Note that just a few years ago Clinton ran several years of surplus budgets and paid down some of the debt, without the trillions in cuts that Obama's austerity bullshit includes. It is possible, but it seems the last okay politicians from the 90's are now gone.
The OTP is an encryption scheme, not a full protocol. A full protocol would also contain a message authentication system. Not that this is easy or obvious - the very recent pgp/gpg flaw was due to an attack somewhat like what you suggest. The proper fix to that flaw was to add a message authentication step to the protocol.
As other poeple pointed out - several encryption scheme (e.g. some stream cyphers) - use (Message) XOR (pseudo-random pad) and have the same plaintext issue.
My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'.
Information theory proves that the One-Time Pad (OTP) is optimal - it cannot be improved.
The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).
The OTP has no known-plaintext vulnerability. By submitting even a chosen plaintext to be encrypted, and studying the encrypted message, you only learn the piece of the One-Time pad used on your own content. It does not help you break any other part of any other message.
The only way to break a OTP is to get a copy the pad or by breaking the random number generator used to create the pad.
This post's claim is the usual nonsense. So patent it if you wish - release it if you wish - I doubt anyone will find it usable.
From: Lord Greyhawk To: david.madore@ens.fr Cc: Bcc: Subject: http://www.eleves.ens.fr:8080/home/madore/misc/fre espeech.html Reply-To:
A few things to note about your proposal. You say
"This will give you a new pad: it is also made of completely random data, but XORing it together with the pads you have selected will give back the hidden data, padded (pun unintended) with zeroes."
Clearly you do not want a the plain text to be predictably padded with zeros. This is even more vital with XOR. If I combine N pads to make pad P that ends in the same sequence as Q then I know Q is the last pad needed to decrypt the message. Similary, I could make a catalog of pairs of pads, and check their endings with P to find the pair needed to finish decrypting the message. Continue with a catalog of three pads....
You should really obfuscate the message before creating the pad so the plain text is scrambled before the XOR operations. Terminating in zeros is a very very obvious mistake (even at 4:30AM).
Also, there is another method to defeat such catalogs once and for all. Simply rotate the start position of each pad, e.g. start with byte 10,487 and eventually wrap around to the beginning and end with 10,486.
So you XOR with 6 pads, chosen from 200 which would be a keyspace of 82,408,626,300 (which is only 36 bits...very weak in that regard) and then specify 6 rotations (of which 5 add security) and now you have 82 billion * (128k)^5 keys which is about 121 bits. Almost up to the standard 128 bits used in secure SSL. If the sixth rotation is allowed to count, then the effective key length is up to 138.
"Pads should be mirrored as much as possible around the Internet. However, no single site should ever mirror all the pads - nor a too large fraction of them."
Why? Any attacker can simply download all the pads. This is the fastest part of any attack. I download 650MB CDROM images, which would be over 5000 pads worth. If the attacker knows you likely did not try certain subsets of pads, then that help the attacker narrow down the search. So if is is known that all 6 pads are not on the same server, that helps the attacker.
If all servers are full mirrors then shutting some down does not help stop the information, you would have to kill them all.
MIT has campus computing labs with solaris and IRIX. To get future NT client to work with the existing Kerberos Authentication server, they are forced to modify NT source code. (Part of project Pismere http://web.mit.edu/pismere/)
They will also have NT mount user home directories off of the Andrew File System (AFS).
Re:How will this affect the parties in power?
on
Voting over the net?
·
· Score: 1
Those who represent the have-nots could setup a (possible fully mobile laptop) terminal in a poor neighborhood. Then on election day, it would be easier to get people involved.
Heck it might even be legal under such a law to bring the laptop door-to-door.
Of course, there is always the rampant voter fraud to consider.....
The government of the USA is committed to extending voter apathy into the 21st century, 22nd century....
The Repulicans bitterly opposed the Motor-Voter law which let people register to vote when they renewed driver's licenses (too many poor / working class people would find it easy to register).
They hold voting for one day on a Tuesday (not a holiday) to allow WORK to interfere with voting. They will never change this anymore than the campaign finance laws will ever be changed. They incumbant politicians will never radically change the subset of people who vote, ever.
Executive summary pdf link: http://www.dhbrown.com/dhbrown/downldbl/linux.pd f
This contains FUD at higher level than that found in ZDNet.
