First, look up the research and don't base your arguments on Anecdotal Evidence (even your own). The peer-reviewed research says they are stupid and wrong, therefore they are stupid and wrong until there is sufficient evidence to reject that hypothesis. Given your use of Anecdotal Evidence, it is clear that such a rejection may take a while.
Second, I am old enough to be tired of the utter ignorance of the world around me. I've been deep into science for longer than most Slashdotters have been alive. Hell, I've been on Slashdot longer than most Slashdotters have been alive. But not once has that science been particularly difficult or challenging. I've seen more challenging recipes for marshmallow candy. There is simply no reason for anyone to be ignorant. It isn't justifiable on the grounds of difficulty of material (much of which boils down to 1+1=2, when you get right down to it), or difficulty of access (the interwebs aren't just for lolcats, although I'm beginning to think lolcat caption writers put more effort into their work than most Slashdotters). If there's no rational justification for ignorance, then there is only one option left - you're all either mad or stupid.
IPv4 is intrinsically incapable of being secured. So, if you want to design a secure IP protocol, you cannot have one that is backwards-compatible.
IPv4 is also necessarily fragmented - there is no correlation between IP address and location within the network, leading to bloat in router tables, inefficient routing decisions, excessive latency and greater vulnerability to MitM attacks via router poisoning.
IPv4 requires manual configuration, whereas IPv6 is autoconfigurable by design.
IPv4 has support for IP Mobility and Network Mobility, via kludgy message forwarders, whereas IPv6 can support these using transitional IP addresses and backbone redirects.
IPv6 does indeed require very little to upgrade.
This is the sum total of what users actually need to do: NOTHING.
This is the sum total of what network administrators need to do: Activate autoconfigure on the router and have dynamic DNS pick up allocations from there.
That's it. That is all. NOTHING MORE.
By doing NOTHING more than the above, you would be able to pick up a laptop and migrate from wireless access point to wireless access point seamlessly - any changes in IP address and routing would be handled for you. Yes, that means you could move from the library to a cafe to your home without dropping a single packet and all connections remaining intact.
You demonstrate the real reason IPv6 isn't mainstream at this point - you've bought into the ignorant naysayers' arguments and know nothing about what IPv6 does, how to use it, or what it offers.
SSH is of dubious value as it encrypts only select channels, whereas the remaining channels may contain sufficient information to pose a significant vulnerability.
Give me something that WORKS, for Pete's sake, and not this backyard crap.
Most of the vulnerabilities we live with are stupid and are only there because humans are incapable of assessing risk. (Those times I refer to myself as an elf, it is because I completely disavow any association with such monstrous stupidity and there are no existent homo sapien subspecies recognized that I could otherwise label myself as. As it is, I am debating whether to lobby the scientific establishment on nomenclature because there's bugger all evidence of any wisdom amongst the humans I've encountered.)
You understand that the US and British Government have lost both civilian and military laptops, unencrypted, not because enabling encryption would have been hard but because the bloody plebs in said establishments were too bloody lazy! They did not comprehend that risk existed, assuming that a computer that wasn't online was guaranteed safe. That each and every e-commerce site that puts a database of credit card details plus names and addresses on the SAME BLOODY MACHINE as the web server is not doing so because typing in "192.168.0.2" is so much harder than "127.0.0.1", but because e-commerce companies have a god complex and thus risk is what other people face.
"According to some of the other posters...." Sorry, Anecdotal Evidence is not acceptable. Please re-watch Dilbert and try again. I have never had a problem implementing DNSSEC, it took me about 45 minutes to get IPv6 up and running the first time in 1996 (including time to compile kernel, establish tunnels, configure the router, register with the 6Bone, etc) and about 45 seconds to get IPv6 up and running the other day (99.9% of everything has already been done). I absolutely refuse to accept such wimpy excuses, especially in a tech/geek forum. If the CEOs want to go play with their Barby dolls, that's fine, but I don't accept whining from those who should know better.
There are few reports of people flying planes into office blocks. People changed behavior, not because there was a reason, but because it was highly visible.
There are many reports of drunk driving fatalities every day. (More die in road accidents per day than have died in terrorist attacks in the past decade.) Nobody changes their behavior because these deaths are NOT highly visible.
People don't give a shit about risk assessment (and aren't capable of it anyway), people only care about the emotional, visible things in life.
This is why cybersecurity will never get implemented sensibly - nobody bar the most hardcore geek gets emotionally attached to the functioning of a device, and visibility is near-zero.
Corporations lose billions each year due to computer fraud. How often do you see such attacks in the news? How many of those attacks were caused by DNS poisoning? (My guess is that nobody knows the figure because most companies who admit being attacked don't say how, and most companies attacked don't admit to having been broken into. No data, so nothing to base any figures on.)
We have to assume that as long as computer fraud is taking place with no indication of how it is taking place that all open vectors are suspect. Some are more likely than others, so you should definitely be closing high priority ones in the absence of information, but closing very low maintenance vectors early is also a good idea - those will be things most often forgotten about and/or assumed to have already been dealt with. Putting the DNS fix in before you forget to is wiser than forgetting to ever put the fix in at all.
2-sided authentication was mandated in the early IPv6 specs by the IPSec mechanism. Sun offered an alternative, SKIP.
Since then, both have been ported to IPv4.
