Comment not meant as flamebait - just pointing out that your intro is as "insufficient and vague" as the previous posters was "deceptive and incorrect". Sorry for any offense.
Anyway, details of NFS being applicable to DLP can be found in e.g. pg 262 Applied Crypto 2nd Ed by Schneier, or in the crypto bible Handbook of Applied Cryptography by Menezes et al. A complete copy of this definitive text is available online in PDF format here. See pg 128/129.
Yes! The machine doesn't attack RSA per-se but is a speed up related to the more generic NFS algorithm. NFS similarly works against DLP based problems (e.g. Diffie-Hellman, Elgamal etc).
"Conclusion, the intro should read "1024-bit asymmetric encryption that relies on the difficulty of prime factoring (e.g RSA) should no longer be considered pristine"
This enhancement to the NFS can also be used against DLP based cryptosystems (e.g. Elgamal, DH, possibly DSS) - your intro is insufficient and vague.
RFC2440, which defines the OpenPGP standard, already reserves 3 AES keys sizes (128, 192, 256-bit).
Gnupg already supports AES in all 3 block sizes and so does 'official' PGP v7.0x.
PGP since v7.x hasn't been open source, so you won't find any details at www.pgpi.org. The best way to add AES support to previous 'open source' versions is to use the CKT builds by Imad. These are still based upon the v6.58 code base but contains dozens of fixes and improvements.
"And almost every 2000 server runs IIS for terminal server"
Erm, I work for a Citrix Gold partner and I've never encountered this before. Installing Terminal Server does not require IIS.
In fact, according to M$ recommendations, you should minimise the services running on the TS box.....That means no IIS.
Also, the "smaller but more servers vs fewer 8 way servers" for TS debate has been done and dusted, and the recommendation certainly isn't for having fewer large servers. The "sweet spot" is a farm of dual processor servers with 1.5Gb of RAM, thus you wouldn't need Data Center anyway - normal W2k Server would be more than adequate.
Thanks for the comments Dave. A free, open source (GPL'd) version of Scramdisk is in final Alpha testing and a Beta version will be released soon. This version will support just Blowfish and 3DES to begin with, but will certainly support WAV steganography out of the box.
I was at the World Trade Center on Saturday the 8th of September, 2001....It was my first visit to the States from England and I was in awe at the city and WTC.
This is probably a stupid point from a Linux newbie, but don't you have to add a "| sort | uniq"? My limited understanding is that uniq only removes duplicate consecutive entries?
That's an interesting perspective, but my experience differs. I work for a consulting firm that deals with pretty big corporations and we find that the significant portions of desktop TCO are:
"User initiated" faults. E.g. user doing something wrong requiring a technician to visit. W2k / NT doesn't really help (though correct permissions, mandatory profiles and strict policies is certainly a step in the right direction!).
HW failure. Irrespective of underlying OS
OS faulure. A tiny TCO concern. If win9x crashes, restart. If 5 minutes every other day is significant then you need to rethink your IT policy seriously!
Software upgrade cycle. E.g. the cost of deploying and supporting new version of office every 18 months, SP's every 6 months, patches every month.
(Related to the last point) The largest TCO factor is the firm link between the application lifecycle and the infrastructure lifecycle. The costs for upgrading 10,000 desktops to 128Mb of RAM, 800x600, 3Gb HD space free, 500Mhz+ are massive. That's why companies have a "PC Burn Rate" of about 18 to 24 months.
Companies are finding that they need to confront these issues and generally find:
"Staying still" doesn't work. New applications often, but not always provide competitive advantage to the business.
Mainframe technology solves some of the issues but there is a poor percieved user experience.
Server based computing technologies (e.g. MS TSE, Citrix Metafram, Tarantella etc) solve most or all of these problems. You get great managability, scalability and resilience combined with a rich and familiar user experience.
For me, the best thing that the non-MS community can do is produce something to rival Terminal Server or Citrix. E.g. the ability to support _thin_ clients, management functionallity, a decent remote protocol (X is heavy!) offering client side caching, compression etc.
Slashdot Mirror
Comment not meant as flamebait - just pointing out that your intro is as "insufficient and vague" as the previous posters was "deceptive and incorrect". Sorry for any offense.
Anyway, details of NFS being applicable to DLP can be found in e.g. pg 262 Applied Crypto 2nd Ed by Schneier, or in the crypto bible Handbook of Applied Cryptography by Menezes et al. A complete copy of this definitive text is available online in PDF format here. See pg 128/129.
NFS is not applicable to ECC at all....
Diffie-Hellman, El Gamal and other similar DLP based algorithms will also be affected by this NFS improvement.
Yes! The machine doesn't attack RSA per-se but is a speed up related to the more generic NFS algorithm. NFS similarly works against DLP based problems (e.g. Diffie-Hellman, Elgamal etc).
The NFS factoring algorithm is subexponential - adding a bit doesn't even nearly double the strength.