Pay attention to how SMP and Linux is "covered" on pages 7-9 begin quote: By boosting the number of locks to somewhere between 10 and 100, the Linux 2.2.5 kernel used by OpenLinux 2.2 should improve its SMP scalability somewhat. But while Linux 2.2 systems can boot on an SMP system with up to eight processors, useful SMP deployment at current levels of granularity has not yet been proven. Little industry-standard or even proprietary benchmark evidence has emerged that demonstrates the performance improvements of database or Web server applications running on SMP systems under any Linux distribution. Although Linux has been tested on a variety of SMP systems, booting on eight-processor systems is far different from demonstrating improved performance on mixed throughput workloads or multi-threaded database applications. :end quote
Rather than doing RESEARCH and STUDY, they merely report the # of CPUs used in previously published NT and Commercial Unix benchmarks. (They do not print the actual benchmark results here). The number of CPUs used is a virtually useless comparative benchmark. Since they selected two benchmarks where there are no previously published Linux results, they report nothing for Linux. This is used to portray Linux as hopelessly inferior, without actually having to do any work. Check out how they put Linux at 0 CPUs on the graphs. I thought only Microsoft would do something so obviously corrupt and shameless.
Method: Claim Linux is inferior. Do no benchmarking yourself, but make the lack of data for Linux sound ominously bad. Put in some fancy graphs of useless values selected only for their ability to make Linux look worthless at first glance.
It is amazing people will pay DHBrown for a report of this quality.
If they need evidence to convict the living, then why parade names of murdered doctors? Why highlight the names of those who are wounded? You cannot convict the dead of minor crimes. Are they supposed to spy on tombstones?
Is lying a sin? So you REALLY BELIEVE what you wrote? Do christians need to LIE to people about their motives?
Why list judges and law enforcement? They are just doing their jobs. If you convicted them a minor crime then others will do the same job. And if I am wrong and they DON"T do their jobs, then the entire system of justice will go down the tubes.
It also listed names of politicians, judges, law enforcement, and spouses, in the list where
Legend: Black font (working); Greyed-out Name (wounded); Strikethrough (fatality)
Above the list is an animated gif of dripping blood.
This is clearly a direct request for someone to cause harm to these individuals. Threatening to kill someone is NOT a small crime. Threating to kill judges will ensure you lose in court. There is no doubt to me that this was a correct decision.
As to those who fear for the loss of free speach on the internet, this is not the case that will set that kind of precedent. There is no new precedent here. Death threats are illegal spoken, written, in braille, as semaphore code, fax'd, email'd, or posted on a web page.
Someone above mentioned prior restraint. This case is not about preventing publication. The publication has already happened here. Anyone can usually put up information on the internet without being stopped first.
This ID is not good for a) E-Commerce..many people use one computer at home and one person uses many computers at work. There is no one to one ratio. b) And unless there is a compulsive registry of ID to purchaser then knowing a criminal's ID does not help you find them. c) If there is a no-ID patch like the article said, then stolen computers will just be patched, therefore no problem. Unless it is only a PARTIAL patch, then it is really not a opt-out patch at all.
This ID is perfect for one and only one thing. Software companies can sell software licensed only to work on a specific CPU. They could sell software over the internet knowing it can only be run on the target machine. Kind of the ultimate proprietary software. To be any more securely restrictive you would have to sell it as a ROM.....
I am in boston, listening to the Connections program. Running Summary:
1) Interviewer likes to hear his own voice far too much. Knows reatively nothing and admits it. [RMS opens with source code versus recipe analogy.] 2) RMS made it sound like the Unix compatable "GNU" operating system (we know it as linux) was his idea. [ Linus has yet to be mentioned. ] [note: HURD was not what he is talking about] 3) He is plugging GNOME a great deal. 4) He is listing free application types that are being developed. (Word Processor, Power Point like, encryted mail, etc) 5) Caller to show: Says he uses free software (BIND, SENDMAIL). Caller says he differs with the extemism of RMS. Discussion follows... Caller is plugging quality of free software (written by users to be useful) and proprietary software (written to be sold and make money). 6) New Caller (Gary): calls RMS "a national treasure". -=-=-=- 6) continued: Discussion of microsoft, monopoly. RMS points out all proprietary software companies, not just microsoft, are bad. 7) RMS compares copyright software laws (some as proposed by Clinton) to the old USSR information policies. -=-=-=- Commercial break -=-=-=- (Interviewer talks alot) (7-15 million people use the "GNU System") 8) distracted side discussion on DOW high. 9) RMS (not exact quotes): Free software is neither for nor against business. Lends itself to support business. Mentions other kinds of companies dealing with free software. 