Only one enantiomer of thalidomide causes birth defects in the body, however, in the body, racemisation can interchange the chirality of the molecule. It is not safe to administer any enantiomer of thalidomide to any person who can become pregnant.
Flow of incompressible fluids?!?! That's what the Navier-Stokes differential equations are for. Most mathematicians believe that the GRH is almost certainly true. There will be no new applied results that suddenly arise when GRH is finally proven. We already have a very good sense of the distribution of primes, but it is not possible to predict the next prime in any real sense (that is, a priori based on being given an arbitrary prime), except for actually finding it. The GRH offers insight into how the primes are distributed, but not where a specific prime would be; RSA depends not on the difficulty of finding large primes (this is already easy: Miller-Rabin SPPTs are entirely adaquate, use eliptic curve techniques if you wish to prove primality), but rather that of decomposing large composites into primes. GRH offers no insight into how to do this; even if it did, we can merely assume that it is true, without any proof, and use the corresponding results. Proving GRH!=breaking RSA.
Minor technical quibble: when/if Goldbach's conjecture is finally decided, sieves will be probably not be used. The techniques of sieving tend not to be useful when the underlying assumption that the spliting residues of integers are distributed randomly (in a certain exact sense). This is not the case when the integers are close to each other or related to each other in some way. I'm sorry that I can't explain this any better, but Halberstam's book on sieve methods does a very admirable job if you are interested in the details.
This is a trivial, solved problem. The method of generating functions solves this and a much more general set of enumeration and probability problems. Informally, a generating function is a function whose formal power series (to be distinguished from the more familiar Taylor power series) has coeffecients equal to the corresponding value of the series that the function generates. Wilf's _Generationfunctionology_ (yes, the title is real) explains this very well, much better than I could do, since I only have a cursory understanding of these methods. By the way, even the naive approach of enumerating all the possibilities is easily computing, in a certain abstract sense. The function is primitive recursive and can be computed in polynomial time using the general methods in Knuth's _TAOCP_. Volume 4, when it comes out, will go into more detail about these techniques.
Never *ever* seed a nominally secure random number generator using the above poster's method. The Security Gods will have you taken out back and shot for blatant incompetence. Do you know how many seconds are in a day? 86400. That's about 2^16.5. Do you know what 2^40 is? 1099511627776. Do you know what 2^56 is? 72057594037927936. Do you know what 2^128 is? About 3.4028236692093846346337460743177e+38. Any more questions?
The PRNG given in Numerical Recipes is not very good. The following references assume that you are using NR/C or NR/F77. ran1 is slower than implementations of contemporary PRNGs that produce much higher quality sequences (Mersenne Twister, L'Ecuyer's ME-CF structure) and has a much shorter period. ran2 is even slower than ran1 and still has noticable statistical defects (it is too even in its lower bits; this shows up well on a low-dimensional, matched paits random walk). ran3, Knuth's/Marsaglia's subtractive generator, is faster but also produces numbers that have abysmal hyperplane spacing, as the SWB/Fibonaci recursions generators merely act as an alternate implementation of a LCG with a very large modulus. ran4 is slow and must not be used for cryptographic purposes despite its misleading name of psdes; I know of no significant statistical defects of this general, but there are obvious differential properties of the F function that make me uneasy about such a short iteration count. The generators in NR/F95 are quite a bit better. Marsaglia's shift register-like Tausworthe recursions have excellent statistical properties and operate on their iterants in entirely different ways than LCGs or other arithmetical methods like LCGs and FRSGs.
"Content providers put money into providing that content. Even NBC, which is mostly filled with drivel, spends a lot of money on editing, management and facilities. In exchange, they want a few minutes on the screen in which they can advertise. That's the quid-pro-quo: you watch their content, you pay them back with your attention to their ads.
In this content, changing the channel feels to me as if the viewer is trying to welsh on their part of the bargain.
Thanks"
How much sense did the preceeding paragraph make? None at all. There is no material difference between the situation with regards to banner ads and the situation in the case of commericials on television. I certainly did not make any bargain with the web sites that I read or visit to view their ads; they (they being the operators of the sites) chose to make their sites freely accessible to anyway with an IP address and a web browser. Did I have to click-through a license agreement to view the site? Would such a click-through license even be valid? Once the banner ads leave the server of the web site, I can do anything I want with them, including rejecting connections (via ipmasq) from the server at the port level, filtering out the images via a proxy, or instructing my browser not to display the ads.
I'd be more afraid of being hit with MTW than a dictionary. I'm a bit surprised that a grad level course in GR would be taught using _Gravitation_ as a primary text.
It's bad form to reply to my own comment, but I'll add some more details. Schiener's argument on the basis that each operation must consume at least k*T (where k is Planck's constant and T is the temperature at which the operation is performed) makes several assumptions that are not neccesarily valid. By asserting that the mean free path of a particle is a limiting factoring for the operation (ie. in the movement for a particle between two distinct [non-quantum, physical] states) he implicitly assumes that the operation must be irreversible. This is false, as computers can be theoretically be constructued with reversible logic gates, from which all other operations can be synthesized. Additionally, even in the case that k*T consitutes a valid lower bound, the temperature of the cosmic background radiation (~2.3 K) is irrelevant. Systems can be cooled to lower temperatures; there is no neccesary lower bound to how close one can bring a system to absolute zero (without reaching it, of course).
