The problem with law enforcement mechanisms that invade one's privacy has never been the legal use of them, but the potential for abuse of them. The courts are only one arena where this information could be used.
Yep, now they can cut pay throughout the industry citing increased competition for jobs. Why should they pay you a 6 digit number when they can pay someone else a mere 5 digits.
If someone else can actually do the same job for a 5-digit salary that you do for a 6-digit salary, perhaps it is time for you to either expand your skill set or reevaluate your exact value to society.
(1) Quantum computing is not yet mainstream and I doubt if mischief mongers (aka thieves who wish to break into financial sustems) have the wherewithal today to work with quantum computing algos
Unfortunately, as Aesop put it, "We hang the petty thieves and appoint the great ones to public office." And the highest people on that totem pole have access to the resources of organizations like the NSA, who are on the bleeding edge if not already slightly ahead of it.
The difference is that the government wanted to stimulate the production of creative works. That's why copyright (and patent) law was created in the first place. If you compile facts into an original work, that also gets copyright protection (though the individual facts may separately be used...you didn't create them, you just compiled them). But of course, nobody enforces this outside the academic community because researchers don't pay RIAA or MPAA dues. The real problem here is that with the comparatively massive resources the MAFIAA has and their ability to use them to lobby the government, the rights of a few corporations are being prioritized over the rights of the individuals buying and producing the content, so copyright law now serves more to allow publishers to extort money from consumers than to reward artists for their work.
We should allow people to make exact copies of almost all works and distribute them freely. It's really that easy and companies that can't live with that kind of freedom should look for a new line of honest work.
Well, that's just plain and simple good ol' fashioned Communism:-P .
Isn't that like increasing manufacturing jobs by defining them to include fast food workers (no offense intended to the fast food industry)? How does changing the definition of something make it right?
That would work for a chip mounted somewhere on your body (as long as you stay someplace cold; no summer trips anywhere tropical for people that would depend on this), but for devices implanted in your body, like a pacemaker, wouldn't this still be a problem?
2. Don't you need a temperature _gradient_ to get useful power out of heat?
My physics is a bit rusty, but I could swear that generating power without a significant gradient violates the 2nd law of thermodynamics. OTOH, if they've figured this out, maybe we will have yet another patent in the works for a perpetual motion machine.
OK, I didn't really read the article I linked to, only the title of it, but there have been recent (within the last 8 years at least) advances in factorization that have contributed to cracking some of the weaker forms of RSA. I just don't have links to them off the top of my head. It should also be noted here that the preferred method of cracking DES is still brute force (there are a couple ways to do better, but they don't do much better). The reason DES is so insecure is mainly because of the key and block size. Most of the problems that both asymmetric and symmetric ciphers are based on, however, never got much attention until modern cryptography was discovered (1960s or 1970s for non-government, sometime between then and WWII for the No-Such-Agency), so it isn't really fair to say that these problems have defeated everyone for centuries. Symmetric ciphers are based on math problems as much as asymmetric ciphers are, it's just that we happen to have a couple math problems like factoring and discrete logs that lend themselves particularly well to simple asymmetric algorithms, and can be easily generalized to arbitrary key lengths.
I assume you are referring to his Applied Cryptography book, which I own a copy of, and it does contain some very useful technical information (though it is a little out-dated and much of the information is available online these days). I will assume from your flawed comparison of symmetric and asymmetric cryptography that you fall in the category of people who "don't understand".
To set the record straight, Blowfish became the de facto standard in many cryptographic circles after DES was considered by the cryptographic community to be insecure, and his AES submission (Twofish, which if memory serves was a derivative of Blowfish) was one of the 5 finalists. I won't argue the assertion of his large ego though.
Public key is based on simple one-way math functions. It's easy to prove it's secure (with certain assumptions about not being able to solve hard problems, like discreet logs or factoring large numbers). If the maths is solid, you've got a good encryption algorithm. If the single hard maths problem isn't cracked, you're safe. Job done.
With symmetric algorithms, we crack them by developing techniques like differential cryptanalysis, and with asymmetric algorithms, we crack them by developing techniques like faster factoring algorithms. When make asymmetric algorithms stronger by increasing the size of the prime numbers, and we make symmetric algorithms stronger by cascading them like we did with 3DES. The reason DES was so short-lived compared to RSA is that the government shortened the key and block sizes to make it weaker. The original version of the algorithm was submitted by IBM and was (one of several algorithms) they named Lucifer. It had a block size equal to the current AES and a key size of 128 bits (one of the three key sizes used by the official AES).
You all seem to be overlooking the fact that symmetric and asymmetric ciphers are two entirely different things with two entirely different applications. Asymmetric algorithms in general take a long time to compute and add padding overhead to every block of data, and symmetric algorithms are impossible to use without a pre-shared private key or some key agreement algorithm (like Diffie-Hellman) that is based on the same principles as asymmetric cryptography.
