You don't buy the lowest spec unless you are reaching to afford the car at all.
I just wanted to chime in that, generally, this is not true. I often buy lower-spec things when I can easily afford the high-end versions because if the lower-spec one does what I need, then why burn money for no reason?
Tesla, however, is aiming squarely at the "rich people who like to show off" market, so your characterization in this case is probably correct.
What really needs to happen to regain trust in crypto algorithms generated by the US is to split the NSA into two separate organizations.
I disagree. Doing so would be a necessary precursor to developing trust, but there would be exactly zero reason to trust the new "defensive" agency any more than the NSA as it exists now.
Trust is earned, and the way people or entities earn trust is to demonstrate trustworthiness over time.
Just a little PR tip: "onboarding" is a term that implies registering and getting oriented with an outside party (usually an employer). You might want to use a different term when you're arguing that the process is completely private.
But perhaps we should reset. The comment I was replying to was asserting that algorithmic encryption shouldn't be used, and OTPs should be used instead. My assertion is that's not right, because OTPs cannot be used for most of the things we use algorithmic encryption for without eliminating the good part of OTPs -- that they're unbreakable.
When you dispense with the technical arguments, all you have left are arguments about parentage, which don't really help with understanding the worth of algorithms.
This is true -- and pretty much the point I was making. There is no set amount of study that can guarantee the algorithms, but the more study, the better the chance that they're OK. So the amount "required" depends in large part on how much you trust where they came from. The parentage of these is not trustworthy, so it's not unreasonable to avoid them. In fact, it's the smartest thing to do from a security standpoint.
The key doesn't need to be the same length as the cleartext, it can be considerably shorter. This does weaken the encoding, but not fatally.
I suppose that we may differ on the definition of "fatally", but by my thinking, it weakens it fatally. (I count something as "fatally" weakened if it can be broken in a reasonable amount of time using readily available resources).
Even using a source of random numbers that isn't close to being complete random fatally weakens it, as several entities discovered during WWII.
Not so. Their name is the "National Security Agency". Their purpose is "National Security", not "Pushing crypto they can break".
Not so, at least not according to the NSA. Yes, their purpose is to be a part of the national security framework. Their role in that is informational security: mostly, subverting the informational security of other nations. Also, protecting domestic informational security. However, they don't consider being vulnerable to the NSA as counting as "vulnerable" in terms of domestic security.
The latter is a policy that the NSA has adopted, an interpretation of their purpose.
No, it is part of their mandate.
Unbreakable crypto is, in fact, becoming the norm.
It is? Where is all this unbreakable crypto? I'm only aware of one (one-time pads), but it's not in common use outside of spy agencies.
How is it there wasn't a community of, I dunno, open source crypto developers, paid for by, I dunno, college research grants across the globe to figure this stuff out?
There was (not open source, but not secret either). It just wasn't in the US.
The laws in those days presented a very strong disincentive to engage in crypto work within US borders.
Here's the thing -- if the algorithms include an intentional weakness, it could take years of study to find it. That nobody's found weakness yet isn't compelling in terms of increasing trust.
Because of this, a large amount of trust is required when accepting them. When the entity that is very eager to get these adopted is one that has clearly demonstrated that it can't be trusted, rejecting the algorithms is completely reasonable.
Perhaps they're fine, I don't know, but it seems prudent to be extraordinarily cautious about them before blessing them as standards. Let everyone study them for a few years to reduce the need to trust the NSA.
Yes. However, given that the key has to be the same length as the cleartext and can never be reused, that makes it an unworkable solution for two-way electronic communications.
It's just barely feasible for things like numbers stations.
One time pads are absolutely a form of encryption. They mathematically transform the cleartext. They don't just "move things around" (they don't move things around at all).
People are fond of this saying, but it's not now, nor has it ever been, true, or at least not in the sense it's usually intended (it is true in the sense that no lock is impenetrable).
The purpose of locks (physical or digital) is to increase the effort required to gain unauthorized entry. Locks keep out more than just honest people -- they also keep out criminals unwilling or unable to expend the required resources to break them.
Essentially, it's using economics as a self-defense measure.
Slashdot Mirror
What could Berners-Lee do?
I dunno, maybe stand up for what's right? Even if doing so is futile, it's still worth doing.
When asked to defend our position, we talk about free speech but what we really mean is free beer.
Who's this "we"? Because there are an awful lot of people not in the group you describe.
The alternative to EME isn't no DRM; it's Adobe Flash.
Umm, no, that's not even remotely true. There are many other alternatives.
Mozilla is not that desperate to go out of business.
From the outside, it sure looks like they are.
You don't buy the lowest spec unless you are reaching to afford the car at all.
I just wanted to chime in that, generally, this is not true. I often buy lower-spec things when I can easily afford the high-end versions because if the lower-spec one does what I need, then why burn money for no reason?
Tesla, however, is aiming squarely at the "rich people who like to show off" market, so your characterization in this case is probably correct.
Let's hope this is the start of a trend.
