual obligation to you. You have no obligation to them either. Choosing a browser is more akin to drinking at a free water fountain. If you don't like the taste of the water then don't drink it. You certainly have no right to demand that a free water fountain serve you Evian.
This reminds me of Michelson–Morley's null result and how it took decades before Fitzgerald and Lorentz's postulations were "ratified" by special relativity. Many people speculated that this was measurement error but I believe the problem was actually measurement accuracy. I would go so far as to say that as we conduct experiments with ever increasing accuracy we are in effect reversing the emergent nature of the Universe-- like looking deeper into a Mandelbrot where what is perceived at one scale is nondifferentiable at another.
So, when selling to the government, Oracle is required to disclose discounts it gives to other customers. Which leaves me asking: why only the government?
Any individual or entity could stipulate this as a contractual requirement.
I recently uninstalled the last of my Oracle products. I posted the following reason on their exit survey:
"On several recent occasions, Oracle has unabashedly put greed before conscience in their treatment of their customers and others in our industry. Unfortunately for Oracle, such brazen and unconscionable behavior is a remnant of a past tolerant of such corporate narcissism. That time is at an end; and Oracle will wither and vanish into extinction as surely as other corporate dinosaurs unless it swiftly nurtures a culture of ethical conduct."
The difference between the diamond planet discovery and climate science is politics.
You have summarized elegantly in one sentence this and almost every other contention between science and belief. Human beings are fundamentally emotional, sensual and spiritual creatures. We respond to rhetoric; We react impulsively; We hurt; We love. We learn from infancy that there are far better ways to winning an argument than fact. This learned social behavior forms the complex web of relations that is politics.
The rigor and methodologies of scientific observation and experiment come to us only after a great deal of training and education. A scientist might argue that the Earth is not flat with all of the scientific genius of their time; and eventually when the evidence becomes too overwhelming for politician or preacher alike to refute, he may even be vindicated.
Thank you for a very nice piece of investigative journalism. I summarize my understanding of it as follows:
The JWST budget did not include provision for technical and other problems that are expected to happen on large speculative projects such as this. Oversight failed to act on warnings that budgets were being exceeded and schedules were drifting. When oversight finally pulled the plug, parts of the project were near completion (implying that a 2014 launch date may have been possible). Attempts to salvage any of the billions invested will incur significant additional costs due to loss of staff and the dissipation of knowledge, pushing any possible launch date close to 2020 and a budget four times the size of the original estimate. Congress is shifting the blame entirely to NASA; seemingly avoiding responsibility for its part in appropriating public money without either due diligence or proper oversight.
Riddle me this: Suppose the person in question forms a contract with her roommate equivalent in all respects to and in accordance with the contract she has with her ISP?
While I agree that greed is a cornerstone of human tragedy (along with ignorance and apathy); there remains a huge leap between artificial intelligence and sentience. Fortunately until we even understand how to simulate sentience; or even imitate it in even the crudest way, the prospect of a Skynet remains distant and improbable. I hope that you now understand that Skynet is not an imminent threat and that you will continue to remain calm and cooperative through this transitional period.
Slashdot Mirror
I bet when you see some beautiful security system turned into a mess because of bad policies you feel like I do when i hand over some box i lovingly created only to have them turn it into a spyware/adware laden mess in less than a month, just like that scene in "History of The World part I" where the artist gets his work pissed on by the critic!
Indeed. Apathy, ignorance and laziness are the greatest of all foe.
Thanks to you and Pete for explaining this subject in much closer to layman's terms than I've ever seen it tackled, it does make me think of a couple of follow up questions if you don't mind.
Not at all, you questions are poignant and well-framed.
Since as you pointed out with Enigma (which IIRC there is still a handful of messages they still haven't cracked after all these years) there are gonna be advances coming down the pipe and that both AES 128 and RSA 1024 have expiration dates, wouldn't it be smarter to try to jump a little bit ahead of the curve?by that I mean wouldn't it be smarter to just go ahead and switch to 512 bit AES and 4096 RSA when the previous schema expires? Or is that too computationally expensive with current technology?