What you are raising is the issue of the morality of taxation. We pay taxes for education, whether we have children or not, because we believe that society as a whole benefits from schools.
And look how the public education system has turned out. If this were to happen, not only would consumers not be paying according to how much they consume, but the artists (and record labels and everyone else on that side of the equation) can't be compensated based on the value of their product. The MAFIAA and its members would work out a disbursement system among themselves based on who can waive the biggest proverbial stick at the negotiating table, and that would be that.
If you go to any search engine and search for "How to make an EMP device", you will find several pages that may not give detailed instructions, but all seem to agree that localized one-use EMP devices based on chemical explosives can reasonably be constructed. Sources include Wikipedia, Howstuffworks, and Popular Mechanics. If not usable by the average person off the street, they at least agree that from terrorists it is a more significant threat than an actual nuclear attack.
I suspect there is an easier way to deactivate a pacemaker
It's called electromagnetic pulse (EMP) and has been around for quite a while. I'm sure there are documented occasions of it taking out a pacemaker before.
The rather large, obvious concussive boom makes your stealthy plane not so stealthy anymore.
Not so stealthy to targets you've already flown over and have dropped your bombs on if needed. Any aircraft generates a lot of sound, but sound waves don't travel nearly as far or as fast as electromagnetic waves like RADAR. Minimizing EM footprint is the game in the air; minimizing sonic footprint is the game underwater.
If you had access to the system, running and encrypted bits unlocked, why on earth would you turn it off?
Because the OS has control of the system at that point. If the terminal is locked, even though the system is on, you won't be able to access anything until you get control of the hardware away from the OS. Also, when you start poking around on a system, you always have the potential of accidentally destroying evidence, and evidence is much weaker in court if there isn't an untampered version of the disk to allow the prosecution's claims to be verified.
ATX power supplies are required to provide power for a certain amount of time after it signals the motherboard that it is shutting down. I forget how long that is, but it is probably long enough to wipe a few encryption keys if you know what part of memory to wipe. The attacker would then have to physically separate the power supply form the motherboard or remove the RAM while the system is running. To do that they would have to have the case open, so you could have sensors for tampering with the case that cause all encrypted data to be dismounted.
More reliable: hardware keystroke logger...how many of us actually check the back of our machines every time we use them to make sure there aren't any suspicious devices plugged in?
I agree that WiFi doesn't live up to what it was intended to be, but the problem I was getting at is people expect it to provide a service that it was never designed to. They expect WiFi to provide VPN. It doesn't. It was never intended to.
My comment about DNS was that an SSL client needs more than the fact that the certificate was signed by a trusted CA, it also needs to know that the certificate was issued to the site the user is trying to connect to. It verifies this through the DNS name. Valid certificates can be issued to anyone who can show that they control the domain for which they are requesting the certificate, but you can't take a certificate issued to the domain hax0rsite.ru and pretend to be google.com because the client verifies the domain in the certificate against the URL the user is trying to access. With the VPN implementations I have used (and note that VPN is used to describe a wide variety of things) there was separate cryptographic "stuff" that had to be installed on the client because they weren't using SSL certificates. My point was that WiFi is completely separate from DNS, and there is no good mechanism of establishing a WiFi provider's identity so it can be verified against the certificate. How can you "own" an SSID? How can you demonstrate to the CA that you control all legitimate uses of it?
Man-in-the-middle attacks work on SSL because 99% of users aren't IT people and when the warning box tells them they're accepting a self-signed certificate, they just click OK. Ettercap has a filter or plugin or something that can do MITM attacks on SSL in this way, and it comes complete with ARP poisoning and other similar methods of deceiving the target computer so you don't even have to be the router, just another host on the same network. This problem is compounded by sites that don't have their SSL certificates set up properly because it further conditions users to ignore these warnings.
Slashdot Mirror
The problem with law enforcement mechanisms that invade one's privacy has never been the legal use of them, but the potential for abuse of them. The courts are only one arena where this information could be used.
The difference is that the government wanted to stimulate the production of creative works. That's why copyright (and patent) law was created in the first place. If you compile facts into an original work, that also gets copyright protection (though the individual facts may separately be used...you didn't create them, you just compiled them). But of course, nobody enforces this outside the academic community because researchers don't pay RIAA or MPAA dues. The real problem here is that with the comparatively massive resources the MAFIAA has and their ability to use them to lobby the government, the rights of a few corporations are being prioritized over the rights of the individuals buying and producing the content, so copyright law now serves more to allow publishers to extort money from consumers than to reward artists for their work.
That would work for a chip mounted somewhere on your body (as long as you stay someplace cold; no summer trips anywhere tropical for people that would depend on this), but for devices implanted in your body, like a pacemaker, wouldn't this still be a problem?
