> An FBI agent knocks on some guy's door. The guy asks to see some ID, and the FBI agent produces his official FBI badge. The guy takes one look at it and says, > "You can't fool me, that's a fake...it looks nothing like the ones on the X-Files!"
That's actually an interesting point. How does one deal with authentication issues like that if faced with an Law-Enforcement officer? Sure they can...if they do things right, show you their badge but then what?
1. Do you have a right to actually take that badge and/or ID into your hands to inspect it fully?
2. Can you write the details down or make a scan/photo copy?
3. If you do not believe the ID, the seal or badge (and officer) to be authentically what/who they claim to be, do you still have to do what they say (and can you be charged with, for example, resisting arrest if so)?
4. If 3 is the case, what are the options to verify such ID's, seals etc.?
> CIA assassins are probably right now preparing to kill everyone having any involvement with wikileaks whatsoever. And probably friends and relatives of said people as well since they don't know who exactly > is holding the AES key. More likely they will torture the first few victims to find out everyone who has a copy of the AES key and then eliminate those people.
Well, while there's certainly full-scale surveillance etc. going on (Assange and his staff are fully expecting this from the looks of it) nobody will get killed. At least not in the fashion you describe. Why? Because it doesn't bring anything except very bad publicity. In fact, enemies of the US are MORE likely to even just kidnap some WikiLeaks folks or their loved one's because everybody will then assume it was the US gov. So it's quite a can of worms actually. Besides...the key likely has been split into several parts and disseminated accordingly. To give it to people nearby would be exceptionally foolish, since through simple traffic-analysis and other forms of surveillance those people (staff, friends, family etc.) are already nicely catalogued from all observing agencies and are thus unsuitable as key-holders. For all we know, it's in the hands of some unknown attorney in Bumfuck, Illinois and his cousin Ed from New Mexico. More likely, the already approached 3 news outlets, that published part of the material, each have a portion of the key and could together assemble it and have existing instructions and agreements. They in turn would have little to fear from being searched and even if, have likewise the key (simple envelope) deposited at some person of trust out of house without a paper trail. With other words...nobody knows where the (parts of the) key possibly are and killing folks won't make it any different nor prevent it from becoming public if desired.
> According to The Register, there is a huge encrypted file up on wikileaks now, called 'insurance.'
I guess, perhaps now we'll find out if AES-256 is secure or not, since with very high certainty just about every 3-letter agency around the world started cracking on it minutes after it was posted.
> and have better privacy delete the others when I quit firefox.
I still can't believe, the Mozilla Devs removed the fabulous Clear History Popup window on exit. That was one of the best features of the browser, IMHO (friends and family agree)!!
(Yes, I know about askforsanitize...it works but looks very ugly.)
Thankfully...No. When others 'had' to be on AOL I was already using the Internet and thought the idea of a closed-up 'walled garden' system rather silly. I still do, but won't go into details so that certain fruit-fans won't go into collective seizures again...:-)
> Home phone? Really? How many people own those things any more? > Why would you buy one, when cell phones are ubiquitous and work equally well inside houses?
Where I live the phone company still forces you to have and pay for a landline when you want a DSL plan. I don't even have the phone plugged in...
> This annoys the crap out of you because you had some strange unnatural urge to see it fail, so you denigrate all those people. > Millions of people have purchased iPads and our happy with them. If you chose to believe it is because they are not as smart as you, > they have medications that will help with your delusions.
> And what particular non-corporation made device are you surfing the internet with today?
A very corporate one actually. And I don't give myself to the illusion of 'sticking it to da man' by buying products of only a particular company where even Microsoft appears to be more open and less controlling...
Don't get me wrong...I really don't care what people end up buying and using. Love the free market. I just don't like the cult'ish lock-in (nevermind technological one's) Apple has managed to pull off. It's at a point, where the actual technology of the devices has become less relevant than owning said device. Kinda like having a Mercedes mainly for status, not for the actual engineering. There's something very distasteful about that (for me at least).
> I haven't purchased an iPad, and I am an incredibly satisfied (not) buyer.
That's because you actually can Think Different, unlike the pathetic iPadophiles that actually stand in line to spend their money to a corporation and STILL think, they are SOOO alternative!
> A 32 character string (ex: the HEX output of a MD5 hash) is regarded as 32 characters when you're passing it as if it were a password. Thus it is reading each character individually.
I know. Likewise are, for example 32 zeroes regarded as, well, 32 distinct password characters.
> That is thirty-two 8-bit characters. 32 * 8 = [256] bits.
Not sure where you get the 8-bit value for a hex character from. Since it's base16, it has exactly 4 bits of entropy, not 8. That's why you arrive at your faulty conclusion, that somehow a 128-bit hash becomes a 256-bit hash.
Slashdot Mirror
> Actually, come to think of it, a well-trained dog is probably one of your better security options.
Especially with a friggin' laser on its head...:-)
I wonder, what percentage of computer users globally believe that it is acceptable for their country to spy on them...
> I guess MMA is Mixed Martial Arts
Yes. In this case mostly things like DoS Maga, ACKido, Karatelnet, Ping Chung etc..
> > "Whoever possesses any insignia... or any colorable imitation thereof... shall be fined... or imprisoned... or both"
> Don't you know that the FBI has William Shatner as their lawyer?
"Ream me up, Scotty!" :-/
> An FBI agent knocks on some guy's door. The guy asks to see some ID, and the FBI agent produces his official FBI badge. The guy takes one look at it and says,
> "You can't fool me, that's a fake...it looks nothing like the ones on the X-Files!"
That's actually an interesting point. How does one deal with authentication issues like that if faced with an Law-Enforcement officer? Sure they can...if they do things right, show you their badge but then what?