10) RMS makes elegant example on how free software helps one get bugs in software fixed. 11) Caller (Matt on car phone): Uses gcc, meantions "Linus Torvald's Linux". Matt writes both free and for profit software (for his living). Says there is a place for both types of software. (e.g. says proprietary compilers are better due to huge $$ investment). RMS defends by saying in 1991 gcc was better. 12) Caller (Jodi - libertarian capitalist): Challanges the judgementalism of RMS. RMS compares paper compaines pouring poison into a river to the pollution from the lack of good will due to proprietary restrictions (very very paraphrased). RMS discusses how he made money while writing free software. 13) Another Gary calls in: Incoherent run on first sentence. Cites flight simulator? Cannot understand his point in 10 words or less. RMS finially says "GNU/Linux system". 14) "Free speach, not fee Beer" emphasied again. 15) Back to copyright system in general in the USA. RMS points out the constitional wording on copyright, and its historical context (only people with printing presses were really restricted at the time). 16) Caller (Lisa - linux user (redhat), but not a programmer) : Interviewer asks if she is a genius (He mentioned this point before, you must be really smart). Lisa mentions it crashes less. [RMS plugs GNOME again]. Lisa mentions Linux runs faster. RMS corrects her, she is using "GNU/Linux". 17) www.gnu.org mentioned -=-=-=-=-=- End of program -=-=-=-=-=-
I am in boston, listening to the Connections program. Running Summary:
1) Interviewer likes to hear his own voice far too much. Knows reatively nothing and admits it. [RMS opens with source code versus recipe analogy.] 2) RMS made it sound like the Unix compatable "GNU" operating system (we know it as linux) was his idea. [ Linus has yet to be mentioned. ] [note: HURD was not what he is talking about] 3) He is plugging GNOME a great deal. 4) He is listing free application types that are being developed. (Word Processor, Power Point like, encryted mail, etc) 5) Caller to show: Says he uses free software (BIND, SENDMAIL). Caller says he differs with the extemism of RMS. Discussion follows... Caller is plugging quality of free software (written by users to be useful) and proprietary software (written to be sold and make money). 6) New Caller (Gary): calls RMS "a national treasure".
Slashdot Mirror
You are wrong.
Note that just a few years ago Clinton ran several years of surplus budgets and paid down some of the debt, without the trillions in cuts that Obama's austerity bullshit includes. It is possible, but it seems the last okay politicians from the 90's are now gone.
There is a confusion of purpose here.
The OTP is an encryption scheme, not a full protocol. A full protocol would also contain a message authentication system. Not that this
is easy or obvious - the very recent pgp/gpg flaw was due to an attack somewhat like what you suggest. The proper fix to that flaw was to add a message authentication step to the protocol.
As other poeple pointed out - several encryption scheme (e.g. some stream cyphers) - use (Message) XOR (pseudo-random pad) and have the same plaintext issue.
As an encryption scheme, the OTP is optimal.
My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'.
Information theory proves that the One-Time Pad (OTP) is optimal - it cannot be improved.
The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).
The OTP has no known-plaintext vulnerability. By submitting even a chosen plaintext to be encrypted, and studying the encrypted message, you only learn the piece of the One-Time pad used on your own content. It does not help you break any other part of any other message.
The only way to break a OTP is to get a copy the pad or by breaking the random number generator used to create the pad.
This post's claim is the usual nonsense. So patent it if you wish - release it if you wish - I doubt anyone will find it usable.
From: Lord Greyhawke espeech.html
To: david.madore@ens.fr
Cc:
Bcc:
Subject: http://www.eleves.ens.fr:8080/home/madore/misc/fr
Reply-To:
A few things to note about your proposal. You say
"This will give you a new pad: it is also made of completely random
data, but XORing it together with the pads you have selected will give
back the hidden data, padded (pun unintended) with zeroes."
Clearly you do not want a the plain text to be predictably padded with
zeros. This is even more vital with XOR. If I combine N pads to make
pad P that ends in the same sequence as Q then I know Q is the last pad
needed to decrypt the message. Similary, I could make a catalog of pairs
of pads, and check their endings with P to find the pair needed to finish
decrypting the message. Continue with a catalog of three pads....
You should really obfuscate the message before creating the pad so the
plain text is scrambled before the XOR operations. Terminating in zeros
is a very very obvious mistake (even at 4:30AM).
Also, there is another method to defeat such catalogs once and for all.
Simply rotate the start position of each pad, e.g. start with byte 10,487
and eventually wrap around to the beginning and end with 10,486.
