The probability of finding two certificates that have the same hash is almost nil. This is because just a random string is not a certificate - a certificate have a definite and meaningful structure and the probability that you can find two certs having the same structure and definition AND same hash is virtually zero.
My understanding of the 'attack' is that given the hash it is now computationally inexpensive to generate a possible 'message'. This 'message' would probably not be a valid certificate you can use.
They didn't find a way to exploit the collisions, they found a way to generate it, that is, given a hash, generate a message that will hash to it.
Of course, this is not likely to be the original, but the crucial thing is that it can still be used as a usable substitute - like in password checking. There are ways to make this harder to attack on the application layer - for example, by salting the message before hashing, so that if the hash has been intercepted, you cannot get back a usable password you can generate collisions.
Sounds great, except that even if you could generate a malignant one from the hash, it would be gibberish and nothing like a certificate which you can apply to a website.
There is no way of proving that humans are non-deterministic, 'free-will' could conceivably be preordained and therefore illusionary. Perhaps we are just so impossibly complex that it seems that way, but everything can still be deterministic.
Which country again? I'm from Malaysia, and AFAIK the service is only compulsory to about 18% of 18 year-olds selected by lottery, and that the 'service' is non-strenuous and more of a fun-and-games camping trip to promote racial integration rather than for national defence.
Oh yeah? I had friends who worked with him in Cambridge's DAMTP (Dept of Applied Maths and Theoretical Physics), and they all agree that he can be an insensitive bitch who would not hesistate nor temper his synthesized insults. So he is disabled and disadvantaged, boo hoo, but this sort of behaviour is inexcusable.
This is a heavy, conservative right-wing magazine.
Huh, what are you smoking? The Economist might be slanted towards pro-globalization and pro-free trade, but I usually find their op-eds well balanced - if they do take positions, they usually justify it quite well, and they present facts from both sides.
You want heavy, conservative right-wing? Try Time or Newsweek!
Re:Am I the only one saying WTF?
on
Spider-Man in India
·
· Score: 0, Redundant
Spiderman is only the beginning of the trend. Next to go will be this!
Yeah, but now that you've invested your time on.NET and are very productive, are you willing to throw out for WinFX, Avalon, XAML, which is apparently as compatible to.NET as VB6 is to VB.NET. Almost everyone agrees that.NET is good, so why can't they just extend it for Longhorn instead of ripping it all out? I don't see major overhauls like this happening to Java libraries.
Even if the formula always gives a prime, it is not recursively generative, because the formula only works if you can list down *all* the primes up till P(X) = P(1) * P(2) *... P(N) + 1.
Which is to say that P(N+1) is not neccessarily P(X). To reuse the formula you need to find P(N+1) , P(N+2), P(N+3)... P(X-1) as well. If N is large, then there are really a LOT of primes in between still unknown and difficult to determine.
Even if the formula always gives a prime, it is not recursively generative, because the formula only works if you can list down *all* the primes up till P(X) = P(1) * P(2) *... P(N) + 1.
Which is to say that P(N+1) is not neccessarily P(X). To reuse the formula you need to find P(N+1) , P(N+2), P(N+3)... P(X-1) as well. If N is large, then there are really a LOT of primes in between still unknown and difficult to determine.
The infinitude of primes, my friend, is one of the most basic thing in maths class, have you been sleeping? The prove (attributed to Euclid) is simply that say P(n) is the nth prime and the largest prime, then P(1) * P(2) * P(3) *... P(n) + 1 will give you a even bigger prime (since it is not divisable by any of the other primes), so P(n) can't be the largest prime.
You can sue over anything and everything. However, your suit can be dismissed with prejudice, and even charged with contempt or crime of barratry, depending on how poorly conceived your suit is.
Um, Mono is not a viable alternative to Microsoft.NET stack - it IS an implementation of the.NET stack that would run on non-Windows platform. Therefore the competition is NOT on the.NET stack itself but on the OS. A sort-of-viable alternative is perhaps Java or if someone invents something new and comparable.
As for.NET not being mainstream until longhorn comes out -- well it appears.NET is already on its way to obsolesence, as new longhorn technologies like Avalon, XAML, WinFS seems poise to make.NET seem like what DCOM was yesterday.
Slashdot Mirror
The probability of finding two certificates that have the same hash is almost nil. This is because just a random string is not a certificate - a certificate have a definite and meaningful structure and the probability that you can find two certs having the same structure and definition AND same hash is virtually zero.
My understanding of the 'attack' is that given the hash it is now computationally inexpensive to generate a possible 'message'. This 'message' would probably not be a valid certificate you can use.
They didn't find a way to exploit the collisions, they found a way to generate it, that is, given a hash, generate a message that will hash to it.
