But as usual, are they brute-forcing the key, or the passphrase? If it's a passphrase, that's almost always weaker than the key. Even if it's twenty ascii chars, that might not translate to 140 bits entropy depending on how strong and complex the passphrase is.
The Mecury Theater show at the time never had commercial breaks, so even that wasn't that exceptional. Although I could see it leading to some confusion if you were just spinning through the dial.
There's a second component to the urban legend. That Welles himself was perpetrating a hoax. That he was trying to 'punk' the audience. That he didn't provide an explanation at the beginning of the show. That there weren't commercials throughout the week advertising Mercury Theater's special Halloween performance of War of the Worlds. He did and there were.
They're selling a Kingston Datatraveller. Is that one of the models that SySS cracked or not? I can't tell. It looks like it's got additional hardening, but I don't know if I trust kingston at the moment. It'd help if the spyrus site acknowledge the crack: THIS MODEL IS NOT VULNERABLE or something with an explanation.
Where I used to work, some people printed out all their emails. They'd print IN COLOR if there were any http addresses in the article, because of course http addresses are blue...
I'm guessing he would raise hell if they did that. Does Russia have the 'right to publicity' in their laws? It's not like I can just setup the "Obama Prize" and start giving awards to late-term abortion doctors without getting into trouble.
that lives with his wife in Ponca City, Oklahoma? The one who has a degree in physics? The one who spent several years in Peru working for the Peace Corps? The one who planned to go to Mongolia (aka Red China) in 2009?
That argument doesn't make sense. It's not a touch-screen. It doesn't matter where the physical location of your mouse is. That doesn't map to the pointer location. If I move my mouse to the left side of the keyboard, nothing changes. If I use my left hand instead of my right, the pointer doesn't automatically jump to the left side.
Also, considering that I can move my mouse all the way from one side of the screen to the other by simply bending my wrist, while my arm remains stationary, I don't see how it's adding any more work. My muscles didn't exactly start getting sore after the switch.
Not very useful data. If ubuntu has eight million users like they claim, they only need four million and one to complain to change the settings... Even if, say one-thousand, or even ten-thousand people signed a petition to get the buttons back on the other side, it's pretty meaningless. Maybe everyone who signed represents a hundred people who don't like it but didn't bother to complain. Maybe it's one-to-one. There's really no way to know what the numbers mean and extrapolate that out.
Don't image new freaking machines while the bot-net is going crazy on your network. At least not without putting them behind a NAT. You won't get the first round of patches fast enough, and you'll kick off another round of infections. Might seem like common sense, but some jackasses at an old company just kept on imaging new computers during a huge outbreak. And couldn't figure out why they were getting infected.
PGP signing could work, but I don't know if it's exactly business-friendly. I don't think PGP encryption would work in this case. There's no way to encrypt to a 'group', you need to encrypt to individual users. That means re-encrypting a bunch of documents every time you have a new hire or someone changes responsibilities.
It's also the whole monopoly thing. They got into big trouble for bundling a free browser into windows. Because, I mean, what OS actually comes with a browser? (Of course things were a little different in 1995.)
I was referring specifically to the claim about government supercomputers that can crack commercial encryption in seconds. They can't just crack an OpenPGP message. And it's the same with AES-256, too.
Enigmail actually has a wizard that's pretty handy. It'll even generate a key for you if you don't have one. One click to grab another user's public key from the keyservers. If they email it to you, it tells you what button to click to import it.
S/MIME is actually a lot more transparent to end users than OpenPGP. Once it's setup you don't need a passphrase. If you send someone an S/MIME signed message, your public key will usually get automatically imported. It's also on by default in way more client software. The big downside is you need a certificate from a trusted certificate authority, but you can get a free one from Comodo...
More importantly, to actually encrypt I'd need every slashdot user's public key in the message. Although it'd be interesting if some message board software would check a signature, verify, and replace it with a green check box or something.
OpenPGP was specifically designed to be NSA-proof. Unless the NSA has secretly figured out some novel way to factor numbers that is unknown in the academic world, an appropriately setup OpenPGP encrypted message won't get hacked.
The way the math works out, the average time to crack a key will be half the total time, assuming a reasonably random key. Awaiting lame Spaceballs jokes.
Of course it could have been produced in Taiwan, which actually does a lot of electronics manufacturing...
Or it could have been a hacked XP disk that many less than reputable mom-and-pop computer shops were using. One of the more popular ones defaulted to Chinese...
Slashdot Mirror
But as usual, are they brute-forcing the key, or the passphrase? If it's a passphrase, that's almost always weaker than the key. Even if it's twenty ascii chars, that might not translate to 140 bits entropy depending on how strong and complex the passphrase is.
Then they'd just be M's... ;-)
The Mecury Theater show at the time never had commercial breaks, so even that wasn't that exceptional. Although I could see it leading to some confusion if you were just spinning through the dial.