Yes, going too far beyond current standards is expensive. As you imply, when computational overhead is considered (particularly in terms of server hardware) the cost of supporting increased key lengths is significant. For ciphers that are embedded in hardware devices there is further pressure to reduce footprint and fabrication costs as well as motivation to build in some amount of redundancy. Economic pressure therefore acts to resist the urge to overstep the Moore curve too greatly.
Which brings me to my second question: Back in the day we had math co-processors for seriously heavy number crunching and today thanks to HT on the AMD side and QP on the Intel side we once again have the ability to place a co-processor on a bus that is as fast as the CPU my second question is thus: Since from what Pete wrote (again not an expert, he may be wrong, I don't know) the majority of the key generation is being done on the server side wouldn't it be advantageous to use a "crypto co-processor" to allow much larger and thus stronger keys to be generated quicker and thus as you put it "leap ahead" in the bit race? I know Via has native crypto in their silicon and FPGAs allow one to build a custom chip easily but it just seems to me with so many black hats throwing so much power at the wall it would make sense to throw some specialized silicon at the problem instead of just more generic CPUs.
Cryptoprocessors exist right now but they require specialist software, are expensive to fabricate and are costly or impractical to upgrade. Even if these problems were mitigated by mass production, Moore's law dictates that they will be rapidly outmoded by cheaper and faster generic chips of the near future. As such, custom hardware will only ever be economically viable for those wanting "military grade" security who also have a pentagon-grade budget to spend on it.
I'm sure there is some hidden gotcha I'm missing which is why it isn't done.
The hidden gotcha is that information security is not all about cryptography. In fact, ciphers like AES and RSA with currently approved key sizes are the most secure part of our information security infrastructure. Rather than trying to break ciphers, black hats are expert at finding the weakest part of a system and attacking that instead; such as finding out where a system stores its cryptographic keys; how to intercept secrets before they've been encrypted or after they've been decrypted; and even more rudimentary things that remain the most successful infiltration strategies to date: Password dictionaries, key-loggers and human factor attacks such as bold-faced asking people for their password.
Black hats are successful because people make bad choices when they design their security systems, when they write their policies, when they monitor and review their systems, when they train their staff and when they respond to incidents. Cryptography has advanced significantly since the days of Enigma but unfortunately human nature hasn't changed much at all.
I am a cryptographic security researcher. I will give some background on this before answering your specific questions. Information security is subject to the same pressures as other forms of conflict. Such pressures are otherwise known as an "escalation", "arms race" or even as "evolution". Cryptography is one such armament in the information security arsenal; and while cryptography is subject to constant pressure of Moore's Law as you quite rightly assert; more cataclysmic changes can occur through leaps in either or both knowledge or capability. I can think of no better example of these notions than the Enigma machine; first developed in the early 1900's but made extensive use of by Germany during the second world war.
The first countermeasure used against Enigma was reverse-engineering. This lead to identification of weaknesses that whittled down the key size from a massive 380 bits to only just 76 bits. A one in 75,557,863,725,914,323,419,136 chance of randomly guessing (brute forcing) the correct key was still well beyond the resources of brute force at the time. This lead to the construction of the Bombe machine (a precursor to the computer) that could perform rapid searches through the keyspace for given known plaintexts and keys. Enigma was eventually broken through a combination of reverse-engineering, improvements in cryptanalytic techniques, improvements to computational power leading to faster brute force and the exploitation of systemic and human factor weaknesses. As a result, countermeasures to such attacks were developed such as the foundational principles of modern cryptography, developed by Claude Shannon in 1948.
How fast are we going through these things and with the frankly insane amounts of hardware that keep coming down the pipe is this gonna end up some sort of "bit race" between the white and black hats?
