> > being a geek and not a spy I don't tend to fare well under torture!
> You'll never know until you try:)
Just imagine the geeky & fun role-playing games you can have with your SO.
She (in german Nazi-Uniform): "You WILL give me ze passphrase jetzt!!"
You (unfortunate prisoner): "No! Never!!"
She (in german Nazi-Uniform): "Zen I will have to beat zis information out of you!"
You (unfortunate prisoner): "Oh no's! Not the whip again!! Well...do what you must..." ^__^
Of course, make sure you have a safe word when playing so you can stop. Low entropy is a feature in this case, whereas 512-bit hashes are, well, not that ideal;-)
> I'm assuming we're talking a 256 character long password. > Because I'd sure love to see someone memorise a string of 1 and 0 that is 256 digits long.
1 Character != 1 Bit of entropy.
But anyway...with a diceware-like approach (http://www.diceware.com) you'll get approximately 12.92 bits of entropy per randomly chosen word. So you'd need only 20 words from the diceware list for your passphrase to actually match and surpass the 256-bit security of the underlying crypto algorithm. 20 words are not that hard to remember. Hell, in literature we had to memorize and recite "The sorcerer's apprentice", which is *pages* long!.
Well, things are progressing, as age-old human desires and idiosyncracies get adapted and ridden along modern technologies. Really nothing new and yet still astounding. However, it'll get a lot more interesting, when there's an economic incentive for tracking down people and performing certain....actions: https://secure.wikimedia.org/wikipedia/en/wiki/Assassination_politics Given the degree to which people are conditioned to respond in Pavlov'ian fashion for gaining a material benefit the old and formerly philosophical question question of 'How much is a human life worth?' may at last be answered...
Sine I got first-hand experience with where this stuff ends, pardon my paranoia based on real life:-)
> So far, the US government's greatest attribute (IMHO) has been her > ability to back up when we start Down the Slippery Slope: Native > Americans
Right...the Native Americans are still eternally grateful for the great attributes of the US government. I hope, you're just trolling.
> Yes, warrantless searches are a crappy idea, but stop there and > point out the direct flaws. Act by challenging the > constitutionality.
Worked really well for the Patriot Act, the warrantless spying of the NSA on Americans and countless other examples you can pull up yourself. See guys...this is the problem: Western-world-raised people still believe, that it'll never happen to them (only to those in evil empires etc.), and that despite all evidence to the contrary they are really free people and so on. Propaganda results at its finest. Soviet Russia people (to use the/. cliche again) were a lot less gullible as a whole. They went through the motions without believing mostly. US'ians go through the motions and still believe in something, that doesn't exist anymore. So am I really paranoid or just a whole lot more realistic than yourself?
> News just in: Soviet Russia ceased to exist in 1991. But please > don't let little things like actual facts interfere with your > morbid fear of imaginary entities.
Don't let your morbid fear of analogies and figures-of-speech interfere with your real or imagined comprehension of my article. Thanx!
As always, Big Brother comes in small, fairly digestible steps. Note the progression below:
> Last year, the Legislature granted prosecutors subpoena power > when they suspect a child-sex crime has been committed.
Here it was one crime...of course the one, where it's really hard to say no to such a bill. Then we continue, as is not just to be expected but a given:
> Daw's bill initially had sought to expand the authority to any > crime, but committee members balked at such broad power last > Friday. His amended bill limits the power to suspected felonies > and two misdemeanors -- cyber-stalking and cyber-harassment.
So now it's child-sex crimes + SUSPECTED felonies + 2 misdemeanors.
In a couple of years, give or take, it'll become standard-operating procedure applying at will to *everyone*. And that, ladies and gentlemen, is the problem with taking away basic rights from the people. It will always get worse, because nobody wants to lose their shiny new toys anymore that give you almost god-power over other's. Except, of course, you're in Soviet Russia. There Big Brother doesn't subpoena your ISP records but the actual user for, uh, re-education. A bit more of this stuff above and we'll be there too.
"We're really good at making money off of other people's products! Even free software we get paid for. We're sooooo cool!! [insert crazy monkey dance here]"
The issue isn't which government or entity is involved. The real issue is, that SSL relies on a trust model, that flies in the face of anything human beings do in real life to trust someone. Putting blind faith in organizations you have no idea of is, well, a bad idea. Certainly it has nothing to do with trust. If the worry is, that the chinese gov will use it to stage MITM's then it applies euqally to all other gov's. If something can be abused, it will be abused in the name of 'protecting' from [insert favorite horsemen of the day here]. These people will never stop to amass even more snooping power, no matter the location. It's a mindset. So that leaves us with SSL: great encryption (for the time being) - lousy trust/authentication model = lousy overall architecture. All other points of hawking about the chinese or whomever are completely irrelevant.
And back in MY day, I used to hit nerds like you severely with a huge wooden club. Then we played football with your heads. We LOVED it that way! Now get off my woman!