IPSec is occasionally used by VPN clients, but that's about it. Most VPN clients are run on laptops or other portable devices, often over a wireless link. This is where Sun SKIP was stronger than IPSec, which is ideal for a wired network but gets noisy when you've links that aren't guaranteed stable and error-free.
Regardless, neither is used for meaningful network-to-network or host-to-host 2-sided authentication on the wired Internet.
As for solving the wrong problem, again with IPv6, I'll point to the UK's solution which is to use carrier NAT. Which breaks just about everything. (Which is frustrating a hell. I was one of the pioneers on IPv6 in the UK, and indeed had the first registered node on the 6Bone At that time, the most recent Linux kernel was 2.0.20 and you had to use a special patchset to get the IPv6 support.)
What this boils down to is that there is no desire AT ALL in industry to use correct solutions, good solutions or even workable hacks. The industry wants things that are fundamentally broken to stay broken because repairs hurt profits and profits are god to them. (Which is clearly irrational, Linus made it quite clear HE was God.)
In a pure or semi-pure market economy, profitable defects are superior to costly integrity. The market is incapable of addressing this because the market isn't designed to consider intangibles like security, reliability, robustness, etc. It's designed to keep shareholders and directors happy and stuff the plebs actually using the products.
The human brain doesn't "store" information at all (and thus never processes it). There are four parts to the brain there's the DNA (which is unique to each cell, according to some researchers), there's proteins attached to each connection (nobody knows what they do, but they seem to be involved in carrying state information between one generation of synapse and another), there's the synapses themselves (the connectome) and there's the weighting given to each synapse (the conversion between electrical and chemical signals isn't fixed, it varies between each synapse and between different sorts of signal)
None of this involves sensory data, memories, etc. None of that exists anywhere in this system. Memories are synthesized at the time of recall from the meta-data in the brain, but there is nothing in the brain you can point to and call it a memory. Everything is synthesized at time of use and then disposed of. (This is why you can create false memories so easily and why the senses are so easily fooled.)
The brain does not process the senses, either. Nor are the senses distinct - they bleed into each other. The brain is then given a virtual model with all the gaps filled in with generated data. This VR has properties the real world does NOT have, such as simplifications, which enables the brain to actually do something with it. Raw data would be too noisy and too much in flux.
This system creates the illusion of intelligence. We know from fMRI that "free will" does not exist and that "thoughts" are the brain's mechanism for justifying past actions whilst modifying the logic to reduce errors in future - a variant on back-propagation. Real-time intelligence (thinking before acting) doesn't exist in humans or any other known creature, so you won't build it by mimicking humans.
On the other hand, if you want to mimic humans, you need the whole system. One component will give you as much thought as an egg will give you cake. Follow the recipe if you want cake, isolated components will give you nothing useful.
This is all obvious stuff. I can only assume that Google's inferior logic was therefore produced by a computer.
Probably more people can remember the really good quotes from Shakespere than lines from modern books, too. Doesn't mean Shakespere wrote his stuff on Facebook.
Second, lines aren't material in works of fiction. All forms of art are about conveying ideas (intellectual, emotional, doesn't matter). Facebook may be great at conveying words, but that doesn't mean it is useful at conveying ideas. The sheer number of flamewars on the Internet would suggest it is an extremely poor medium for transmitting thoughts and feelings. On the other hand, I would be willing to bet that you can remember more of what a book/movie was about, the contexts, the subplots, etc, if you specifically do NOT focus on trying to remember the words.
Existing methods of extracting gold are extremely toxic on the environment and lethal to the natives. A better solution is definitely needed, even if not this one.
(Since the largest gold reserves are under the Amazon, the ideal would be to have metal-eating bacteria consume the reserves in-situ and be pumped back to the surface -- save the jungle and the natives, eliminate the illegal gold miners, AND bankrupt all those Limbaugh devotees who have bought into gold reserves, ALL AT THE SAME TIME! What could be better?!)
Linus has already stated that he is our God. If he was going to offend (a) the religious types, or (b) any Gods that happen to be out there, he passed that mark a long time ago.
Is he going to insult those who already sided with Microsoft in deeming Free/Libre/Open Source "communism" and "anti-American"? I would be truly impressed if he managed to alter their opinion one way or another by one iota.
Is he going to harm Linux? Depends - if Linux becomes the "de-facto" OS for Democrats, then we could see remarks like this turning our current 1-2% market share into a 40-50% market share. Y'know, I don't give a fetid wombat WHO he offends if his remarks can achieve that! If he wants to verbally rake over the coals each and every demographic that will never buy into the OS, then provided he does so in a way that boosts popularity with the people who matter, GO FOR IT!
SHA2 supports 256 bit modes, which gives you 64 bits of security, which is WELL within the reach of modern technology, and part of the debate is whether SHA3 is needed at all. Clearly it is.
128 bits might be "out of reach" of technology for the next few decades, but that is not enough. Nowhere near. Classified information has to be secure for 50 years and SHA3 must be strong enough to support that requirement for at least as long as it will take to create a SHA4 (which, to judge from SHA3, might easily be another decade).
So SHA3 has to be effectively invulnerable for the next 60 years to be of any consequence. If it is broken within that time, the risk of exposure of information that is still highly sensitive is simply too great. Remember the fiasco of DES? I have to be a bit careful with regards to what I say about the level of exposure I saw, suffice to say that I have zero interest in seeing such a thing repeated. Sure, we don't know what techniques will be developed tomorrow, but IMHO it is a brave but foolish man who takes an avoidable, senseless risk for (at best) no gain and (at worst) considerable loss.