I'll preface this comment by stating that I believe that it will be computationally unfeasible to brute force a 128-bit key for the forseeable future. Nonetheless, Scheiner's thermodynamic calculation is actually incorrect, because it assumes an irreversible state change. This is not the case! There is no lower limit to the energy needed to perform an arbitrary operation. Bruce is a great cryptographer, but he's understandably not a physicist. He creates a straw man argument that, although very impressive, is actually incorrect. If you're interested in the details, email me and I'll send you more information on Tuesday when I get back to my office.
"That score doesn't reveal any of that information (neither does the AP test for that matter...) - all it measures is your aptitude, not you accomplishments."
You got it backwards. The SAT does not so much reveal an intrinsic quality of a person as abstract as "aptitude" or intellectual ability, but rather a person's accomplishments in the specific areas of 1) being able to take the SAT, 2) knowing the definitions of certain words, 3) minimal comprehension, and 4) rudimentary math skills. All of these are *learned*, not a measure of how "smart" or "capable" a person is.
The quality of instruction at a Some Random Large State University is no worse than the quality of instruction at Really Expensive Ivy League School. In both cases, the average class/section will be taught by a graduate student and you'll be quite lucky if the professor even knows the names of ten people in the entire course. I submit that one obtains two main benefits from going to college: social interaction with other people, access to facilities.
Oh, and the requirement for a certain score on the SATs? Frankly, the SATs are more a measure of socioeconomic status and ability/training to take the test than of any innate quality of intelligence. The requirement reeks of elitism and discrimination against those who do not have the opportunity to take review courses or other such techniques to artifically increase a person's score over what he or she would have ordinarily scored. Moreover, what precisely does the SAT measure? It certainly does not measure critical thinking skills, nor is it a predictor of future success (high school grades are significantly more reliable). Is it truly just for a university that nominally presupposes to offer open access and transparency to base their admissions to such a large degree on an indicator that lacks real validity and implicitly places certain groups at a distinct and quantifiable advantage?
I won't even bother responding to the first part of your posting (the ability to audit code is not the same as the actual auditing code). But your "ideal solution" is so utterly unrealistic that I think it deserves some comment. Are you aware of the halting problem? Then I suppose you realize that the determination of whether a specific invocation of a black box function (ie. we can neglect the behavior/side effects of the function and the result still holds) is "safe" or "unsafe" is reducable to a more general decision problem that is known to be undecidable in the deterministic Turing machine model of computation. Translation: if you think this "tiny little perl script" is so easy, please write it (or even a plausible prototype) and earn everlasting fame for disproving the Church-Turing thesis. Just remember, your perl script does not know anything more about the flow of the program than your C compiler (and probably a good deal less). It cannot determine what input will be presented to a given function or program unless you resort to alternate or supplemental descriptive formal languges, but if you're going to go the route to theorem proving and validation, why bother with C?
OT, but... Funny, but if you're going to be off-topic, try not to take your material from someone else without giving credit. I've seen a very similar copy of this about "dark suckers" and how dark travels faster than light.
ObFlame: This is known as plagiarism (also called the "Jon Katz wants to sell a book technique").
The dirt counter doesn't actually "see" the dirt. It uses a property known as oblique Reynolds scattering to detect the glint that dirt reflects back at a photodiode. Photolithography is the only practical technique to mass produce ICs. If they were to use a laser to trace each path, it would literally take years for a single chip to be made (think of how many miles of circuit paths there are in even a small IC).
Quantum electron tunneling can be modelled to a first order by psi(x)=e^(-i*k*L*x) where k is sqrt((8*pi^2*m*(K_e-U_b))/h^2)) and L is the width of the potential barrier, K_e is the kinetic energy of the electron and U_b is the height potential barrier. My impression (ie. I didn't plug in any numbers) is that quantum tunnelling effects will be not be significant at normal operating parameters if the insulation material has a sufficiently high dielectric constant (greater than 3.5 should be enough). The tunneling probability is (psi(x))^2, where the standard rules of taking squaring imaginary numbers applies (psi(x)*psi_bar(x)).
There are so many errors in the comment that I'm replying to that I am aghast that somebody would post this.
Electricity is essentially the movement of electrons, not protons. Protons do not (normally) move from atom to atom. Electrons certainly DO NOT travel faster than the speed of light. Electrons have finite mass; if they traveled at the speed of light, the Lorentz transformation equations assert that they would infinite mass. I assure you that the electrons in your computer do not have infinite mass. In fact, electrons usually travel far slower than that. The conduction speed of copper wire is in the range of a few thousand meters per second at best. Light (well, actually photons) travels faster than anything else. The speed of light is an absolute speed limit in our universe and is a fundamental physical constraint. Your comment is both off-topic and wrong.
As for the rest of your post, you've been suckered into responding to a quite funny comment. There's just enough techno-mumbo and vaguely plausible sounding physics to get Slashdot karma whores (tm) to reply with corrections (in analogy with StreetLawyerGuy and DumbMarketingGuy). Kudos to all three.