There's a second component to the urban legend. That Welles himself was perpetrating a hoax. That he was trying to 'punk' the audience. That he didn't provide an explanation at the beginning of the show. That there weren't commercials throughout the week advertising Mercury Theater's special Halloween performance of War of the Worlds. He did and there were.
They're selling a Kingston Datatraveller. Is that one of the models that SySS cracked or not? I can't tell. It looks like it's got additional hardening, but I don't know if I trust kingston at the moment. It'd help if the spyrus site acknowledge the crack: THIS MODEL IS NOT VULNERABLE or something with an explanation.
They offered their original non-encrypted drive in a 'without-a-knife' option.
But if you really want a USB stick that's just a USB stick with some encryption, I'd go with a IronKey. http://www.ironkey.com./
But is a stack of printed paper really any better than just emailing every email to a gmail account with a bcc?
Well obviously Lexmark inkjet printers are way cheaper than HP or Xerox lasers... ;-)
Where I used to work, some people printed out all their emails. They'd print IN COLOR if there were any http addresses in the article, because of course http addresses are blue...
I'm guessing he would raise hell if they did that. Does Russia have the 'right to publicity' in their laws? It's not like I can just setup the "Obama Prize" and start giving awards to late-term abortion doctors without getting into trouble.
that lives with his wife in Ponca City, Oklahoma? The one who has a degree in physics? The one who spent several years in Peru working for the Peace Corps? The one who planned to go to Mongolia (aka Red China) in 2009?
http://www.peacecorpswiki.org/Hugh_Pickens
That argument doesn't make sense. It's not a touch-screen. It doesn't matter where the physical location of your mouse is. That doesn't map to the pointer location. If I move my mouse to the left side of the keyboard, nothing changes. If I use my left hand instead of my right, the pointer doesn't automatically jump to the left side.
Also, considering that I can move my mouse all the way from one side of the screen to the other by simply bending my wrist, while my arm remains stationary, I don't see how it's adding any more work. My muscles didn't exactly start getting sore after the switch.
Not very useful data. If ubuntu has eight million users like they claim, they only need four million and one to complain to change the settings... Even if, say one-thousand, or even ten-thousand people signed a petition to get the buttons back on the other side, it's pretty meaningless. Maybe everyone who signed represents a hundred people who don't like it but didn't bother to complain. Maybe it's one-to-one. There's really no way to know what the numbers mean and extrapolate that out.
Don't image new freaking machines while the bot-net is going crazy on your network. At least not without putting them behind a NAT. You won't get the first round of patches fast enough, and you'll kick off another round of infections. Might seem like common sense, but some jackasses at an old company just kept on imaging new computers during a huge outbreak. And couldn't figure out why they were getting infected.
Of course when he tells them it costs twenty bucks per user per year to get an X.509 certificate, that option will probably go off the table...
PGP signing could work, but I don't know if it's exactly business-friendly. I don't think PGP encryption would work in this case. There's no way to encrypt to a 'group', you need to encrypt to individual users. That means re-encrypting a bunch of documents every time you have a new hire or someone changes responsibilities.
It's also the whole monopoly thing. They got into big trouble for bundling a free browser into windows. Because, I mean, what OS actually comes with a browser? (Of course things were a little different in 1995.)
I was referring specifically to the claim about government supercomputers that can crack commercial encryption in seconds. They can't just crack an OpenPGP message. And it's the same with AES-256, too.
Enigmail actually has a wizard that's pretty handy. It'll even generate a key for you if you don't have one. One click to grab another user's public key from the keyservers. If they email it to you, it tells you what button to click to import it.
S/MIME is actually a lot more transparent to end users than OpenPGP. Once it's setup you don't need a passphrase. If you send someone an S/MIME signed message, your public key will usually get automatically imported. It's also on by default in way more client software. The big downside is you need a certificate from a trusted certificate authority, but you can get a free one from Comodo...
More importantly, to actually encrypt I'd need every slashdot user's public key in the message. Although it'd be interesting if some message board software would check a signature, verify, and replace it with a green check box or something.
OpenPGP was specifically designed to be NSA-proof. Unless the NSA has secretly figured out some novel way to factor numbers that is unknown in the academic world, an appropriately setup OpenPGP encrypted message won't get hacked.
This mythical quantum computer with it's mythical algorithm is still subject to thermodynamics...
The way the math works out, the average time to crack a key will be half the total time, assuming a reasonably random key. Awaiting lame Spaceballs jokes.
http://en.wikipedia.org/wiki/Brute_force_attack#Theoretical_limits
You mean you don't have a usb toaster? http://store.theonion.com/product/usb-powered-toastergift-box,29/
Of course it could have been produced in Taiwan, which actually does a lot of electronics manufacturing... Or it could have been a hacked XP disk that many less than reputable mom-and-pop computer shops were using. One of the more popular ones defaulted to Chinese...