In the case of SHA3, many candidates show preimage attacks, which means this theoretical 128 bits of security may turn out to be nothing of the sort. The assumption has been, so far, that the weakening isn't significant or is indeterminate. Not exactly confidence-building. Now, divide the 512 through by this indeterminate number and then by the amount allowed for by quantum computing. We end up with a strength of "who the hell knows?", which is not exactly cheery.
Now it gets better. SHA3 mandates 512 bits of actual security, which means that to achieve this you should really be generating 2048 bits of hash (according to your argument) - a mode none of the candidates support. If SHA3 is dumped, then maybe a replacement hash contest should be aiming at the 2048 mark to attain the security SHA3 was aiming for.
Most (if not all) of the major roadblocks in computing these days come from one of three underlying causes:
a) Tradition b) Obsolete metaphors/concepts c) Lack of decent alternatives
Traditionally(!) homebrewers have been the ones solving these problems, as they're not yet drained of original thought, but it's increasingly hard as a lot of the easy stuff has been done many times over. It would be hard for an enthusiast to develop a network card that can act as a drop-in replacement for both Infiniband and Ethernet (let alone persuade anyone to use it). I'm not saying that developing the Apple I was much easier, as you had to design from first principles, but (a) and (b) didn't exist in the home computer market at the time because there really wasn't one, and (c) was what you were fixing.
Which way would you like to see homebrewers going now and why?
Oh, it should indeed still be possible to produce a best-of-breed class as well as a best-all-round class, but the closer we get to the deadline, the more apathy and office politics subsumes the process.
It would be great to have a family. Since SHA-3 entries were to produce a fixed-sized hash, the family would consist of different breeds of hash rather than different output lengths. I don't see a problem with that. People can then use what is correct for the problem, rather than changing the problem to make it correct for the hash.
They've not "nixed" it per-se, but they were uncomfortable at the start with the idea (apparently because it would confuse manufacturers to tell them "X is good for Y") and as soon as it did start getting any traction on the list, there was no further discussion or commentary by the chief experts. It died on the grapevine from those experts being actively passive. (Passsive aggression might help in their workplaces, but I don't think the mathematics gives a damn.)
The closest to a workable theory came on Slashdot in a prior discussion on SHA-3, where someone thought it might be because you'd need too much cryptanalys for too many functions, that nobody on the list was willing to admit that there was a manpower issue. After all, admit that and outsiders start wondering how good the filtering was in all the other rounds,
True, for computer information, but plenty of data was sent via radio - it was simplicity itself to tune into civilian and military digital chatter. (See "The Hacker's Handbook", by "Hugo Cornwall" - pseudonym of Peter Sommer, an expert in information systems security.) For military purposes, it was much much easier to teach people to type messages into a portable machine which would digitize it and blast the digital form wirelessly (and encrypted) than to get them to key properly. Keying in morse was also far, far slower and error-prone on both sides.
Being able to intercept such messages was easy - SIGINT had listening posts everywhere - but breaking them was a far harder problem. Hence my thought that they could have extended the Colossus approach to do basically the same thing as Colossus did but with newer codes. And, again, the NSA facility in the UK has certainly been accused of performing exactly that sort of role.
I have zero idea if that was ever done. Dad almost never talked about his time in the military, working in C-Corp (ie: the communications division, just as I-Corp was the intelligence division) in Cyprus, a key listening post in the 50s. It was only towards the end of his life that he revealed anything at all (they used one-time pads, where the tapes were delivered by courier and where both ends synchronized the decrypt tape - so it was real-time encrypt/decrypt), but most of that could either easily be deduced or had been covered by documentaries on the limitations of OTP cryptographic techniques and how those limitations resulted in work that evolved into public cryptography. I have no idea if listening posts such as that were gathering significant amounts of encrypted data, and even less of one as to how that had changed by the 70s.
On the other hand, I'm increasingly of the view it doesn't matter. If something can be built, then eventually it will be. You just don't know when, where, why or who, although you may be able to place limits on the when, provided my ideas on a Grand Universal Moore's Law are near-enough correct. At that point, it's security through sheer bloody expense, which is no more security than obscurity if the data is valuable enough.
Very true. Which is why I'm anxious SHA-3 has as little (ideally nothing) in common with SHA-2, be it algorithmically or in terms of the underpinning mathematical problems used that are assumed to be hard.
I would have preferred Blue Midnight Wish to be still in the running (well, it's got a cool name, but more importantly it has a very different design).
I ALSO wish Bruce and the others would pay attention to those of us on the SHA-3 mailing list advocating a SHA-3a and SHA-3b where -3a has the best compromise between speed and security, and -3b has absolutely b. all compromise and is as secure as you can get. Why? Because that meets Bruce's objections. -3a may will be broken before SHA-2 is so threatened that it is unusable, because of all the compromises NIST want to include. -3b, because it refuses to bow to such compromises, should remain secure for much longer. You can afford to stick it in the freezer and let it sit there for a decade, because it should still be fresh BECAUSE no compromises were made. By then, computers would be able to run it as fast, or faster, than -3a could be run now.
So I have ZERO sympathy with Schneier. He is complaining about a problem that he is, in part, responsible for making. Other views WERE expressed, he thought he knew better, but his path now leads to a solution he believes useless. So, to NIST, Bruce, et al, I say "next time, leave your bloody arrogance at home, there's no room for it, doubly so when you've got mine to contend with as well".