The G4 is not considered a supercomputer. I have no idea where you get that from; the current High Performance Computing export restriction thresholds are considerably higher the sustained MTOPS that the G4 can acheive. I recommend checking out the Cox Report and "High-Performance Computing, National Security Applications, and Export Control Policy at the Close of the 20 th Century" (Goodman, Wolcott, Homer) for more information. Not that this matters much, considering that every nuclear weapon currently in service was designed on a computer with less power than the average desktop Pentium 2, Athlon, or G4...
[screams] If you're going to be pedantic, please be pedantically correct:-).
Inductance!=current. Inductance is the ability of a changing magnetic flux through a closed surface loop to induce a corresponding current (or electric field) along the edge of the closed surface. Energy is NOT measured in volts (the units are dimensionally inconsisten). Volts measure a potential difference between the points; in effect, the work that needs to be done to take a unit charge from one point in a field to another. E is not the symbol for voltage in any context I have ever seen. E is usually the symbol for the vector field representing the electric field. Your equations only work for a constant current, not for the alternating current used in computers. You have not accounted for the phase shift caused by capacitance effects in the circuit.
This comment may NOT be published or otherwise redistributed except as part of the Slashdot web page. This comment is NOT released to the public domain and is copyrighted by the poster.
"Comments were used. They were posted in a public forum, which means that anyone can quote from them - but we've removed any sort of identifying marks, to protect people. This was down to impress upon those reading the gravity of the situation."
Although I must confess that the last sentence of the above quote seems incoherent to me, it seems that Jon Katz's understanding of fair use law is flawed and incomplete. Asserting that the publishing of a copyrighted work into a public forum nullifies the right of the copyright owner to restrict distribution and benefit from the publishing of the work is utterly ludicrious and goes against centries of precedent for the reasons that I will summarize briefly. I don't have the inclination or time to put together a detailed point by point rebuttal of the arguments put forward by Katz and Hemos (given their faulty interpretation of copyright law, my comment could be reused in a context different than that which permission for use is granted), but what I say should be materially accurate. Now, I must preface my comment with the note that the information presented here is only general information. If you want true legal advice, you must obtain this from an attorney-client relationship with a specific understanding of all the facts in a particular situation. This information should not be relied on as a substitute for obtaining legal advice.
First, some definitions "Willful infringement":the party distributing copyrighted material was aware of infringment and went on despite this "Good faith fair use defense": Ignorance of the law is not normally exculpatory, however, demonstrating that one reasonably believed that what one did was fair use may be cause for a court to refuse to award damages.
What is considered to be copyrighted?: The presence or absence of an explicit copyright notice means essentially nothing after 1989. Posters do not place their comments into the public domain unless they give explicit notification that they do so; the notice at the bottom of every Slashdot page "All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster" lends additional credence to this concept.
When does copyright law come into effect?: If someone other than the copyright owner wants to exercise rights that exclusively belong to the owner (including reproduction, redistribution, creation of derivative works, performance, archival, or display). Some uses are, however, exempt from liability from infringement (including fair use, libraries, and certain educational purposes).
What constitutes fair use?: Traditionally, a four pronged test has applied to determine whether a specific usage falls under fair use or not. These are:
1) The nature and character of the use: nonprofit, educational, artistic, and personal uses tend to be looked upon more kindly than for-profit or commercial uses. Closer on the continium to preserving the rights of the copyright owner include criticism, newsreporting, and commentary. Note that receiving profits from the sale of a derivative work and than donating these profits to a charity does NOT fall under the category of nonprofit use; the user of the copyrighted material gains a benefit from the sell of the derivative work.
2) The nature of the copyrighted work that is being used: Works that are published and factual in character may be used more freely than creative or imaginative works. Judging from most Slashdot comments, it would appear as if many posters reflect on how incidents have affected their personal lives and emotional state. This is not neccesarily of a factual nature.
3) Amount of work used: needless to say, taking a copyrighted work in its entirety would severely diminish any plausible claim of fair use. I don't know how much of each comment Katz reproduces in his book.
4) Effect of use on status of original work: The situation in this case leans against fair use for the following four reasons. -The original comments are still available and can be accessed freely. -The copyright owner/s is/are identifiable, but, by Hemos' own admission no substantial effort was made to locate them beyond a token effort and then a comment to the effect that it was too difficult. -Avoids payment for permission in an established market, where the owner of the comment has the reasonable expectation of being compensated for the use of his or her work (witness Janes' effort to locate the people quoted in their article)
-It is the specific intention of Katz and Hemos to delete all identifying information such that no credit is given to the owner of the copyrighted work, an enormous no-no in copyright law.
Considering these facts, especially the fourth prong of the test (interpreted via Princeton University Press vs. Michigan Document Services wherein the concept that the potential for economic damage caused by use of a copyrighted work negates fair use, even without regard to the first three prongs of the test), it seems beyond question that Jon Katz has made a severe mistake in publishing what is essentially a derivative work blatantly drawing on the creative works of others, with a deliberate effort to suppress the identities of those who contributed materially to it.
This comment may NOT be published or otherwise redistributed except as part of the Slashdot web page. This comment is NOT released to the public domain and is copyrighted by the poster.