The corporate State considers that private enterprise in the sphere of production is the most effective and usefu [sic] instrument in the interest of the nation. In view of the fact that private organisation of production is a function of national concern, the organiser of the enterprise is responsible to the State for the direction given to production.
State intervention in economic production arises only when private initiative is lacking or insufficient, or when the political interests of the State are involved. This intervention may take the form of control, assistance or direct management. (pp. 135-136)
--Benito Mussolini, 1935, "Fascism: Doctrine and Institutions", Rome: 'Ardita' Publishers.
I really was only half-kidding. Interesting story, btw.. And that's the point: potentially even the most minute details of something could potentially used for nefarious purposes. As an aside, that's why I laugh at people who keep trying to tell me, they have nothing to hide. It's ridiculous, because it depends on the observer whether a piece of info is useful *to them* or not, not to the person divulging it. Great example (and this has already happened): Facebook posting along the lines of: "Wow...it sure is nice to be on vacation [pix here]". Burglar: "Fantastic news indeed. Let me go clean out their house before they come back". A seemingly completely innocuous piece of info in the wrong hands will lead to very wrong results.
So I reported the Subway (The Tube in the UK) schedules as being dramatically helpful to terrorists. Not only to target the subway itself but they might use it to get to their unrelated targets. Coming to think of it, let's shut down all Internet access cuz who knows what them terrorists will use it for...
Slashdot Mirror
> > Of course, make sure you have a safe word when playing so you can stop.
red = stop right now
yellow = not feeling comfy with things
AHHH....OUUUUUCHH!!! = go!
There...fixed it for 'ya. ;-)
> > being a geek and not a spy I don't tend to fare well under torture!
> You'll never know until you try :)
Just imagine the geeky & fun role-playing games you can have with your SO.
She (in german Nazi-Uniform):
"You WILL give me ze passphrase jetzt!!"
You (unfortunate prisoner):
"No! Never!!"
She (in german Nazi-Uniform):
"Zen I will have to beat zis information out of you!"
You (unfortunate prisoner):
"Oh no's! Not the whip again!! Well...do what you must..." ^__^
Of course, make sure you have a safe word when playing so you can stop. Low entropy is a feature in this case, whereas 512-bit hashes are, well, not that ideal ;-)
> I'm assuming we're talking a 256 character long password.
> Because I'd sure love to see someone memorise a string of 1 and 0 that is 256 digits long.
1 Character != 1 Bit of entropy.
But anyway...with a diceware-like approach (http://www.diceware.com) you'll get approximately 12.92 bits of entropy per randomly chosen word. So you'd need only 20 words from the diceware list for your passphrase to actually match and surpass the 256-bit security of the underlying crypto algorithm. 20 words are not that hard to remember. Hell, in literature we had to memorize and recite "The sorcerer's apprentice", which is *pages* long!.
Pirates versus Ninjas...who'll win??
> So pubic key is less vulnerable to brute force attacks, but more vulnerable to physical attacks.
> Pick which one you want.
Can I have another option? o_O
> If your passwords contain lower-case letters only (not recommended)
I like lower-case character passwords actually. Contrary to widespread opinion it's the length that matters, not the width. ;-)
> They asked me where I was from and what school I had attended. I told them. I had nothing to hide.
Good for her that she had nothing to hide. Good for everyone who thinks that way. It makes your life better! Promised!
Well, things are progressing, as age-old human desires and idiosyncracies get adapted and ridden along modern technologies. Really nothing new and yet still astounding.
However, it'll get a lot more interesting, when there's an economic incentive for tracking down people and performing certain....actions: https://secure.wikimedia.org/wikipedia/en/wiki/Assassination_politics
Given the degree to which people are conditioned to respond in Pavlov'ian fashion for gaining a material benefit the old and formerly philosophical question question of 'How much is a human life worth?' may at last be answered...
> How is this any more secure...Than a 4096 Bit RSA Key that is stored on a standalone computer?
Ask this question again after the EMP blast...
> Nah, GP is right, you're the paranoid one.
Sine I got first-hand experience with where this stuff ends, pardon my paranoia based on real life :-)
> So far, the US government's greatest attribute (IMHO) has been her
> ability to back up when we start Down the Slippery Slope: Native
> Americans
Right...the Native Americans are still eternally grateful for the
great attributes of the US government. I hope, you're just trolling.
> Yes, warrantless searches are a crappy idea, but stop there and
> point out the direct flaws. Act by challenging the
> constitutionality.
Worked really well for the Patriot Act, the warrantless spying of /. cliche again) were a lot
the NSA on Americans and countless other examples you can pull up
yourself. See guys...this is the problem: Western-world-raised
people still believe, that it'll never happen to them (only to those
in evil empires etc.), and that despite all evidence to the contrary
they are really free people and so on. Propaganda results at its
finest. Soviet Russia people (to use the
less gullible as a whole. They went through the motions without
believing mostly. US'ians go through the motions and still believe
in something, that doesn't exist anymore. So am I really paranoid or
just a whole lot more realistic than yourself?