So you XOR with 6 pads, chosen from 200 which would be a keyspace
of 82,408,626,300 (which is only 36 bits...very weak in that regard) and
then specify 6 rotations (of which 5 add security) and now you have
82 billion * (128k)^5 keys which is about 121 bits. Almost up to the
standard 128 bits used in secure SSL. If the sixth rotation is allowed to
count, then the effective key length is up to 138.
"Pads should be mirrored as much as possible around the
Internet. However, no single site should ever mirror all the pads -
nor a too large fraction of them."
Why? Any attacker can simply download all the pads. This is the
fastest part of any attack. I download 650MB CDROM images, which
would be over 5000 pads worth. If the attacker knows you likely did
not try certain subsets of pads, then that help the attacker narrow
down the search. So if is is known that all 6 pads are not on the
same server, that helps the attacker.
If all servers are full mirrors then shutting some down does not help
stop the information, you would have to kill them all.
You can even fix NT, if you have the source code.
MIT has campus computing labs with solaris and
IRIX. To get future NT client to work with the
existing Kerberos Authentication server, they
are forced to modify NT source code.
(Part of project Pismere http://web.mit.edu/pismere/)
They will also have NT mount user home
directories off of the Andrew File System (AFS).
Those who represent the have-nots could setup a (possible fully mobile laptop) terminal in a poor neighborhood. Then on election day, it would be easier to get people involved.
Heck it might even be legal under such a law to bring the laptop door-to-door.
Of course, there is always the rampant voter fraud to consider.....
The government of the USA is committed to extending voter apathy into the 21st century, 22nd century....
The Repulicans bitterly opposed the Motor-Voter law which let people register to vote when they renewed driver's licenses (too many poor / working class people would find it easy to register).
They hold voting for one day on a Tuesday (not a holiday) to allow WORK to interfere with voting.
They will never change this anymore than the campaign finance laws will ever be changed. They incumbant politicians will never radically change the subset of people who vote, ever.
Executive summary pdf link:d f
http://www.dhbrown.com/dhbrown/downldbl/linux.p
This contains FUD at higher level than that found in ZDNet.
Pay attention to how SMP and Linux is "covered" on pages 7-9
begin quote:
By boosting the number of locks to somewhere between 10 and 100, the Linux 2.2.5 kernel used by OpenLinux 2.2 should improve its SMP scalability somewhat. But while Linux 2.2 systems can boot on an SMP system with up to eight processors, useful SMP deployment at current levels of granularity has not yet been proven. Little industry-standard or even proprietary benchmark evidence has emerged that demonstrates the performance improvements of
database or Web server applications running on SMP systems under any Linux distribution. Although Linux has been tested on a variety of SMP systems, booting on eight-processor systems is far
different from demonstrating improved performance on mixed throughput workloads or multi-threaded database applications.
:end quote
Rather than doing RESEARCH and STUDY, they merely report the # of CPUs used in previously published NT and Commercial Unix benchmarks. (They do not print the actual benchmark results here). The number of CPUs used is a virtually useless comparative benchmark. Since they selected two benchmarks where there are no previously published Linux results, they report nothing for Linux. This is used to portray Linux as hopelessly inferior, without actually having to do any work. Check out how they put Linux at 0 CPUs on the graphs. I thought only Microsoft would do something so obviously corrupt and shameless.
Method: Claim Linux is inferior. Do no benchmarking yourself, but make the lack of data for Linux sound ominously bad. Put in some fancy graphs of useless values selected only for their ability to make Linux look worthless at first glance.
It is amazing people will pay DHBrown for a report of this quality.
If they need evidence to convict the living, then why parade names of murdered doctors? Why highlight the names of those who are wounded? You cannot convict the dead of minor crimes. Are they supposed to spy on tombstones?
Is lying a sin? So you REALLY BELIEVE what you wrote? Do christians need to LIE to people about their motives?
Why list judges and law enforcement? They are just doing their jobs. If you convicted them a minor crime then others will do the same job. And if I am wrong and they DON"T do their jobs, then the entire system of justice will go down the tubes.
It also listed names of politicians, judges, law enforcement, and spouses, in the list where
Legend: Black font (working); Greyed-out Name (wounded); Strikethrough (fatality)
Above the list is an animated gif of dripping blood.
This is clearly a direct request for someone to cause harm to these individuals. Threatening to kill someone is NOT a small crime. Threating to kill judges will ensure you lose in court. There is no doubt to me that this was a correct decision.
As to those who fear for the loss of free speach on the internet, this is not the case that will set that kind of precedent. There is no new precedent here. Death threats are illegal spoken, written, in braille, as semaphore code, fax'd, email'd, or posted on a web page.