"but this IS exponentially hard work"
NFS is sub-exponential...It's a "hard problem", but it's not exponential (erm, see e.g. here).
"Conclusion, the intro should read "1024-bit asymmetric encryption that relies on the difficulty of prime factoring (e.g RSA) should no longer be considered pristine"
This enhancement to the NFS can also be used against DLP based cryptosystems (e.g. Elgamal, DH, possibly DSS) - your intro is insufficient and vague.
Only under the assumption that an adversary has (2^56)*8 bytes of storage available...
524,288Tb of resilient storage is pretty infeasible...
Double DES isn't easier to break than DES. It's harder, in fact a lot harder, just not as strong as one would naively believe it would be.
Do a search for "meet in the middle attack" to find out why 2DES isn't as strong as 3DES.
Yes, we have Pizza Huts in Europe. Well, we do in England....
Having read your response I feel justified in feeling superior.
If you judge people by their name (and associate Imad with "I Mad", as per your previous post), then I feel sorry for you.
By the tone of your response, I guess I was right about the American part ;)
The guys name is "Imad R. Faiad".
let me guess, you're American, right? ;)
RFC2440, which defines the OpenPGP standard, already reserves 3 AES keys sizes (128, 192, 256-bit).
Gnupg already supports AES in all 3 block sizes and so does 'official' PGP v7.0x.
PGP since v7.x hasn't been open source, so you won't find any details at www.pgpi.org. The best way to add AES support to previous 'open source' versions is to use the CKT builds by Imad. These are still based upon the v6.58 code base but contains dozens of fixes and improvements.
At eWeek.
It's previously been argued that Andrea's VM doesn't work with NUMA architectures, hence work should continue on Rik's 2.4.x design
Not a problem now, but it's one of the major aims of 2.5, according to Linus. Anyone know how they are going to square this circle?
"I don't know of one bank that uses a non-IIS platform."
You need to look harder then. The first 5 banks I could be bothered to look at:
Your out of luck I'm afraid buddy as this is a "feature" of TS.
Adding Citrix XPs with give you more colours, better management tools etc.
"And almost every 2000 server runs IIS for terminal server"
Erm, I work for a Citrix Gold partner and I've never encountered this before. Installing Terminal Server does not require IIS.
In fact, according to M$ recommendations, you should minimise the services running on the TS box.....That means no IIS.
Also, the "smaller but more servers vs fewer 8 way servers" for TS debate has been done and dusted, and the recommendation certainly isn't for having fewer large servers. The "sweet spot" is a farm of dual processor servers with 1.5Gb of RAM, thus you wouldn't need Data Center anyway - normal W2k Server would be more than adequate.
But:
* 2001-10-18 23:08:39 Microsoft Digital Rights Management broken? (articles,news) (rejected)
Yeah, I'm the person who spotted this on sci.crypt and got it mirrored on www.cryptome.org.
If Slashdot would have published my story last night then they'd have been breaking the news rather than chasing after the register. Sigh.
"The biggest potential users of this would have been the Slashdot types"
Slashdot types generally run Linux / Solaris / *BSD and have more sense than that run closed source security packages produced by NAI.
Come to think of it, most users here have an operating system that comes with GnuPG! Why would you bother using PGP at all?!?
Thanks for the comments Dave. A free, open source (GPL'd) version of Scramdisk is in final Alpha testing and a Beta version will be released soon. This version will support just Blowfish and 3DES to begin with, but will certainly support WAV steganography out of the box.
Keep an eye on www.scramdisk.eu.org for details.
Suddenly my .sig seems in fashion again!
I was at the World Trade Center on Saturday the 8th of September, 2001....It was my first visit to the States from England and I was in awe at the city and WTC.
Some pictures from the top of and from the outside of the WTC are here: http://www.samsimpson.com/pictures.php?dir=galleri es/newyork/wtc/
Simply unbelievable :(
My first visit to the States (from England) was last Thursday to New York City.
These photos were taken of and from the World Trade Center (building 2) on Saturday early afternoon.
I'm not an emotional guy, but it's shocking to believe the devastation and loss of life that would be caused by an attack on these building.
....proudly sports the "Powered by Win2000 Server logo".
I fucking know that you are running Win2k server, that's why you're infected with code red and attacking my poor linux box ;)
This is probably a stupid point from a Linux newbie, but don't you have to add a "| sort | uniq"? My limited understanding is that uniq only removes duplicate consecutive entries?
That's an interesting perspective, but my experience differs. I work for a consulting firm that deals with pretty big corporations and we find that the significant portions of desktop TCO are:
Companies are finding that they need to confront these issues and generally find:
For me, the best thing that the non-MS community can do is produce something to rival Terminal Server or Citrix. E.g. the ability to support _thin_ clients, management functionallity, a decent remote protocol (X is heavy!) offering client side caching, compression etc.