Send back their letter (in shreded, of course) in the reply envelope that they so graciously provided. Include an additional letter to the effect that:
"By opening this envelope, you agree to pay me $40 a month in perpetuity for the service of proofreading your letter. Additionally, you must give me your first born child and a selected blood sacrifice of your choice.
That's the problem; when it comes down to it, cryptography is a science of the details. There is a very important difference between, say strong primes and safe primes. The proper phrasing and selection of words is critical to conveying meaning in all fields, but especially so in one as specialized and detail-oriented as cryptgraphy. As a big picture introduction, your article is fine, although it would be nice if less detail were placed on the one time pad, however, I think that it should be prefaced with an advisory notice that one shouldn't try to implement a home grown security package once through reading it. I've seen too much crappy and insecure software that could have been bettered by a more through knowledge of basic cryptographic principles and the many intracacies and pitfalls that lie between a simple theoretical description and the actual secure implementation; posting links to the standard references (HAC is very useful, and available for reading online) would be a great improvement.
"ground up that made the a1 security level look like windows nt..."
If I'm parsing this correctly, it seems as if it would be essentially impossible for any system with a GUI to realistically be certified A1. One must have a mathematical proof of correctness of the same attributes as B1, B2 systems in order to be certified A1; the mere fact that a mouse can be moved, with all that entails (cutting/pasting, etc.), means *massive* overhead to keep track of Mandatory Access Control (the standard secrecy++, permissiveness-- model would impose insane amounts of bookkeeping to make sure every operation was permissible). Perhaps with the capabilities scheme (ex. Eros OS) could be extended to offer A1 level security, with a reasonable amount of implementation assurance, but it still seems very difficult to get the IOP flow done efficiently and securely. It's an interesting project, and I would love to hear more about it if you ever get started.
Some grips: "The solutions to the problems of shared secret exchange and weak encryption are actually quite simple."
In theory, the solutions are indeed simple, but securely implementation of the algorithms and the correct protocols to use are actually very intricate. For example, the article completely fails to mention man-in-the-middle interception and relay attacks on public key cryptosystems, nor does the article mention the importance of padding, the prevention of replay attacks on one-time nonces, and the dangers of chosen signature attacks. The article presents just enough detail that a reader might believe that the topic is covered throughly, but not enough implementation guidance that a naive reader would be able to use the information given in a reasonable secure manner.
"Additionally, the private key can be used to encrypt things. This allows anyone with the matching public key to verify the author's identity."
NO!!! The private key can be used to encrypt *only nonces that the owner of the private key can control* (message hashes and the like). This signed hash allows anyone with the corresponding public key to *verify that the hash was not modified in transit*; it says absolutely nothing about the author's identity, nor does it authenticate the contents of the message signed, beyond that the message was signed by a person possessing the corresponding private key and was not changed such that the contents hashed were modified.
"Given two cipher texts that have some form of key overlap, all a cryptanalyst has to do is "slide" them around until the number of coincidences suddenly jumps."
The method of Kasaki superpositions would not be used to solve two different messages encrypted with the same pad. Rather, one would XOR the two messages together at different offsets and compute what is known as the "text autocorrelation function" (Shannon roughness). Subsets of the XORed messages would be tested with the ACF until a certain subset more resembled English text. The I of C method does *not* apply in this case, because the assumption of multiple messages encrypted in the same polyalphabetic glyph set does not hold.
"It is known by many names; message digest, fingerprint, cryptographic checksum, contraction function, manipulation detection code (MDC), and message integrity check (MIC)."
These words are not neccesarily synonymns; it is a very sloppy use of these technical terms to use them interchangeably. A message digest refers to the output of a hash function on a specific message. A fingerprint usually refers to the output of a hash function on a specific asymetric key. A cryptographic checksum is not defined in any general usage; usually, it would mean the same as a message digest, but one would not be sure. A contraction function does not exist; compression functions do, but they are used within cryptographic hash functions in the Meyer-Damgard model of collision resistance. The terms "manipulation detection code (MDC), and message integrity check (MIC)" are not in common use, nor are their acronyms. The author may be referring to Message Authentification Codes (MACs), which are essentially keyed cryptographic hash functions.
"Also, a one-way hash function, when properly designed, will not give the same hash value for two different preimages"
The pigeonhole principle necesitates that there will be collisions once the preimage size exceeds the size of the hash value. Indeed, if the hash function is a "perfect" hash function, it will approxiamate a random function, not a random permutation on the inputs. One would expect to find a collision after 2^(hash length/2) tested preimages due to the birthday paradox.
"If your password is not something simple like an english word, it is probably secure."
NO!!! Unless your password has over 40 bits of entropy (about a random alphabetical 8 letter password, about 3 randomly selected "By now you should have a good understanding of the fundamental concepts of encryption."
If you read just this article, you would have a flawed understanding of the "fundemental concepts of encryption," but you would believe that you *did* understand it. A little knowledge is sometimes a very dangerous thing. Any serious cryptographic implementor should definitely buy _Handbook of Applied Cryptography_ by Menezes, et. al., _Applied Cryptography_ by Schiener, and _Codebreakers_ by Kahn (for historical background).