To be fair, the NSA don't seem to have caused problems with the S-Boxes and differential analysis doesn't seem to have worked too well. On the other hand, COCACABANA et al were glorified 1940s-era Colossus machines - cracking codes via a massively parallel architecture. To me, that's the scary part. Turing's work on cryptography and massively parallel code breakers was 100% applicable to the design of DES because the keylength was so incredibly short. You could build enough machines to effectively break it.
How many DES engines do you think someone could have crammed onto a wafer in the 1980s? (Remember, each die can have multiple engines, and then the dies that work can be hooked together.) Link up a bunch of such wafers and you end up with a crypto engine from hell. It would have been VERY expensive, but I would imagine it perfectly plausible that a sufficiently detemined and rich organization (I would imagine the NSA might have been one such) could have potentially built such a machine when the rest of us still thought the 6502 was a really neat idea.
Doesn't mean anyone ever did. People could have reached Mars in the 1980s, so "could have" and "did" are obviously very different things. What people actually did is anyone's guess, though "nothing" sounds about right.
Had they built such a device, though, then near-real-time breaking of DES would have been possible at the time it was in mainstream use. Certainly, there were claims circulating that such devices existed, but a claim like that without proof is hard to accept. All I can say is that it's demonstrably not impossible, merely unlikely.
Back to SHA-2. Are we in the same boat? Are there ways to build something today, even if nobody is likely to have actually built it yet, that could endanger SHA-2? (To me, THAT is the measure of security, not whether anyone actually has, because they're not likely to tell you when they have.) Quantum computing is the obvious threat, since 512 bits is a lot of security, too much to attack in parallel with a classical architecture. Quantum computing, though, should let you scale up non-linearly. The question is whether it's enough. (I'm assuming here that there are no issues with preimages or timing that can be exploited to reduce the problem to a scale QC can solve even if classical machines can't.)
There have been a few murmurs that suggest SHA's security isn't as strong as the bitlength implies. Would that be enough? If Japan can build a vector machine the size of a US football stadium, then it is not physically impossible to scale a machine to those sizes. Nobody has scaled a quantum computer beyond a few bits, but I repeat, I don't care what people have publicly done, it is what is within the capacity of people TO build whether publicly or not that matters.
If you're not 100% certain that not even a quantum computer on such a scale, where all nodes were designed at the hardware level to perform JUST the task trying to break the has, then the hash is not safe for 20+ years. It may be unlikely, but there's nothing to say it might not be vulnerable right now. There's nothing physically impossible about it (as shown), it's merely a hard problem. And hard problems get solved. What you need in a crypto hash is something you can be sure WILL be impossible to break in a 20 year window, which means what you need is a crypto hash that is beyond anything where the components can be prototyped today. For a 30 year window, it needs to be beyond detailed theory. A 50 year window can be achieved if it's beyond any machine ANY existing theory can describe.
(It takes time to go from theory to prototype to working system to working system on the right scale. The intervals seem to be fairly deterministic in each subject. I believe this to indicate a mathematical model that underpins things like Moore's Law and which is independent of field. Know that model and you know when Moore's Law will fail. Moore's Law is merely the equivalent of Hooke's Constant for computing, failure is inevita
My great uncle certainly didn't, back in the 80s. Each cow had the predecessor to an RFID tag around its neck. When it entered the feeding station, food specifically mixed for that cow was delivered. (Dairy cows had a diet that maximized both health and the value of the milk. Beef cattle were optimized for health and meat value. But every cow was treated as a unique entity, using parental data, size and weight as primary inputs, with tweaks manually coded in.) He would probably have fed someone to one of the bulls if they'd suggested just throwing any old junk at the animals.
Ok, eccentric wetware hackers aren't exactly two a penny in the farming industry. But, then, that's part of what created the mess. Those growing corn sell it to ethanol producers, not other farmers or the food industry. The health consequences for farm animals in using the new alternatives to grass are a product of an abuse of the old alternatives to grass plus an abuse of antibiotics and other bulking-up agents ("angel dust" - PCP - is one farmers use, even where it's not legal, Clenbuterol is another).
If, instead of using illegal drugs, nonsensical feeds, steroids and antibiotics, they'd simply opted for a more sensible diet for each cow, they'd have had the same profits with none of the scandals. Higher initial costs (so it takes longer for the net profits to be the same), sure, plus having to think (always a problem for conservative, rural districts), but that's it.
Given the stuff most lawyers come up with, I'm not so sure consulting Slashdot readers can be that much worse no matter how incorrect/blatantly stupid/illegal it might be.
The church would lobby for the guy to be declared a terrorist. After all, it's their divine right to abuse videos (see the lawsuits by the actors involved in the recent video scandal).
There are guides on the hidden TOR services on how to get people/organizations SWATted, but I cannot condone such tactics. Smirk, yes, but not condone.
To be a true measure, you need latency as well. After all, you can't really play a decent MMORG if the latency is through the roof.
As two dimensional values confuse people, I suggest dividing the bandwidth by the delays in getting it, giving you Libraries of Congress per second per fillibuster.
Slashdot Mirror
First, look up the research and don't base your arguments on Anecdotal Evidence (even your own). The peer-reviewed research says they are stupid and wrong, therefore they are stupid and wrong until there is sufficient evidence to reject that hypothesis. Given your use of Anecdotal Evidence, it is clear that such a rejection may take a while.
