"I still believe that people go to sites like Wired News and PC Week because they have this curiosity for the truth and this underlying belief that services [like Slashdot] don't always get it right, and they need an independent verification," said Berinato.
As far as I'm concerned he's got it backwards. When I see a Wired News story posted on Slashdot, I usually read the story, then read through the comments looking for someone who knows more about the story's subject than the author (and I usually find such a person).
With as many readers as Slashdot has we're bound to have SOMEBODY with more experience with a technical project, phenomenon or area of study than the author, who, well, sits in an office writing all day.
Well, you can "reuse" an OTP in a sense - if you have more pad data than you need you can save the rest for the next operation. You just can't reuse the same sequence.
For example, as another poster suggested you could share a really huge random stream on DVD between two locations. Then as long as you store some indication of the last byte used you can use up the data in small chunks, and when you run out you get a new DVD.
All you'd need would be a wrapper program which called HardEn/Decrypt with the message and an appropriately sized chunk of data from the DVD. This program would keep a record of the current position on the DVD, but the DVD would still hold the keying material and you couldn't do anything without it.
I believe you mean NSA... NSA is the National Security Agency, a government division which almost certainly has hardware and software beyond our imagination for cracking that which we consider uncrackable.
NCSA is the National Center for Supercomputing Applications, which theoretically could be dangerous in this regard but in practice doesn't concern itself with such things.
Congratulations (to Roblimo, I believe?) on coming up with an interesting and informative new Slashdot feature... I hope these interviews will continue to be a regular part of Slashdot.
I think lots of non-programmers find the idea of an intelligent robot compelling... The fact that they don't understand how it works doesn't make it any less impressive. It's an idea that has driven science fiction writers for decades.
The point of AES is solely to find a new standard algorithm to replace DES. There's nothing wrong with IDEA or RSA or lots of other algorithms (okay, except that they're patented), but if you're going to create a new standard and make huge masses of established code in industries like banking obsolete, you might as well go with the very best algorithm you can find.
And you're right, no crypto is strong enough to protect you from some attacks (e.g. Social Engineering...)
This can only be done safely with encryption. The only reference to encryption I find on the site is in the company info section - it says "Our founding team combines backgrounds in finance, encryption, telecommunications, and the Internet."
Crypto can address issues of forged or duplicated emails (though I'll wait to see how they're doing it before I trust it). Of course, it can't address issues of crashed software, lost email, etc...
Microsoft has been known to fake positive 'letters to the editor' and other P.R. from pseudo-public sources for some time now... Looks like somebody else figured it out.
I enjoy the game, but I thought the PC version showed some port-ish behavior (incorrect handling of mouse pointers and windows and such). I can't provide specifics - I haven't used the PC version in a while - but I remember the interface feeling like something developed for MacOS (which, of course, it is, but it shouldn't feel that way).
I just hope the Linux version feels a little more "native".
I'm not convinced anybody ever thought there weren't comparable crypto products available outside the U.S. If this were the real reason for the export restrictions they would have been removed long ago. Now the European crypto market is quite well developed.
As I see it, the only reason for the restrictions is to put economic shackles on U.S. based crypto companies. Keeping these companies small and unprofitable limits their ability to sell crypto products domestically, and therefore slows the inevitable adoption of real crypto in this country.
(In the interest of disclosure, I work for such a company)
One of the amendments grants the Secretary of Commerce the authority to deny the export of any "custom-made" encryption products designed for "use in harming national security, use in the sexual exploitation of children [or] use by organized crime."
This was obviously put in to ease the concerns of the clueless and has no legal meaning whatsoever. Come on - custom-made encryption products for child pornographers? Anybody know of any?
Of course, anything that helps this bill get passed by people who don't really understand it is great in my book.
Um, reread my comment and the responses. My point was that Slashdot readers take down sites inadvertently just because we all hit the same site at once. And therefore taking down websites is not a very impressive accomplishment.
I have as much disdain for script kiddies as the next guy. In fact, probably more. Info security is my job.
Sure, more advanced life forms will probably have means of communication we can't imagine. But WE'RE emitting all kinds of detectable and clearly nonnatural signals. Who's to say they won't discover our primitive signals and respond in the same manner?
I got the impression that the author wasn't worried about outages, but about the motherboard failing to 'ask' for power... It's just one more thing that can go wrong, and isn't worth the convenience (the ability to automatically power-off like a Mac) on a server system.
Slashdot Mirror
"I still believe that people go to sites like Wired News and PC Week because they have this curiosity for the truth and this underlying belief that services [like Slashdot] don't always get it right, and they need an independent verification," said Berinato.
As far as I'm concerned he's got it backwards. When I see a Wired News story posted on Slashdot, I usually read the story, then read through the comments looking for someone who knows more about the story's subject than the author (and I usually find such a person).