Slashdot Mirror
Only one enantiomer of thalidomide causes birth defects in the body, however, in the body, racemisation can interchange the chirality of the molecule. It is not safe to administer any enantiomer of thalidomide to any person who can become pregnant.
Flow of incompressible fluids?!?! That's what the Navier-Stokes differential equations are for. Most mathematicians believe that the GRH is almost certainly true. There will be no new applied results that suddenly arise when GRH is finally proven. We already have a very good sense of the distribution of primes, but it is not possible to predict the next prime in any real sense (that is, a priori based on being given an arbitrary prime), except for actually finding it. The GRH offers insight into how the primes are distributed, but not where a specific prime would be; RSA depends not on the difficulty of finding large primes (this is already easy: Miller-Rabin SPPTs are entirely adaquate, use eliptic curve techniques if you wish to prove primality), but rather that of decomposing large composites into primes. GRH offers no insight into how to do this; even if it did, we can merely assume that it is true, without any proof, and use the corresponding results. Proving GRH!=breaking RSA.
Minor technical quibble: when/if Goldbach's conjecture is finally decided, sieves will be probably not be used. The techniques of sieving tend not to be useful when the underlying assumption that the spliting residues of integers are distributed randomly (in a certain exact sense). This is not the case when the integers are close to each other or related to each other in some way. I'm sorry that I can't explain this any better, but Halberstam's book on sieve methods does a very admirable job if you are interested in the details.
This is a trivial, solved problem. The method of generating functions solves this and a much more general set of enumeration and probability problems. Informally, a generating function is a function whose formal power series (to be distinguished from the more familiar Taylor power series) has coeffecients equal to the corresponding value of the series that the function generates. Wilf's _Generationfunctionology_ (yes, the title is real) explains this very well, much better than I could do, since I only have a cursory understanding of these methods. By the way, even the naive approach of enumerating all the possibilities is easily computing, in a certain abstract sense. The function is primitive recursive and can be computed in polynomial time using the general methods in Knuth's _TAOCP_. Volume 4, when it comes out, will go into more detail about these techniques.
Tell me again why radioactive decay must be catalyzed by a timing device. Hint: it doesn't.
Never *ever* seed a nominally secure random number generator using the above poster's method. The Security Gods will have you taken out back and shot for blatant incompetence. Do you know how many seconds are in a day? 86400. That's about 2^16.5. Do you know what 2^40 is? 1099511627776. Do you know what 2^56 is? 72057594037927936. Do you know what 2^128 is? About 3.4028236692093846346337460743177e+38. Any more questions?
The PRNG given in Numerical Recipes is not very good. The following references assume that you are using NR/C or NR/F77. ran1 is slower than implementations of contemporary PRNGs that produce much higher quality sequences (Mersenne Twister, L'Ecuyer's ME-CF structure) and has a much shorter period. ran2 is even slower than ran1 and still has noticable statistical defects (it is too even in its lower bits; this shows up well on a low-dimensional, matched paits random walk). ran3, Knuth's/Marsaglia's subtractive generator, is faster but also produces numbers that have abysmal hyperplane spacing, as the SWB/Fibonaci recursions generators merely act as an alternate implementation of a LCG with a very large modulus. ran4 is slow and must not be used for cryptographic purposes despite its misleading name of psdes; I know of no significant statistical defects of this general, but there are obvious differential properties of the F function that make me uneasy about such a short iteration count. The generators in NR/F95 are quite a bit better. Marsaglia's shift register-like Tausworthe recursions have excellent statistical properties and operate on their iterants in entirely different ways than LCGs or other arithmetical methods like LCGs and FRSGs.
"Content providers put money into providing that content. Even NBC, which is mostly filled with drivel, spends a lot of money on editing, management and facilities. In exchange, they want a few minutes on the screen in which they can advertise. That's the quid-pro-quo: you watch their content, you pay them back with your attention to their ads.
In this content, changing the channel feels to me as if the viewer is trying to welsh on their part of the bargain.
Thanks"
How much sense did the preceeding paragraph make? None at all. There is no material difference between the situation with regards to banner ads and the situation in the case of commericials on television. I certainly did not make any bargain with the web sites that I read or visit to view their ads; they (they being the operators of the sites) chose to make their sites freely accessible to anyway with an IP address and a web browser. Did I have to click-through a license agreement to view the site? Would such a click-through license even be valid? Once the banner ads leave the server of the web site, I can do anything I want with them, including rejecting connections (via ipmasq) from the server at the port level, filtering out the images via a proxy, or instructing my browser not to display the ads.
I'd be more afraid of being hit with MTW than a dictionary. I'm a bit surprised that a grad level course in GR would be taught using _Gravitation_ as a primary text.
It's bad form to reply to my own comment, but I'll add some more details. Schiener's argument on the basis that each operation must consume at least k*T (where k is Planck's constant and T is the temperature at which the operation is performed) makes several assumptions that are not neccesarily valid. By asserting that the mean free path of a particle is a limiting factoring for the operation (ie. in the movement for a particle between two distinct [non-quantum, physical] states) he implicitly assumes that the operation must be irreversible. This is false, as computers can be theoretically be constructued with reversible logic gates, from which all other operations can be synthesized. Additionally, even in the case that k*T consitutes a valid lower bound, the temperature of the cosmic background radiation (~2.3 K) is irrelevant. Systems can be cooled to lower temperatures; there is no neccesary lower bound to how close one can bring a system to absolute zero (without reaching it, of course).