Someone above mentioned prior restraint. This case is not about preventing publication. The publication has already happened here. Anyone can usually put up information on the internet without being stopped first.
It seems that http://www.toysrussucks.com is a real site....interesting...
We seem to have /.'ed the counter on the web page to death.....
This ID is not good for
a) E-Commerce..many people use one computer at home and one person uses many computers at work. There is no one to one ratio.
b) And unless there is a compulsive registry of ID to purchaser then knowing a criminal's ID does not help you find them.
c) If there is a no-ID patch like the article said, then stolen computers will just be patched, therefore no problem. Unless it is only a PARTIAL patch, then it is really not a opt-out patch at all.
This ID is perfect for one and only one thing. Software companies can sell software licensed only to work on a specific CPU. They could sell software over the internet knowing it can only be run on the target machine. Kind of the ultimate proprietary software. To be any more securely restrictive you would have to sell it as a ROM.....
Such obvious trolling......
I am in boston, listening to the Connections program. Running Summary:
1) Interviewer likes to hear his own voice far too much. Knows reatively nothing and admits it.
[RMS opens with source code versus recipe analogy.]
2) RMS made it sound like the Unix compatable "GNU" operating system (we know it as linux) was his idea. [ Linus has yet to be
mentioned. ] [note: HURD was not what he is talking about]
3) He is plugging GNOME a great deal.
4) He is listing free application types that are being developed. (Word Processor, Power Point like, encryted mail, etc)
5) Caller to show: Says he uses free software (BIND, SENDMAIL). Caller says he differs with the extemism of RMS. Discussion follows... Caller is plugging quality of free software (written by users to be useful) and proprietary software (written to be sold and make money).
6) New Caller (Gary): calls RMS "a national treasure".
-=-=-=-
6) continued: Discussion of microsoft, monopoly. RMS points out all proprietary software companies, not just microsoft, are bad.
7) RMS compares copyright software laws (some as proposed by Clinton) to the old USSR information policies.
-=-=-=- Commercial break -=-=-=-
(Interviewer talks alot)
(7-15 million people use the "GNU System")
8) distracted side discussion on DOW high.
9) RMS (not exact quotes): Free software is neither for nor against business. Lends itself to support business. Mentions other kinds of companies dealing with free software.
10) RMS makes elegant example on how free software helps one get bugs in software fixed.
11) Caller (Matt on car phone): Uses gcc, meantions "Linus Torvald's Linux". Matt writes both free and for profit software (for his living). Says there is a place for both types of software. (e.g. says proprietary compilers are better due to huge $$ investment). RMS defends by saying in 1991 gcc was better.
12) Caller (Jodi - libertarian capitalist): Challanges the judgementalism of RMS. RMS compares paper compaines pouring poison into a river to the pollution from the lack of good will due to proprietary restrictions (very very paraphrased). RMS discusses how he made money while writing free software.
13) Another Gary calls in: Incoherent run on first sentence. Cites flight simulator? Cannot understand his point in 10 words or less. RMS finially says "GNU/Linux system".
14) "Free speach, not fee Beer" emphasied again.
15) Back to copyright system in general in the USA. RMS points out the constitional wording on copyright, and its historical context (only people with printing presses were really restricted at the time).
16) Caller (Lisa - linux user (redhat), but not a programmer) : Interviewer asks if she is a genius (He mentioned this point before, you must be really smart). Lisa mentions it crashes less. [RMS plugs GNOME again]. Lisa mentions Linux runs faster. RMS corrects her, she is using "GNU/Linux".
17) www.gnu.org mentioned
-=-=-=-=-=- End of program -=-=-=-=-=-
I am in boston, listening to the Connections program. Running Summary:
1) Interviewer likes to hear his own voice far too much. Knows reatively nothing and admits it.
[RMS opens with source code versus recipe analogy.]
2) RMS made it sound like the Unix compatable "GNU" operating system (we know it as linux) was his idea. [ Linus has yet to be mentioned. ] [note: HURD was not what he is talking about]
3) He is plugging GNOME a great deal.
4) He is listing free application types that are being developed. (Word Processor, Power Point like, encryted mail, etc)
5) Caller to show: Says he uses free software (BIND, SENDMAIL). Caller says he differs with the extemism of RMS. Discussion follows... Caller is plugging quality of free software (written by users to be useful) and proprietary software (written to be sold and make money).
6) New Caller (Gary): calls RMS "a national treasure".
more to follow..see replies