Of course, this is not likely to be the original, but the crucial thing is that it can still be used as a usable substitute - like in password checking. There are ways to make this harder to attack on the application layer - for example, by salting the message before hashing, so that if the hash has been intercepted, you cannot get back a usable password you can generate collisions.
Sounds great, except that even if you could generate a malignant one from the hash, it would be gibberish and nothing like a certificate which you can apply to a website.
I hope my boss doesn't read Slashdot!
There is no way of proving that humans are non-deterministic, 'free-will' could conceivably be preordained and therefore illusionary. Perhaps we are just so impossibly complex that it seems that way, but everything can still be deterministic.
Heh, this *is* really quite insightful! I wonder which point the OSS is at right now...
Which country again? I'm from Malaysia, and AFAIK the service is only compulsory to about 18% of 18 year-olds selected by lottery, and that the 'service' is non-strenuous and more of a fun-and-games camping trip to promote racial integration rather than for national defence.
ROTFL
How about quantum encryption? Assuming that it can be done, it cannot be broken by any brute force and any false attempts will mess up quantum states.
After all, a lot of what's in your piss is there because your body decided it didn't want it.
Right, so your body will want someone else's piss?
So if there are two in the company, problem solved, just loop the piss between both of them.
Frontal Assault comes close enough!
Oh yeah? I had friends who worked with him in Cambridge's DAMTP (Dept of Applied Maths and Theoretical Physics), and they all agree that he can be an insensitive bitch who would not hesistate nor temper his synthesized insults. So he is disabled and disadvantaged, boo hoo, but this sort of behaviour is inexcusable.
This is a heavy, conservative right-wing magazine.
Huh, what are you smoking? The Economist might be slanted towards pro-globalization and pro-free trade, but I usually find their op-eds well balanced - if they do take positions, they usually justify it quite well, and they present facts from both sides.
You want heavy, conservative right-wing? Try Time or Newsweek!
Spiderman is only the beginning of the trend. Next to go will be this!
Yeah, but now that you've invested your time on .NET and are very productive, are you willing to throw out for WinFX, Avalon, XAML, which is apparently as compatible to .NET as VB6 is to VB.NET. Almost everyone agrees that .NET is good, so why can't they just extend it for Longhorn instead of ripping it all out? I don't see major overhauls like this happening to Java libraries.
Accidently posted to parent, reposted.
... P(X-1) as well. If N is large, then there are really a LOT of primes in between still unknown and difficult to determine.
Even if the formula always gives a prime, it is not recursively generative, because the formula only works if you can list down *all* the primes up till P(X) = P(1) * P(2) *... P(N) + 1.
Which is to say that P(N+1) is not neccessarily P(X). To reuse the formula you need to find P(N+1) , P(N+2), P(N+3)
Even if the formula always gives a prime, it is not recursively generative, because the formula only works if you can list down *all* the primes up till P(X) = P(1) * P(2) *... P(N) + 1.
... P(X-1) as well. If N is large, then there are really a LOT of primes in between still unknown and difficult to determine.
Which is to say that P(N+1) is not neccessarily P(X). To reuse the formula you need to find P(N+1) , P(N+2), P(N+3)
... sorry, P(1) * P(2) * P(3) ... P(n) + 1 is either a bigger prime or divisable by a bigger prime that P(n), therefore a bigger prime exists!
The infinitude of primes, my friend, is one of the most basic thing in maths class, have you been sleeping? The prove (attributed to Euclid) is simply that say P(n) is the nth prime and the largest prime, then P(1) * P(2) * P(3) * ... P(n) + 1 will give you a even bigger prime (since it is not divisable by any of the other primes), so P(n) can't be the largest prime.
It's what's between them!
It's a no-brainer
Amended as follows:
You can sue over anything and everything. However, your suit can be dismissed with prejudice, and even charged with contempt or crime of barratry, depending on how poorly conceived your suit is.
Um, Mono is not a viable alternative to Microsoft .NET stack - it IS an implementation of the .NET stack that would run on non-Windows platform. Therefore the competition is NOT on the .NET stack itself but on the OS. A sort-of-viable alternative is perhaps Java or if someone invents something new and comparable.
.NET not being mainstream until longhorn comes out -- well it appears .NET is already on its way to obsolesence, as new longhorn technologies like Avalon, XAML, WinFS seems poise to make .NET seem like what DCOM was yesterday.
As for
Do take a look at Miguel's interview from about a week ago.
I don't get you. You are saying that the DOS causes the server to reboot, until a hotfix was applied?
Yes, there was a list of hotfixes for computers with specific issues with the MS04-11 patch - but none of it seem to be that your computer would continually reboot, unless you are really infected with sasser itself.