I'll preface this comment by stating that I believe that it will be computationally unfeasible to brute force a 128-bit key for the forseeable future. Nonetheless, Scheiner's thermodynamic calculation is actually incorrect, because it assumes an irreversible state change. This is not the case! There is no lower limit to the energy needed to perform an arbitrary operation. Bruce is a great cryptographer, but he's understandably not a physicist. He creates a straw man argument that, although very impressive, is actually incorrect. If you're interested in the details, email me and I'll send you more information on Tuesday when I get back to my office.
"That score doesn't reveal any of that information (neither does the AP test for that matter...) - all it measures is your aptitude, not you accomplishments."
You got it backwards. The SAT does not so much reveal an intrinsic quality of a person as abstract as "aptitude" or intellectual ability, but rather a person's accomplishments in the specific areas of 1) being able to take the SAT, 2) knowing the definitions of certain words, 3) minimal comprehension, and 4) rudimentary math skills. All of these are *learned*, not a measure of how "smart" or "capable" a person is.
The quality of instruction at a Some Random Large State University is no worse than the quality of instruction at Really Expensive Ivy League School. In both cases, the average class/section will be taught by a graduate student and you'll be quite lucky if the professor even knows the names of ten people in the entire course. I submit that one obtains two main benefits from going to college: social interaction with other people, access to facilities.
Oh, and the requirement for a certain score on the SATs? Frankly, the SATs are more a measure of socioeconomic status and ability/training to take the test than of any innate quality of intelligence. The requirement reeks of elitism and discrimination against those who do not have the opportunity to take review courses or other such techniques to artifically increase a person's score over what he or she would have ordinarily scored. Moreover, what precisely does the SAT measure? It certainly does not measure critical thinking skills, nor is it a predictor of future success (high school grades are significantly more reliable). Is it truly just for a university that nominally presupposes to offer open access and transparency to base their admissions to such a large degree on an indicator that lacks real validity and implicitly places certain groups at a distinct and quantifiable advantage?
I won't even bother responding to the first part of your posting (the ability to audit code is not the same as the actual auditing code). But your "ideal solution" is so utterly unrealistic that I think it deserves some comment. Are you aware of the halting problem? Then I suppose you realize that the determination of whether a specific invocation of a black box function (ie. we can neglect the behavior/side effects of the function and the result still holds) is "safe" or "unsafe" is reducable to a more general decision problem that is known to be undecidable in the deterministic Turing machine model of computation. Translation: if you think this "tiny little perl script" is so easy, please write it (or even a plausible prototype) and earn everlasting fame for disproving the Church-Turing thesis. Just remember, your perl script does not know anything more about the flow of the program than your C compiler (and probably a good deal less). It cannot determine what input will be presented to a given function or program unless you resort to alternate or supplemental descriptive formal languges, but if you're going to go the route to theorem proving and validation, why bother with C?
OT, but...
Funny, but if you're going to be off-topic, try not to take your material from someone else without giving credit. I've seen a very similar copy of this about "dark suckers" and how dark travels faster than light.
ObFlame: This is known as plagiarism (also called the "Jon Katz wants to sell a book technique").
The dirt counter doesn't actually "see" the dirt. It uses a property known as oblique Reynolds scattering to detect the glint that dirt reflects back at a photodiode. Photolithography is the only practical technique to mass produce ICs. If they were to use a laser to trace each path, it would literally take years for a single chip to be made (think of how many miles of circuit paths there are in even a small IC).
Quantum electron tunneling can be modelled to a first order by psi(x)=e^(-i*k*L*x) where k is sqrt((8*pi^2*m*(K_e-U_b))/h^2)) and L is the width of the potential barrier, K_e is the kinetic energy of the electron and U_b is the height potential barrier. My impression (ie. I didn't plug in any numbers) is that quantum tunnelling effects will be not be significant at normal operating parameters if the insulation material has a sufficiently high dielectric constant (greater than 3.5 should be enough). The tunneling probability is (psi(x))^2, where the standard rules of taking squaring imaginary numbers applies (psi(x)*psi_bar(x)).
There are so many errors in the comment that I'm replying to that I am aghast that somebody would post this.
Electricity is essentially the movement of electrons, not protons. Protons do not (normally) move from atom to atom. Electrons certainly DO NOT travel faster than the speed of light. Electrons have finite mass; if they traveled at the speed of light, the Lorentz transformation equations assert that they would infinite mass. I assure you that the electrons in your computer do not have infinite mass. In fact, electrons usually travel far slower than that. The conduction speed of copper wire is in the range of a few thousand meters per second at best. Light (well, actually photons) travels faster than anything else. The speed of light is an absolute speed limit in our universe and is a fundamental physical constraint. Your comment is both off-topic and wrong.
As for the rest of your post, you've been suckered into responding to a quite funny comment. There's just enough techno-mumbo and vaguely plausible sounding physics to get Slashdot karma whores (tm) to reply with corrections (in analogy with StreetLawyerGuy and DumbMarketingGuy). Kudos to all three.