> News just in: Soviet Russia ceased to exist in 1991. But please
> don't let little things like actual facts interfere with your
> morbid fear of imaginary entities.
Don't let your morbid fear of analogies and figures-of-speech
interfere with your real or imagined comprehension of my article.
Thanx!
As always, Big Brother comes in small, fairly digestible steps. Note
the progression below:
> Last year, the Legislature granted prosecutors subpoena power
> when they suspect a child-sex crime has been committed.
Here it was one crime...of course the one, where it's really hard to
say no to such a bill. Then we continue, as is not just to be
expected but a given:
> Daw's bill initially had sought to expand the authority to any
> crime, but committee members balked at such broad power last
> Friday. His amended bill limits the power to suspected felonies
> and two misdemeanors -- cyber-stalking and cyber-harassment.
So now it's child-sex crimes + SUSPECTED felonies + 2 misdemeanors.
In a couple of years, give or take, it'll become standard-operating
procedure applying at will to *everyone*. And that, ladies and
gentlemen, is the problem with taking away basic rights from the
people. It will always get worse, because nobody wants to lose their
shiny new toys anymore that give you almost god-power over other's.
Except, of course, you're in Soviet Russia. There Big Brother
doesn't subpoena your ISP records but the actual user for, uh,
re-education. A bit more of this stuff above and we'll be there too.
"We're really good at making money off of other people's products! Even free software we get paid for. We're sooooo cool!! [insert crazy monkey dance here]"
Seriously...this company needs to SCO!
The issue isn't which government or entity is involved. The real issue is, that SSL relies on a trust model, that flies in the face of anything human beings do in real life to trust someone. Putting blind faith in organizations you have no idea of is, well, a bad idea. Certainly it has nothing to do with trust. If the worry is, that the chinese gov will use it to stage MITM's then it applies euqally to all other gov's. If something can be abused, it will be abused in the name of 'protecting' from [insert favorite horsemen of the day here]. These people will never stop to amass even more snooping power, no matter the location. It's a mindset.
So that leaves us with SSL: great encryption (for the time being) - lousy trust/authentication model = lousy overall architecture. All other points of hawking about the chinese or whomever are completely irrelevant.
> I'm at work, where I have a P4 winXP machine.
> AND I'M PROUD OF IT.
Well, there is no need to be ashamed of the P4 part...
> Doesn't appear to be much new things, it's just faster.
The truly innovative things are being worked on under the code-name: Open Office Forever! Expect it near you shortly...
And back in MY day, I used to hit nerds like you severely with a huge wooden club. Then we played football with your heads. We LOVED it that way! Now get off my woman!
Can you imagine a Beowulf cluster of those? [oblig]
2015:
"So what kind of computer you got these days?"
"Cluster...1 PetaHertz"
"LAME!! My stupidphone is faster than that. Get with the times, Dad!"
The corporate State considers that private enterprise in the sphere of production is the most effective and usefu [sic] instrument in the interest of the nation. In view of the fact that private organisation of production is a function of national concern, the organiser of the enterprise is responsible to the State for the direction given to production.
State intervention in economic production arises only when private initiative is lacking or insufficient, or when the political interests of the State are involved. This intervention may take the form of control, assistance or direct management. (pp. 135-136)
--Benito Mussolini, 1935, "Fascism: Doctrine and Institutions", Rome: 'Ardita' Publishers.
> If anyone thinks this is the first collaboration between Google and the NSA,
> I've got a wall in China I want to sell you.
You do? NICE!! PM me... :-)
I really was only half-kidding. Interesting story, btw.. And that's the point: potentially even the most minute details of something could potentially used for nefarious purposes.
As an aside, that's why I laugh at people who keep trying to tell me, they have nothing to hide. It's ridiculous, because it depends on the observer whether a piece of info is useful *to them* or not, not to the person divulging it. Great example (and this has already happened): Facebook posting along the lines of: "Wow...it sure is nice to be on vacation [pix here]". Burglar: "Fantastic news indeed. Let me go clean out their house before they come back". A seemingly completely innocuous piece of info in the wrong hands will lead to very wrong results.
As part of the agreement a new slogan to be used jointly by both Google and the NSA has been implemented:
"No Such Evil" ...
So I reported the Subway (The Tube in the UK) schedules as being dramatically helpful to terrorists. Not only to target the subway itself but they might use it to get to their unrelated targets. Coming to think of it, let's shut down all Internet access cuz who knows what them terrorists will use it for...
> While outlawing anonymity sucks, this construct sucks, too. You can use it for almost everything
Well, you're right...it can be used for many things in the same way. It becomes a whole less sucky, in fact, quite deep when it becomes true :-/
> The main problem for me is all recruitment agents demand resumes in MS Word
> format.
Besides, you can save to the fabulous *.doc format also in OOo.