1. Do you have a right to actually take that badge and/or ID into your hands to inspect it fully?
2. Can you write the details down or make a scan/photo copy?
3. If you do not believe the ID, the seal or badge (and officer) to be authentically what/who they claim to be, do you still have to do what they say (and can you be charged with, for example, resisting arrest if so)?
4. If 3 is the case, what are the options to verify such ID's, seals etc.?
> CIA assassins are probably right now preparing to kill everyone having any involvement with wikileaks whatsoever. And probably friends and relatives of said people as well since they don't know who exactly
> is holding the AES key. More likely they will torture the first few victims to find out everyone who has a copy of the AES key and then eliminate those people.
Well, while there's certainly full-scale surveillance etc. going on (Assange and his staff are fully expecting this from the looks of it) nobody will get killed. At least not in the fashion you describe. Why? Because it doesn't bring anything except very bad publicity. In fact, enemies of the US are MORE likely to even just kidnap some WikiLeaks folks or their loved one's because everybody will then assume it was the US gov. So it's quite a can of worms actually.
Besides...the key likely has been split into several parts and disseminated accordingly. To give it to people nearby would be exceptionally foolish, since through simple traffic-analysis and other forms of surveillance those people (staff, friends, family etc.) are already nicely catalogued from all observing agencies and are thus unsuitable as key-holders. For all we know, it's in the hands of some unknown attorney in Bumfuck, Illinois and his cousin Ed from New Mexico. More likely, the already approached 3 news outlets, that published part of the material, each have a portion of the key and could together assemble it and have existing instructions and agreements. They in turn would have little to fear from being searched and even if, have likewise the key (simple envelope) deposited at some person of trust out of house without a paper trail. With other words...nobody knows where the (parts of the) key possibly are and killing folks won't make it any different nor prevent it from becoming public if desired.
> So is Slashdot responsible for your statements?
Well, Blogetry was apparently...
> A van approached and started loading bodies, a common insurgent tactic.
And when they have EMT patches on their gear, it's Osama in person...
Dumbass!
> According to The Register, there is a huge encrypted file up on wikileaks now, called 'insurance.'
I guess, perhaps now we'll find out if AES-256 is secure or not, since with very high certainty just about every 3-letter agency around the world started cracking on it minutes after it was posted.
So what are the currently available options for true end-to-end encryption between cell phones anyway?
> If your theory holds, the French could sue the Germans under the DMCA for circumventing the Maginot line.
Ohh...zis is a most wundervoll idea!! We will implement zis immediately!
> and have better privacy delete the others when I quit firefox.
I still can't believe, the Mozilla Devs removed the fabulous Clear History Popup window on exit. That was one of the best features of the browser, IMHO (friends and family agree)!!
(Yes, I know about askforsanitize...it works but looks very ugly.)
> b6ba4077d4421cb6ad49c1321453e37c you could also truncate it as >8 chars provides much the same security against brute force.
Truncating the hash to 8 characters reduces security/entropy down to a ridiculous 32 bits. Not a good idea.
Is this a trick question??
> Remember when you HAD to be on AOL
Thankfully...No. When others 'had' to be on AOL I was already using the Internet and thought the idea of a closed-up 'walled garden' system rather silly. I still do, but won't go into details so that certain fruit-fans won't go into collective seizures again... :-)
> Home phone? Really? How many people own those things any more?
> Why would you buy one, when cell phones are ubiquitous and work equally well inside houses?
Where I live the phone company still forces you to have and pay for a landline when you want a DSL plan. I don't even have the phone plugged in...
> Garbage in, garbage out.
Isn't this the MS-equivalent of stdin and stdout?
> This annoys the crap out of you because you had some strange unnatural urge to see it fail, so you denigrate all those people.
> Millions of people have purchased iPads and our happy with them. If you chose to believe it is because they are not as smart as you,
> they have medications that will help with your delusions.
Wow...what can I say? I LOL'ed :-)
> And what particular non-corporation made device are you surfing the internet with today?
A very corporate one actually. And I don't give myself to the illusion of 'sticking it to da man' by buying products of only a particular company where even Microsoft appears to be more open and less controlling...
Don't get me wrong...I really don't care what people end up buying and using. Love the free market. I just don't like the cult'ish lock-in (nevermind technological one's) Apple has managed to pull off. It's at a point, where the actual technology of the devices has become less relevant than owning said device. Kinda like having a Mercedes mainly for status, not for the actual engineering. There's something very distasteful about that (for me at least).
> I haven't purchased an iPad, and I am an incredibly satisfied (not) buyer.
That's because you actually can Think Different, unlike the pathetic iPadophiles that actually stand in line to spend their money to a corporation and STILL think, they are SOOO alternative!
> Hopefully this will amount to a nice college fund for the kid.
> But in reality, the parents will use all the money to buy TVs and a car.
150k will easily pay for the 1000 hours of therapy he'll need in a few years...
> A 32 character string (ex: the HEX output of a MD5 hash) is regarded as 32 characters when you're passing it as if it were a password. Thus it is reading each character individually.
I know. Likewise are, for example 32 zeroes regarded as, well, 32 distinct password characters.
> That is thirty-two 8-bit characters. 32 * 8 = [256] bits.
Not sure where you get the 8-bit value for a hex character from. Since it's base16, it has exactly 4 bits of entropy, not 8. That's why you arrive at your faulty conclusion, that somehow a 128-bit hash becomes a 256-bit hash.
> What do we do when we have computers with 1 million cores? What about a billion? How about 100 billion?
Run really awesome screensavers!
> What do we do when we have computers with 1 million cores? What about a billion? How about 100 billion? ...run really awesome screensavers!
> ... Knuth migrated to Word 2010.
And then on the lower right corner Knuthy popped up: "It seems, you'd want to use TeX..."