The G4 is not considered a supercomputer. I have no idea where you get that from; the current High Performance Computing export restriction thresholds are considerably higher the sustained MTOPS that the G4 can acheive. I recommend checking out the Cox Report and "High-Performance Computing, National Security Applications, and Export Control Policy at the Close of the 20 th Century" (Goodman, Wolcott, Homer) for more information. Not that this matters much, considering that every nuclear weapon currently in service was designed on a computer with less power than the average desktop Pentium 2, Athlon, or G4...
[screams] If you're going to be pedantic, please be pedantically correct :-).
Inductance!=current. Inductance is the ability of a changing magnetic flux through a closed surface loop to induce a corresponding current (or electric field) along the edge of the closed surface.
Energy is NOT measured in volts (the units are dimensionally inconsisten). Volts measure a potential difference between the points; in effect, the work that needs to be done to take a unit charge from one point in a field to another.
E is not the symbol for voltage in any context I have ever seen. E is usually the symbol for the vector field representing the electric field.
Your equations only work for a constant current, not for the alternating current used in computers. You have not accounted for the phase shift caused by capacitance effects in the circuit.
This comment may NOT be published or otherwise redistributed except as part of the Slashdot web page. This comment is NOT released to the public domain and is copyrighted by the poster.
"Comments were used. They were posted in a public forum, which means that anyone can quote from them - but we've removed any sort of identifying marks, to protect people. This was down to impress upon those reading the gravity of the situation."
Although I must confess that the last sentence of the above quote seems incoherent to me, it seems that Jon Katz's understanding of fair use law is flawed and incomplete. Asserting that the publishing of a copyrighted work into a public forum nullifies the right of the copyright owner to restrict distribution and benefit from the publishing of the work is utterly ludicrious and goes against centries of precedent for the reasons that I will summarize briefly. I don't have the inclination or time to put together a detailed point by point rebuttal of the arguments put forward by Katz and Hemos (given their faulty interpretation of copyright law, my comment could be reused in a context different than that which permission for use is granted), but what I say should be materially accurate. Now, I must preface my comment with the note that the information presented here is only general information. If you want true legal advice, you must obtain this from an attorney-client relationship with a specific understanding of all the facts in a particular situation. This information should not be relied on as a substitute for obtaining legal advice.
First, some definitions
"Willful infringement":the party distributing copyrighted material was aware of infringment and went on despite this
"Good faith fair use defense": Ignorance of the law is not normally exculpatory, however, demonstrating that one reasonably believed that what one did was fair use may be cause for a court to refuse to award damages.
What is considered to be copyrighted?: The presence or absence of an explicit copyright notice means essentially nothing after 1989. Posters do not place their comments into the public domain unless they give explicit notification that they do so; the notice at the bottom of every Slashdot page "All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster" lends additional credence to this concept.
When does copyright law come into effect?: If someone other than the copyright owner wants to exercise rights that exclusively belong to the owner (including reproduction, redistribution, creation of derivative works, performance, archival, or display). Some uses are, however, exempt from liability from infringement (including fair use, libraries, and certain educational purposes).
What constitutes fair use?: Traditionally, a four pronged test has applied to determine whether a specific usage falls under fair use or not. These are:
1) The nature and character of the use: nonprofit, educational, artistic, and personal uses tend to be looked upon more kindly than for-profit or commercial uses. Closer on the continium to preserving the rights of the copyright owner include criticism, newsreporting, and commentary. Note that receiving profits from the sale of a derivative work and than donating these profits to a charity does NOT fall under the category of nonprofit use; the user of the copyrighted material gains a benefit from the sell of the derivative work.
2) The nature of the copyrighted work that is being used: Works that are published and factual in character may be used more freely than creative or imaginative works. Judging from most Slashdot comments, it would appear as if many posters reflect on how incidents have affected their personal lives and emotional state. This is not neccesarily of a factual nature.
3) Amount of work used: needless to say, taking a copyrighted work in its entirety would severely diminish any plausible claim of fair use. I don't know how much of each comment Katz reproduces in his book.
4) Effect of use on status of original work: The situation in this case leans against fair use for the following four reasons.
-The original comments are still available and can be accessed freely.
-The copyright owner/s is/are identifiable, but, by Hemos' own admission no substantial effort was made to locate them beyond a token effort and then a comment to the effect that it was too difficult.
-Avoids payment for permission in an established market, where the owner of the comment has the reasonable expectation of being compensated for the use of his or her work (witness Janes' effort to locate the people quoted in their article)
-It is the specific intention of Katz and Hemos to delete all identifying information such that no credit is given to the owner of the copyrighted work, an enormous no-no in copyright law.
Considering these facts, especially the fourth prong of the test (interpreted via Princeton University Press vs. Michigan Document Services wherein the concept that the potential for economic damage caused by use of a copyrighted work negates fair use, even without regard to the first three prongs of the test), it seems beyond question that Jon Katz has made a severe mistake in publishing what is essentially a derivative work blatantly drawing on the creative works of others, with a deliberate effort to suppress the identities of those who contributed materially to it.
This comment may NOT be published or otherwise redistributed except as part of the Slashdot web page. This comment is NOT released to the public domain and is copyrighted by the poster.