OK, I didn't really read the article I linked to, only the title of it, but there have been recent (within the last 8 years at least) advances in factorization that have contributed to cracking some of the weaker forms of RSA. I just don't have links to them off the top of my head. It should also be noted here that the preferred method of cracking DES is still brute force (there are a couple ways to do better, but they don't do much better). The reason DES is so insecure is mainly because of the key and block size. Most of the problems that both asymmetric and symmetric ciphers are based on, however, never got much attention until modern cryptography was discovered (1960s or 1970s for non-government, sometime between then and WWII for the No-Such-Agency), so it isn't really fair to say that these problems have defeated everyone for centuries. Symmetric ciphers are based on math problems as much as asymmetric ciphers are, it's just that we happen to have a couple math problems like factoring and discrete logs that lend themselves particularly well to simple asymmetric algorithms, and can be easily generalized to arbitrary key lengths.
I assume you are referring to his Applied Cryptography book, which I own a copy of, and it does contain some very useful technical information (though it is a little out-dated and much of the information is available online these days). I will assume from your flawed comparison of symmetric and asymmetric cryptography that you fall in the category of people who "don't understand".
To set the record straight, Blowfish became the de facto standard in many cryptographic circles after DES was considered by the cryptographic community to be insecure, and his AES submission (Twofish, which if memory serves was a derivative of Blowfish) was one of the 5 finalists. I won't argue the assertion of his large ego though.
With symmetric algorithms, we crack them by developing techniques like differential cryptanalysis, and with asymmetric algorithms, we crack them by developing techniques like faster factoring algorithms. When make asymmetric algorithms stronger by increasing the size of the prime numbers, and we make symmetric algorithms stronger by cascading them like we did with 3DES. The reason DES was so short-lived compared to RSA is that the government shortened the key and block sizes to make it weaker. The original version of the algorithm was submitted by IBM and was (one of several algorithms) they named Lucifer. It had a block size equal to the current AES and a key size of 128 bits (one of the three key sizes used by the official AES).
You all seem to be overlooking the fact that symmetric and asymmetric ciphers are two entirely different things with two entirely different applications. Asymmetric algorithms in general take a long time to compute and add padding overhead to every block of data, and symmetric algorithms are impossible to use without a pre-shared private key or some key agreement algorithm (like Diffie-Hellman) that is based on the same principles as asymmetric cryptography.
If you go to any search engine and search for "How to make an EMP device", you will find several pages that may not give detailed instructions, but all seem to agree that localized one-use EMP devices based on chemical explosives can reasonably be constructed. Sources include Wikipedia, Howstuffworks, and Popular Mechanics. If not usable by the average person off the street, they at least agree that from terrorists it is a more significant threat than an actual nuclear attack.
as I had stated, that would require opening the case, which could be detected with physical security measures on the case
Looks like the EU has found a new revenue model :)
ATX power supplies are required to provide power for a certain amount of time after it signals the motherboard that it is shutting down. I forget how long that is, but it is probably long enough to wipe a few encryption keys if you know what part of memory to wipe. The attacker would then have to physically separate the power supply form the motherboard or remove the RAM while the system is running. To do that they would have to have the case open, so you could have sensors for tampering with the case that cause all encrypted data to be dismounted.
More reliable: hardware keystroke logger...how many of us actually check the back of our machines every time we use them to make sure there aren't any suspicious devices plugged in?
I agree that WiFi doesn't live up to what it was intended to be, but the problem I was getting at is people expect it to provide a service that it was never designed to. They expect WiFi to provide VPN. It doesn't. It was never intended to. My comment about DNS was that an SSL client needs more than the fact that the certificate was signed by a trusted CA, it also needs to know that the certificate was issued to the site the user is trying to connect to. It verifies this through the DNS name. Valid certificates can be issued to anyone who can show that they control the domain for which they are requesting the certificate, but you can't take a certificate issued to the domain hax0rsite.ru and pretend to be google.com because the client verifies the domain in the certificate against the URL the user is trying to access. With the VPN implementations I have used (and note that VPN is used to describe a wide variety of things) there was separate cryptographic "stuff" that had to be installed on the client because they weren't using SSL certificates. My point was that WiFi is completely separate from DNS, and there is no good mechanism of establishing a WiFi provider's identity so it can be verified against the certificate. How can you "own" an SSID? How can you demonstrate to the CA that you control all legitimate uses of it?
Fight demonizing buzz words with demonizing buzz words. Tell them that opposition to privacy is just plain and simple Communism.
Man-in-the-middle attacks work on SSL because 99% of users aren't IT people and when the warning box tells them they're accepting a self-signed certificate, they just click OK. Ettercap has a filter or plugin or something that can do MITM attacks on SSL in this way, and it comes complete with ARP poisoning and other similar methods of deceiving the target computer so you don't even have to be the router, just another host on the same network. This problem is compounded by sites that don't have their SSL certificates set up properly because it further conditions users to ignore these warnings.