Second, I am old enough to be tired of the utter ignorance of the world around me. I've been deep into science for longer than most Slashdotters have been alive. Hell, I've been on Slashdot longer than most Slashdotters have been alive. But not once has that science been particularly difficult or challenging. I've seen more challenging recipes for marshmallow candy. There is simply no reason for anyone to be ignorant. It isn't justifiable on the grounds of difficulty of material (much of which boils down to 1+1=2, when you get right down to it), or difficulty of access (the interwebs aren't just for lolcats, although I'm beginning to think lolcat caption writers put more effort into their work than most Slashdotters). If there's no rational justification for ignorance, then there is only one option left - you're all either mad or stupid.
IPv4 is intrinsically incapable of being secured. So, if you want to design a secure IP protocol, you cannot have one that is backwards-compatible.
IPv4 is also necessarily fragmented - there is no correlation between IP address and location within the network, leading to bloat in router tables, inefficient routing decisions, excessive latency and greater vulnerability to MitM attacks via router poisoning.
IPv4 requires manual configuration, whereas IPv6 is autoconfigurable by design.
IPv4 has support for IP Mobility and Network Mobility, via kludgy message forwarders, whereas IPv6 can support these using transitional IP addresses and backbone redirects.
IPv6 does indeed require very little to upgrade.
This is the sum total of what users actually need to do: NOTHING.
This is the sum total of what network administrators need to do: Activate autoconfigure on the router and have dynamic DNS pick up allocations from there.
That's it. That is all. NOTHING MORE.
By doing NOTHING more than the above, you would be able to pick up a laptop and migrate from wireless access point to wireless access point seamlessly - any changes in IP address and routing would be handled for you. Yes, that means you could move from the library to a cafe to your home without dropping a single packet and all connections remaining intact.
You demonstrate the real reason IPv6 isn't mainstream at this point - you've bought into the ignorant naysayers' arguments and know nothing about what IPv6 does, how to use it, or what it offers.
TLS vulnerability on Slashdot frontpage today.
SSH is of dubious value as it encrypts only select channels, whereas the remaining channels may contain sufficient information to pose a significant vulnerability.
Give me something that WORKS, for Pete's sake, and not this backyard crap.
Most of the vulnerabilities we live with are stupid and are only there because humans are incapable of assessing risk. (Those times I refer to myself as an elf, it is because I completely disavow any association with such monstrous stupidity and there are no existent homo sapien subspecies recognized that I could otherwise label myself as. As it is, I am debating whether to lobby the scientific establishment on nomenclature because there's bugger all evidence of any wisdom amongst the humans I've encountered.)
You understand that the US and British Government have lost both civilian and military laptops, unencrypted, not because enabling encryption would have been hard but because the bloody plebs in said establishments were too bloody lazy! They did not comprehend that risk existed, assuming that a computer that wasn't online was guaranteed safe. That each and every e-commerce site that puts a database of credit card details plus names and addresses on the SAME BLOODY MACHINE as the web server is not doing so because typing in "192.168.0.2" is so much harder than "127.0.0.1", but because e-commerce companies have a god complex and thus risk is what other people face.
"According to some of the other posters...." Sorry, Anecdotal Evidence is not acceptable. Please re-watch Dilbert and try again. I have never had a problem implementing DNSSEC, it took me about 45 minutes to get IPv6 up and running the first time in 1996 (including time to compile kernel, establish tunnels, configure the router, register with the 6Bone, etc) and about 45 seconds to get IPv6 up and running the other day (99.9% of everything has already been done). I absolutely refuse to accept such wimpy excuses, especially in a tech/geek forum. If the CEOs want to go play with their Barby dolls, that's fine, but I don't accept whining from those who should know better.
There are few reports of people flying planes into office blocks. People changed behavior, not because there was a reason, but because it was highly visible.
There are many reports of drunk driving fatalities every day. (More die in road accidents per day than have died in terrorist attacks in the past decade.) Nobody changes their behavior because these deaths are NOT highly visible.
People don't give a shit about risk assessment (and aren't capable of it anyway), people only care about the emotional, visible things in life.
This is why cybersecurity will never get implemented sensibly - nobody bar the most hardcore geek gets emotionally attached to the functioning of a device, and visibility is near-zero.
Corporations lose billions each year due to computer fraud. How often do you see such attacks in the news? How many of those attacks were caused by DNS poisoning? (My guess is that nobody knows the figure because most companies who admit being attacked don't say how, and most companies attacked don't admit to having been broken into. No data, so nothing to base any figures on.)
We have to assume that as long as computer fraud is taking place with no indication of how it is taking place that all open vectors are suspect. Some are more likely than others, so you should definitely be closing high priority ones in the absence of information, but closing very low maintenance vectors early is also a good idea - those will be things most often forgotten about and/or assumed to have already been dealt with. Putting the DNS fix in before you forget to is wiser than forgetting to ever put the fix in at all.
2-sided authentication was mandated in the early IPv6 specs by the IPSec mechanism. Sun offered an alternative, SKIP.
Since then, both have been ported to IPv4.
IPSec is occasionally used by VPN clients, but that's about it. Most VPN clients are run on laptops or other portable devices, often over a wireless link. This is where Sun SKIP was stronger than IPSec, which is ideal for a wired network but gets noisy when you've links that aren't guaranteed stable and error-free.