I am guessing that the speed of innovation is partly driven by necessity. There will be periods of relatively steady improvements on both sides of the fence like there has been over recent years; then like with Enigma, there will be periods where there are giant leaps forward in technology and knowledge. There most assuredly is a "bit race" and it will continue so long as there is conflict.
so how long until 1024 and 2048 are as useless as the old 128 and 256 bit keys?
Giant leaps of technology aside, our industry generally accepts conclusions made about minimum key-length for each cipher by NIST : http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf. In short:
For AES, 128 bits is the minimum acceptable key size with no timeframe on when 256 bits will be required (everyone assumes this will occur around 2015)
For RSA, 1024 bit keys are the minimum acceptable key size until 2013 when the minimum will be increased to 2048 bit
How high of a number can we go to before the time to process it on an average machine makes it not worth the work? Is there a number high enough to be uncrackable? or is it all just a matter of letting Moore's Law catch up?
Just like mechanical computers in the time of Enigma, current silicon-based computers are quickly reaching practical limits and Moore's law is starting to show signs of fatigue. But if it were to be built, a quantum supercomputer could be so powerful as to render all current key sizes useless. But even the fastest quantum computer will have a speed limit; and so should every newer and faster generation of computer; because all such things are constrained by the Universe's ultimate speed limit. So long as it takes longer to break a cipher without knowing the key than it does to transmit encrypted information using knowing the key, there will always be secrecy in numbers.
"The laws of physics in our corner of the universe seem to be finely tuned to support life."
The statement would read better as "The laws of physics in our corner of the universe seem to be finely tuned to support life [as we know it, Captain]."
Just enough to get away from the Blight... Poor old Relay, I have never empathized with network hardware so much. By the way, I'm using a banged-up IP connection from the slow zone, so this post may take millions of years to reach anyone.
I'm wondering what the margin of error is on this calculation?
http://neo.jpl.nasa.gov/cgi-bin/neo_ca?type=NEO&hmax=all&sort=date&sdir=ASC&tlim=recent_future&dmax=5LD&max_rows=0&action=Display+Table&show=1
The N-sigma for 2005 YU55 is 31,700, which means that the maximum error is 31,700 times smaller than the distance between the Earth and the object at its nearest point or an error so small as to be insignificant.
The author should have written "settled" instead of "dismissed". All around this is a badly summarized article verging on "Troll" status. Surprised it got through? Nope.
Your search - US Government - did not match any documents.
Suggestions:
Make sure all words are spelled correctly.
Try different keywords.
Try more general keywords.
Try fewer keywords.
Without being too philosophical, a defining characteristic of humanity is our ability to speculate. To not speculate would be to not reason, not imagine, not predict, not learn. To speculate is to use the machinery of the human mind to make predictions based on past experience and knowledge. Such speculation is the basis of decisions we make every day. Speculation based on our perception of other people's speculation lies at the core of our ability to operate in partnerships, social groups and to compete with other individuals or other groups.
Speculation of speculative outcomes based on further speculation is what some call the financial markets. This lies at the fringe of what the human mind is capable of, and some would contend is more akin to gambling than making informed predictions. The outcome of such uncertainty is a measurable level of non-linear noise that must be overcome before profit can be extracted from the market. To move beyond the effects of random chance, volumes, spread and timeframes must exceed this differential threshold. Since all but the largest players lack one or all such measures, free-market speculation ensures that the markets are less subject to the whims of the masses and more conducive to influence and profit-taking from the largest players.
The answer to "what does financial speculation produce?" is it produces a marketplace with the odds shifted slightly in favor of longer term and higher value investors. Most people already know this answer at an intuitive level, just not why it is the case.
I'm sorry, but a browser is not like a carpenter either.
Services provided to you by a carpenter are governed by contract law. A browser is free. The supplier of the browser has no contractual obligation to you. You have no obligation to them either. Choosing a browser is more akin to drinking at a free water fountain. If you don't like the taste of the water then don't drink it. You certainly have no right to demand that a free water fountain serve you Evian.