With as many readers as Slashdot has we're bound to have SOMEBODY with more experience with a technical project, phenomenon or area of study than the author, who, well, sits in an office writing all day.
Well, you can "reuse" an OTP in a sense - if you have more pad data than you need you can save the rest for the next operation. You just can't reuse the same sequence.
For example, as another poster suggested you could share a really huge random stream on DVD between two locations. Then as long as you store some indication of the last byte used you can use up the data in small chunks, and when you run out you get a new DVD.
All you'd need would be a wrapper program which called HardEn/Decrypt with the message and an appropriately sized chunk of data from the DVD. This program would keep a record of the current position on the DVD, but the DVD would still hold the keying material and you couldn't do anything without it.
I believe you mean NSA... NSA is the National Security Agency, a government division which almost certainly has hardware and software beyond our imagination for cracking that which we consider uncrackable.
NCSA is the National Center for Supercomputing Applications, which theoretically could be dangerous in this regard but in practice doesn't concern itself with such things.
Yeah, and now it'll probably take him WEEKS to figure out how to do on his new Dells what he's been doing on his Altair.
Congratulations (to Roblimo, I believe?) on coming up with an interesting and informative new Slashdot feature... I hope these interviews will continue to be a regular part of Slashdot.
;-)
Who's next... Linus?
(ack... I think I'm posting twice... sorry)
I think lots of non-programmers find the idea of an intelligent robot compelling... The fact that they don't understand how it works doesn't make it any less impressive. It's an idea that has driven science fiction writers for decades.
The point of AES is solely to find a new standard algorithm to replace DES. There's nothing wrong with IDEA or RSA or lots of other algorithms (okay, except that they're patented), but if you're going to create a new standard and make huge masses of established code in industries like banking obsolete, you might as well go with the very best algorithm you can find.
And you're right, no crypto is strong enough to protect you from some attacks (e.g. Social Engineering...)
This can only be done safely with encryption. The only reference to encryption I find on the site is in the company info section - it says "Our founding team combines backgrounds in finance, encryption, telecommunications, and the Internet."
Crypto can address issues of forged or duplicated emails (though I'll wait to see how they're doing it before I trust it). Of course, it can't address issues of crashed software, lost email, etc...
Microsoft has been known to fake positive 'letters to the editor' and other P.R. from pseudo-public sources for some time now... Looks like somebody else figured it out.
I enjoy the game, but I thought the PC version showed some port-ish behavior (incorrect handling of mouse pointers and windows and such). I can't provide specifics - I haven't used the PC version in a while - but I remember the interface feeling like something developed for MacOS (which, of course, it is, but it shouldn't feel that way).
I just hope the Linux version feels a little more "native".
I'm not convinced anybody ever thought there weren't comparable crypto products available outside the U.S. If this were the real reason for the export restrictions they would have been removed long ago. Now the European crypto market is quite well developed.
As I see it, the only reason for the restrictions is to put economic shackles on U.S. based crypto companies. Keeping these companies small and unprofitable limits their ability to sell crypto products domestically, and therefore slows the inevitable adoption of real crypto in this country.
(In the interest of disclosure, I work for such a company)
One of the amendments grants the Secretary of Commerce the authority to deny the export of any "custom-made" encryption products designed for "use in harming national security, use in the sexual exploitation of children [or] use by organized crime."
This was obviously put in to ease the concerns of the clueless and has no legal meaning whatsoever. Come on - custom-made encryption products for child pornographers? Anybody know of any?
Of course, anything that helps this bill get passed by people who don't really understand it is great in my book.
"plus a unique hard drive peripheral upgrade connector"
Translation: plus a PROPRIETARY upgrade connector, not compatible with anything else on the planet.
I didn't notice - is this supposed to take the place of firewire? Whee.
Um, reread my comment and the responses. My point was that Slashdot readers take down sites inadvertently just because we all hit the same site at once. And therefore taking down websites is not a very impressive accomplishment.
I have as much disdain for script kiddies as the next guy. In fact, probably more. Info security is my job.
Sure, more advanced life forms will probably have means of communication we can't imagine. But WE'RE emitting all kinds of detectable and clearly nonnatural signals. Who's to say they won't discover our primitive signals and respond in the same manner?
Seems like crackers have to go to less and less trouble to make the news.
Hell, we slashdotters take down websites all the time...
I got the impression that the author wasn't worried about outages, but about the motherboard failing to 'ask' for power... It's just one more thing that can go wrong, and isn't worth the convenience (the ability to automatically power-off like a Mac) on a server system.
The website for the project specifically says they only queried hosts with names beginning with "ftp.", "news.", and "www.".
It's not intended to be a survey of computers connected to the internet. It's only a survey of computers serving content.
-dP