Send back their letter (in shreded, of course) in the reply envelope that they so graciously provided. Include an additional letter to the effect that:
"By opening this envelope, you agree to pay me $40 a month in perpetuity for the service of proofreading your letter. Additionally, you must give me your first born child and a selected blood sacrifice of your choice.
Thank you for your business."
That's the problem; when it comes down to it, cryptography is a science of the details. There is a very important difference between, say strong primes and safe primes. The proper phrasing and selection of words is critical to conveying meaning in all fields, but especially so in one as specialized and detail-oriented as cryptgraphy. As a big picture introduction, your article is fine, although it would be nice if less detail were placed on the one time pad, however, I think that it should be prefaced with an advisory notice that one shouldn't try to implement a home grown security package once through reading it. I've seen too much crappy and insecure software that could have been bettered by a more through knowledge of basic cryptographic principles and the many intracacies and pitfalls that lie between a simple theoretical description and the actual secure implementation; posting links to the standard references (HAC is very useful, and available for reading online) would be a great improvement.
"ground up that made the a1 security level look like windows nt..."
If I'm parsing this correctly, it seems as if it would be essentially impossible for any system with a GUI to realistically be certified A1. One must have a mathematical proof of correctness of the same attributes as B1, B2 systems in order to be certified A1; the mere fact that a mouse can be moved, with all that entails (cutting/pasting, etc.), means *massive* overhead to keep track of Mandatory Access Control (the standard secrecy++, permissiveness-- model would impose insane amounts of bookkeeping to make sure every operation was permissible). Perhaps with the capabilities scheme (ex. Eros OS) could be extended to offer A1 level security, with a reasonable amount of implementation assurance, but it still seems very difficult to get the IOP flow done efficiently and securely. It's an interesting project, and I would love to hear more about it if you ever get started.
Some grips:
"The solutions to the problems of shared secret exchange and weak encryption are actually quite simple."
In theory, the solutions are indeed simple, but securely implementation of the algorithms and the correct protocols to use are actually very intricate. For example, the article completely fails to mention man-in-the-middle interception and relay attacks on public key cryptosystems, nor does the article mention the importance of padding, the prevention of replay attacks on one-time nonces, and the dangers of chosen signature attacks. The article presents just enough detail that a reader might believe that the topic is covered throughly, but not enough implementation guidance that a naive reader would be able to use the information given in a reasonable secure manner.
"Additionally, the private key can be used to encrypt things. This allows anyone with the matching public key to verify the author's identity."
NO!!! The private key can be used to encrypt *only nonces that the owner of the private key can control* (message hashes and the like). This signed hash allows anyone with the corresponding public key to *verify that the hash was not modified in transit*; it says absolutely nothing about the author's identity, nor does it authenticate the contents of the message signed, beyond that the message was signed by a person possessing the corresponding private key and was not changed such that the contents hashed were modified.
"Given two cipher texts that have some form of key overlap, all a cryptanalyst has to do is "slide" them around until the number of coincidences suddenly jumps."
The method of Kasaki superpositions would not be used to solve two different messages encrypted with the same pad. Rather, one would XOR the two messages together at different offsets and compute what is known as the "text autocorrelation function" (Shannon roughness). Subsets of the XORed messages would be tested with the ACF until a certain subset more resembled English text. The I of C method does *not* apply in this case, because the assumption of multiple messages encrypted in the same polyalphabetic glyph set does not hold.
"It is known by many names; message digest, fingerprint, cryptographic checksum, contraction function, manipulation detection code (MDC), and message integrity check (MIC)."
These words are not neccesarily synonymns; it is a very sloppy use of these technical terms to use them interchangeably. A message digest refers to the output of a hash function on a specific message. A fingerprint usually refers to the output of a hash function on a specific asymetric key. A cryptographic checksum is not defined in any general usage; usually, it would mean the same as a message digest, but one would not be sure. A contraction function does not exist; compression functions do, but they are used within cryptographic hash functions in the Meyer-Damgard model of collision resistance. The terms "manipulation detection code (MDC), and message integrity check (MIC)" are not in common use, nor are their acronyms. The author may be referring to Message Authentification Codes (MACs), which are essentially keyed cryptographic hash functions.
"Also, a one-way hash function, when properly designed, will not give the same hash value for two different preimages"
The pigeonhole principle necesitates that there will be collisions once the preimage size exceeds the size of the hash value. Indeed, if the hash function is a "perfect" hash function, it will approxiamate a random function, not a random permutation on the inputs. One would expect to find a collision after 2^(hash length/2) tested preimages due to the birthday paradox.
"If your password is not something simple like an english word, it is probably secure."
NO!!! Unless your password has over 40 bits of entropy (about a random alphabetical 8 letter password, about 3 randomly selected
"By now you should have a good understanding of the fundamental concepts of encryption."
If you read just this article, you would have a flawed understanding of the "fundemental concepts of encryption," but you would believe that you *did* understand it. A little knowledge is sometimes a very dangerous thing. Any serious cryptographic implementor should definitely buy _Handbook of Applied Cryptography_ by Menezes, et. al., _Applied Cryptography_ by Schiener, and _Codebreakers_ by Kahn (for historical background).