Regardless, neither is used for meaningful network-to-network or host-to-host 2-sided authentication on the wired Internet.
As for solving the wrong problem, again with IPv6, I'll point to the UK's solution which is to use carrier NAT. Which breaks just about everything. (Which is frustrating a hell. I was one of the pioneers on IPv6 in the UK, and indeed had the first registered node on the 6Bone At that time, the most recent Linux kernel was 2.0.20 and you had to use a special patchset to get the IPv6 support.)
What this boils down to is that there is no desire AT ALL in industry to use correct solutions, good solutions or even workable hacks. The industry wants things that are fundamentally broken to stay broken because repairs hurt profits and profits are god to them. (Which is clearly irrational, Linus made it quite clear HE was God.)
In a pure or semi-pure market economy, profitable defects are superior to costly integrity. The market is incapable of addressing this because the market isn't designed to consider intangibles like security, reliability, robustness, etc. It's designed to keep shareholders and directors happy and stuff the plebs actually using the products.
Both of them.
The human brain doesn't "store" information at all (and thus never processes it). There are four parts to the brain there's the DNA (which is unique to each cell, according to some researchers), there's proteins attached to each connection (nobody knows what they do, but they seem to be involved in carrying state information between one generation of synapse and another), there's the synapses themselves (the connectome) and there's the weighting given to each synapse (the conversion between electrical and chemical signals isn't fixed, it varies between each synapse and between different sorts of signal)
None of this involves sensory data, memories, etc. None of that exists anywhere in this system. Memories are synthesized at the time of recall from the meta-data in the brain, but there is nothing in the brain you can point to and call it a memory. Everything is synthesized at time of use and then disposed of. (This is why you can create false memories so easily and why the senses are so easily fooled.)
The brain does not process the senses, either. Nor are the senses distinct - they bleed into each other. The brain is then given a virtual model with all the gaps filled in with generated data. This VR has properties the real world does NOT have, such as simplifications, which enables the brain to actually do something with it. Raw data would be too noisy and too much in flux.
This system creates the illusion of intelligence. We know from fMRI that "free will" does not exist and that "thoughts" are the brain's mechanism for justifying past actions whilst modifying the logic to reduce errors in future - a variant on back-propagation. Real-time intelligence (thinking before acting) doesn't exist in humans or any other known creature, so you won't build it by mimicking humans.
On the other hand, if you want to mimic humans, you need the whole system. One component will give you as much thought as an egg will give you cake. Follow the recipe if you want cake, isolated components will give you nothing useful.
This is all obvious stuff. I can only assume that Google's inferior logic was therefore produced by a computer.
Probably more people can remember the really good quotes from Shakespere than lines from modern books, too. Doesn't mean Shakespere wrote his stuff on Facebook.
Second, lines aren't material in works of fiction. All forms of art are about conveying ideas (intellectual, emotional, doesn't matter). Facebook may be great at conveying words, but that doesn't mean it is useful at conveying ideas. The sheer number of flamewars on the Internet would suggest it is an extremely poor medium for transmitting thoughts and feelings. On the other hand, I would be willing to bet that you can remember more of what a book/movie was about, the contexts, the subplots, etc, if you specifically do NOT focus on trying to remember the words.
Existing methods of extracting gold are extremely toxic on the environment and lethal to the natives. A better solution is definitely needed, even if not this one.
(Since the largest gold reserves are under the Amazon, the ideal would be to have metal-eating bacteria consume the reserves in-situ and be pumped back to the surface -- save the jungle and the natives, eliminate the illegal gold miners, AND bankrupt all those Limbaugh devotees who have bought into gold reserves, ALL AT THE SAME TIME! What could be better?!)
Linus has already stated that he is our God. If he was going to offend (a) the religious types, or (b) any Gods that happen to be out there, he passed that mark a long time ago.
Is he going to insult those who already sided with Microsoft in deeming Free/Libre/Open Source "communism" and "anti-American"? I would be truly impressed if he managed to alter their opinion one way or another by one iota.
Is he going to harm Linux? Depends - if Linux becomes the "de-facto" OS for Democrats, then we could see remarks like this turning our current 1-2% market share into a 40-50% market share. Y'know, I don't give a fetid wombat WHO he offends if his remarks can achieve that! If he wants to verbally rake over the coals each and every demographic that will never buy into the OS, then provided he does so in a way that boosts popularity with the people who matter, GO FOR IT!
SHA2 supports 256 bit modes, which gives you 64 bits of security, which is WELL within the reach of modern technology, and part of the debate is whether SHA3 is needed at all. Clearly it is.
128 bits might be "out of reach" of technology for the next few decades, but that is not enough. Nowhere near. Classified information has to be secure for 50 years and SHA3 must be strong enough to support that requirement for at least as long as it will take to create a SHA4 (which, to judge from SHA3, might easily be another decade).
So SHA3 has to be effectively invulnerable for the next 60 years to be of any consequence. If it is broken within that time, the risk of exposure of information that is still highly sensitive is simply too great. Remember the fiasco of DES? I have to be a bit careful with regards to what I say about the level of exposure I saw, suffice to say that I have zero interest in seeing such a thing repeated. Sure, we don't know what techniques will be developed tomorrow, but IMHO it is a brave but foolish man who takes an avoidable, senseless risk for (at best) no gain and (at worst) considerable loss.