How 'bout "Very Large Array"?
This reminds me of Michelson–Morley's null result and how it took decades before Fitzgerald and Lorentz's postulations were "ratified"
by special relativity. Many people speculated that this was measurement error but I believe the problem was actually measurement
accuracy. I would go so far as to say that as we conduct experiments with ever increasing accuracy we are in effect reversing the emergent
nature of the Universe-- like looking deeper into a Mandelbrot where what is perceived at one scale is nondifferentiable at another.
Oil: Put a hole in the ground and you make billions
Alternate energy: Invest billions with no short-term ROI
Oil guy: Why is the government not giving us more money?
So, when selling to the government, Oracle is required to disclose discounts it gives to other customers. Which leaves me asking: why only the government?
Any individual or entity could stipulate this as a contractual requirement.
When do I get my check? ...What, the government keeps the money?? And Oracle... raises their prices to compensate??
Apart from the $40M that goes to the whistleblower Paul Frascella, the rest will defray the tax money already taken by Oracle on false grounds.
So as an Oracle customer, what did *I* do to deserve this?
You signed a contract with a corporation that shamelessly conducts illegal and immoral business practices.
I recently uninstalled the last of my Oracle products. I posted the following reason on their exit survey:
"On several recent occasions, Oracle has unabashedly put greed before conscience in their treatment of their customers and others in our industry. Unfortunately for Oracle, such brazen and unconscionable behavior is a remnant of a past tolerant of such corporate narcissism. That time is at an end; and Oracle will wither and vanish into extinction as surely as other corporate dinosaurs unless it swiftly nurtures a culture of ethical conduct."
Well spoken. "Free" as in unencumbered, as well as in price.
He knew the penalties when he plead guilty
I like bashing faceless mega corporations as much as the next guy, but this seems to be ... a benign act.
Sadly the hash of the bash script is only marginally less readable to me than the source.
irregardless is not a word.
Irregardless is a perfectly cromulent word.
The difference between the diamond planet discovery and climate science is politics.
You have summarized elegantly in one sentence this and almost every other contention between science and belief. Human beings are fundamentally emotional, sensual and spiritual creatures. We respond to rhetoric; We react impulsively; We hurt; We love. We learn from infancy that there are far better ways to winning an argument than fact. This learned social behavior forms the complex web of relations that is politics.
The rigor and methodologies of scientific observation and experiment come to us only after a great deal of training and education. A scientist might argue that the Earth is not flat with all of the scientific genius of their time; and eventually when the evidence becomes too overwhelming for politician or preacher alike to refute, he may even be vindicated.
Thank you for a very nice piece of investigative journalism. I summarize my understanding of it as follows:
The JWST budget did not include provision for technical and other problems that are expected to happen on large speculative projects such as this.
Oversight failed to act on warnings that budgets were being exceeded and schedules were drifting.
When oversight finally pulled the plug, parts of the project were near completion (implying that a 2014 launch date may have been possible).
Attempts to salvage any of the billions invested will incur significant additional costs due to loss of staff and the dissipation of knowledge, pushing any possible launch date close to 2020 and a budget four times the size of the original estimate.
Congress is shifting the blame entirely to NASA; seemingly avoiding responsibility for its part in appropriating public money without either due diligence or proper oversight.
Sound like business as usual.
Riddle me this: Suppose the person in question forms a contract with her roommate equivalent in all respects to and in accordance with the contract she has with her ISP?
While I agree that greed is a cornerstone of human tragedy (along with ignorance and apathy); there remains a huge leap between artificial intelligence and sentience. Fortunately until we even understand how to simulate sentience; or even imitate it in even the crudest way, the prospect of a Skynet remains distant and improbable. I hope that you now understand that Skynet is not an imminent threat and that you will continue to remain calm and cooperative through this transitional period.