I should have added a qualifier to my statement:
Are there really people who don't see that other reasonable people can find this straight-up creepy?
I'm not arguing the feature is bad, I'm merely stating that it not exactly beyond understanding why some people who recoil at it.
What really needs to happen to regain trust in crypto algorithms generated by the US is to split the NSA into two separate organizations.
I disagree. Doing so would be a necessary precursor to developing trust, but there would be exactly zero reason to trust the new "defensive" agency any more than the NSA as it exists now.
Trust is earned, and the way people or entities earn trust is to demonstrate trustworthiness over time.
not doing it yourself isn't really enough to protect you, someone in your vicinity doing it is already bad for you.
How so?
I honestly don't see how Face ID can adversely impact me just because someone in my vicinity is using it.
the actual on-boarding process
Just a little PR tip: "onboarding" is a term that implies registering and getting oriented with an outside party (usually an employer). You might want to use a different term when you're arguing that the process is completely private.
I have no way of knowing how secure or not secure Face ID is, so I'm not even going to venture a guess about that.
But, even if it is perfectly secure, are there really people who don't see that it's straight-up creepy?
Yes, everything you've said here is correct!
But perhaps we should reset. The comment I was replying to was asserting that algorithmic encryption shouldn't be used, and OTPs should be used instead. My assertion is that's not right, because OTPs cannot be used for most of the things we use algorithmic encryption for without eliminating the good part of OTPs -- that they're unbreakable.
When you dispense with the technical arguments, all you have left are arguments about parentage, which don't really help with understanding the worth of algorithms.
This is true -- and pretty much the point I was making. There is no set amount of study that can guarantee the algorithms, but the more study, the better the chance that they're OK. So the amount "required" depends in large part on how much you trust where they came from. The parentage of these is not trustworthy, so it's not unreasonable to avoid them. In fact, it's the smartest thing to do from a security standpoint.
The key doesn't need to be the same length as the cleartext, it can be considerably shorter. This does weaken the encoding, but not fatally.
I suppose that we may differ on the definition of "fatally", but by my thinking, it weakens it fatally. (I count something as "fatally" weakened if it can be broken in a reasonable amount of time using readily available resources).
Even using a source of random numbers that isn't close to being complete random fatally weakens it, as several entities discovered during WWII.
Not so. Their name is the "National Security Agency". Their purpose is "National Security", not "Pushing crypto they can break".
Not so, at least not according to the NSA. Yes, their purpose is to be a part of the national security framework. Their role in that is informational security: mostly, subverting the informational security of other nations. Also, protecting domestic informational security. However, they don't consider being vulnerable to the NSA as counting as "vulnerable" in terms of domestic security.
The latter is a policy that the NSA has adopted, an interpretation of their purpose.
No, it is part of their mandate.
Unbreakable crypto is, in fact, becoming the norm.
It is? Where is all this unbreakable crypto? I'm only aware of one (one-time pads), but it's not in common use outside of spy agencies.
Oops, I gave the wrong domain name. It's really https://freenetproject.org/
Sure, nanites (at least as popularly conceived) are molecular robots. What this article is describing is not, it's more like a catalyst.
How is it there wasn't a community of, I dunno, open source crypto developers, paid for by, I dunno, college research grants across the globe to figure this stuff out?
There was (not open source, but not secret either). It just wasn't in the US.
The laws in those days presented a very strong disincentive to engage in crypto work within US borders.
that's because they are excellent algorithms.
Says you and the NSA.
Here's the thing -- if the algorithms include an intentional weakness, it could take years of study to find it. That nobody's found weakness yet isn't compelling in terms of increasing trust.
Because of this, a large amount of trust is required when accepting them. When the entity that is very eager to get these adopted is one that has clearly demonstrated that it can't be trusted, rejecting the algorithms is completely reasonable.
Perhaps they're fine, I don't know, but it seems prudent to be extraordinarily cautious about them before blessing them as standards. Let everyone study them for a few years to reduce the need to trust the NSA.
Yes. However, given that the key has to be the same length as the cleartext and can never be reused, that makes it an unworkable solution for two-way electronic communications.
It's just barely feasible for things like numbers stations.
One time pads are absolutely a form of encryption. They mathematically transform the cleartext. They don't just "move things around" (they don't move things around at all).
like locks, it only keeps honest people out.
People are fond of this saying, but it's not now, nor has it ever been, true, or at least not in the sense it's usually intended (it is true in the sense that no lock is impenetrable).
The purpose of locks (physical or digital) is to increase the effort required to gain unauthorized entry. Locks keep out more than just honest people -- they also keep out criminals unwilling or unable to expend the required resources to break them.
Essentially, it's using economics as a self-defense measure.
Here's hoping a '2nd Net', overlaid within the current framework, and without this bullshit starts up.
There are a number of such efforts right now. Probably the best known of these is freenet.org.
(protect 'our' communications, break everyone else's)
That's not too much of a conflict, really, when you consider that by "our" communications, they mean the US government's, not the citizenry's.
The NSA trusts the NSA.