In the case of SHA3, many candidates show preimage attacks, which means this theoretical 128 bits of security may turn out to be nothing of the sort. The assumption has been, so far, that the weakening isn't significant or is indeterminate. Not exactly confidence-building. Now, divide the 512 through by this indeterminate number and then by the amount allowed for by quantum computing. We end up with a strength of "who the hell knows?", which is not exactly cheery.
Now it gets better. SHA3 mandates 512 bits of actual security, which means that to achieve this you should really be generating 2048 bits of hash (according to your argument) - a mode none of the candidates support. If SHA3 is dumped, then maybe a replacement hash contest should be aiming at the 2048 mark to attain the security SHA3 was aiming for.
Most (if not all) of the major roadblocks in computing these days come from one of three underlying causes:
a) Tradition
b) Obsolete metaphors/concepts
c) Lack of decent alternatives
Traditionally(!) homebrewers have been the ones solving these problems, as they're not yet drained of original thought, but it's increasingly hard as a lot of the easy stuff has been done many times over. It would be hard for an enthusiast to develop a network card that can act as a drop-in replacement for both Infiniband and Ethernet (let alone persuade anyone to use it). I'm not saying that developing the Apple I was much easier, as you had to design from first principles, but (a) and (b) didn't exist in the home computer market at the time because there really wasn't one, and (c) was what you were fixing.
Which way would you like to see homebrewers going now and why?
Oh, it should indeed still be possible to produce a best-of-breed class as well as a best-all-round class, but the closer we get to the deadline, the more apathy and office politics subsumes the process.
It would be great to have a family. Since SHA-3 entries were to produce a fixed-sized hash, the family would consist of different breeds of hash rather than different output lengths. I don't see a problem with that. People can then use what is correct for the problem, rather than changing the problem to make it correct for the hash.
They've not "nixed" it per-se, but they were uncomfortable at the start with the idea (apparently because it would confuse manufacturers to tell them "X is good for Y") and as soon as it did start getting any traction on the list, there was no further discussion or commentary by the chief experts. It died on the grapevine from those experts being actively passive. (Passsive aggression might help in their workplaces, but I don't think the mathematics gives a damn.)
The closest to a workable theory came on Slashdot in a prior discussion on SHA-3, where someone thought it might be because you'd need too much cryptanalys for too many functions, that nobody on the list was willing to admit that there was a manpower issue. After all, admit that and outsiders start wondering how good the filtering was in all the other rounds,
True, for computer information, but plenty of data was sent via radio - it was simplicity itself to tune into civilian and military digital chatter. (See "The Hacker's Handbook", by "Hugo Cornwall" - pseudonym of Peter Sommer, an expert in information systems security.) For military purposes, it was much much easier to teach people to type messages into a portable machine which would digitize it and blast the digital form wirelessly (and encrypted) than to get them to key properly. Keying in morse was also far, far slower and error-prone on both sides.
Being able to intercept such messages was easy - SIGINT had listening posts everywhere - but breaking them was a far harder problem. Hence my thought that they could have extended the Colossus approach to do basically the same thing as Colossus did but with newer codes. And, again, the NSA facility in the UK has certainly been accused of performing exactly that sort of role.
I have zero idea if that was ever done. Dad almost never talked about his time in the military, working in C-Corp (ie: the communications division, just as I-Corp was the intelligence division) in Cyprus, a key listening post in the 50s. It was only towards the end of his life that he revealed anything at all (they used one-time pads, where the tapes were delivered by courier and where both ends synchronized the decrypt tape - so it was real-time encrypt/decrypt), but most of that could either easily be deduced or had been covered by documentaries on the limitations of OTP cryptographic techniques and how those limitations resulted in work that evolved into public cryptography. I have no idea if listening posts such as that were gathering significant amounts of encrypted data, and even less of one as to how that had changed by the 70s.
On the other hand, I'm increasingly of the view it doesn't matter. If something can be built, then eventually it will be. You just don't know when, where, why or who, although you may be able to place limits on the when, provided my ideas on a Grand Universal Moore's Law are near-enough correct. At that point, it's security through sheer bloody expense, which is no more security than obscurity if the data is valuable enough.
Very true. Which is why I'm anxious SHA-3 has as little (ideally nothing) in common with SHA-2, be it algorithmically or in terms of the underpinning mathematical problems used that are assumed to be hard.
I would have preferred Blue Midnight Wish to be still in the running (well, it's got a cool name, but more importantly it has a very different design).
I ALSO wish Bruce and the others would pay attention to those of us on the SHA-3 mailing list advocating a SHA-3a and SHA-3b where -3a has the best compromise between speed and security, and -3b has absolutely b. all compromise and is as secure as you can get. Why? Because that meets Bruce's objections. -3a may will be broken before SHA-2 is so threatened that it is unusable, because of all the compromises NIST want to include. -3b, because it refuses to bow to such compromises, should remain secure for much longer. You can afford to stick it in the freezer and let it sit there for a decade, because it should still be fresh BECAUSE no compromises were made. By then, computers would be able to run it as fast, or faster, than -3a could be run now.
So I have ZERO sympathy with Schneier. He is complaining about a problem that he is, in part, responsible for making. Other views WERE expressed, he thought he knew better, but his path now leads to a solution he believes useless. So, to NIST, Bruce, et al, I say "next time, leave your bloody arrogance at home, there's no room for it, doubly so when you've got mine to contend with as well".
To be fair, the NSA don't seem to have caused problems with the S-Boxes and differential analysis doesn't seem to have worked too well. On the other hand, COCACABANA et al were glorified 1940s-era Colossus machines - cracking codes via a massively parallel architecture. To me, that's the scary part. Turing's work on cryptography and massively parallel code breakers was 100% applicable to the design of DES because the keylength was so incredibly short. You could build enough machines to effectively break it.
How many DES engines do you think someone could have crammed onto a wafer in the 1980s? (Remember, each die can have multiple engines, and then the dies that work can be hooked together.) Link up a bunch of such wafers and you end up with a crypto engine from hell. It would have been VERY expensive, but I would imagine it perfectly plausible that a sufficiently detemined and rich organization (I would imagine the NSA might have been one such) could have potentially built such a machine when the rest of us still thought the 6502 was a really neat idea.
Doesn't mean anyone ever did. People could have reached Mars in the 1980s, so "could have" and "did" are obviously very different things. What people actually did is anyone's guess, though "nothing" sounds about right.
Had they built such a device, though, then near-real-time breaking of DES would have been possible at the time it was in mainstream use. Certainly, there were claims circulating that such devices existed, but a claim like that without proof is hard to accept. All I can say is that it's demonstrably not impossible, merely unlikely.
Back to SHA-2. Are we in the same boat? Are there ways to build something today, even if nobody is likely to have actually built it yet, that could endanger SHA-2? (To me, THAT is the measure of security, not whether anyone actually has, because they're not likely to tell you when they have.) Quantum computing is the obvious threat, since 512 bits is a lot of security, too much to attack in parallel with a classical architecture. Quantum computing, though, should let you scale up non-linearly. The question is whether it's enough. (I'm assuming here that there are no issues with preimages or timing that can be exploited to reduce the problem to a scale QC can solve even if classical machines can't.)
There have been a few murmurs that suggest SHA's security isn't as strong as the bitlength implies. Would that be enough? If Japan can build a vector machine the size of a US football stadium, then it is not physically impossible to scale a machine to those sizes. Nobody has scaled a quantum computer beyond a few bits, but I repeat, I don't care what people have publicly done, it is what is within the capacity of people TO build whether publicly or not that matters.
If you're not 100% certain that not even a quantum computer on such a scale, where all nodes were designed at the hardware level to perform JUST the task trying to break the has, then the hash is not safe for 20+ years. It may be unlikely, but there's nothing to say it might not be vulnerable right now. There's nothing physically impossible about it (as shown), it's merely a hard problem. And hard problems get solved. What you need in a crypto hash is something you can be sure WILL be impossible to break in a 20 year window, which means what you need is a crypto hash that is beyond anything where the components can be prototyped today. For a 30 year window, it needs to be beyond detailed theory. A 50 year window can be achieved if it's beyond any machine ANY existing theory can describe.
(It takes time to go from theory to prototype to working system to working system on the right scale. The intervals seem to be fairly deterministic in each subject. I believe this to indicate a mathematical model that underpins things like Moore's Law and which is independent of field. Know that model and you know when Moore's Law will fail. Moore's Law is merely the equivalent of Hooke's Constant for computing, failure is inevita
My great uncle certainly didn't, back in the 80s. Each cow had the predecessor to an RFID tag around its neck. When it entered the feeding station, food specifically mixed for that cow was delivered. (Dairy cows had a diet that maximized both health and the value of the milk. Beef cattle were optimized for health and meat value. But every cow was treated as a unique entity, using parental data, size and weight as primary inputs, with tweaks manually coded in.) He would probably have fed someone to one of the bulls if they'd suggested just throwing any old junk at the animals.
Ok, eccentric wetware hackers aren't exactly two a penny in the farming industry. But, then, that's part of what created the mess. Those growing corn sell it to ethanol producers, not other farmers or the food industry. The health consequences for farm animals in using the new alternatives to grass are a product of an abuse of the old alternatives to grass plus an abuse of antibiotics and other bulking-up agents ("angel dust" - PCP - is one farmers use, even where it's not legal, Clenbuterol is another).
If, instead of using illegal drugs, nonsensical feeds, steroids and antibiotics, they'd simply opted for a more sensible diet for each cow, they'd have had the same profits with none of the scandals. Higher initial costs (so it takes longer for the net profits to be the same), sure, plus having to think (always a problem for conservative, rural districts), but that's it.
Shhhh! Now everyone knows how to make self-breading chickens!
More so than anything produced by the fast food industry.
The chances of prions surviving the process to make gummy worms seems low. Nonetheless, I can't see it being a good idea.
I thought that was called "profitable disclosure".
Can someone forward the parent post to every world leader, corporation and Murdoch paper on the planet.
Given the stuff most lawyers come up with, I'm not so sure consulting Slashdot readers can be that much worse no matter how incorrect/blatantly stupid/illegal it might be.
The church would lobby for the guy to be declared a terrorist. After all, it's their divine right to abuse videos (see the lawsuits by the actors involved in the recent video scandal).
There are guides on the hidden TOR services on how to get people/organizations SWATted, but I cannot condone such tactics. Smirk, yes, but not condone.
To be a true measure, you need latency as well. After all, you can't really play a decent MMORG if the latency is through the roof.
As two dimensional values confuse people, I suggest dividing the bandwidth by the delays in getting it, giving you Libraries of Congress per second per fillibuster.