I find it interesting that not having security clearance is viewed as an impediment.
I'm well employed in computer security and not having any clearance, not having signed any government secrets agreement has been an essential part of being able to do my job.
While I work with people with clearances, I simply cannot trust them for specific things because it is not possible to know who they are really working for. Once you have signed up, you are clear for some government work, but tainted for work on the outside. Take your pick.
An ARM like that will do fine. Program it up and tell us how fast it goes. Ed25519 ECDSA and Curve25519 ECDH. There's reference code all over the internetz.
Why should the government, or anyone not financially involved in the design, construction, and operation of the datacenter pay if the datacenter is not operating within the parameters that it was licensed for?
Of course I haven't read the article, but is that true? Is the datacenter louder than they said it would be when the approval was granted, or are people just now deciding to complain about it?
It seems like they were deciding to complain about it when they turned the generators on and they realized their lives would be a living hell from then on.
France is a notorious pain in the ass place to try to do business, and especially in Paris and especially for companies that aren't french. They would have probably gotten a warmer reception trying to build a high-rise apartment building in San Francisco.
I get to watch maybe 2 shows a week when I'm paying attention. 0 when I have other things to do.
It's not a case of being able to access specific shows, it's a case of whether or not there is something to watch in the vast number of shows available to me. There usually is.
Currently half way through Salamander on Netflix. There are plenty of places to pay for movies online if that's your bag.
The abstracts are available. You can find who wrote it. If I need a paper I email one of the authors and they send it. People email me asking for papers I wrote.
Why the need for tweeting?
Methinks the author might possibly have something else to do besides answering requests for papers all day.
That's somebody else's problem. The 2 or 3 people who read my papers don't represent a major load on my work day.
Interesting you say that. I've been using one, the CC2541, because it's got a bluetooth radio built in. It's 32MHz with 2-5 cycles per instruction, most clustering towards 2, hardware divider and so on. It's somewhat comparable to an small ATMEL in speed. It's also got an AES128 unit built in so that's very fast.
I've not been using the crypto though.
It's the 256 bit multiplication with modulo reduction that is a problem for things with limited addressing. It can be done, but it will be a few times slower than something done on 32 bits because there are so many more iterations. So I wouldn't choose an 8051 for that, but that doesn't mean you can't use a modern 8051 if that the processor you're given.
The small ARMs are plenty capable, as long as you don't do silly things like 4096 RSA. Ed25519 and Curve25519 are pretty darned lightweight and get you 128 bit brute force bounds which matches AES nicely.
For that kind of thing, Atmel would be the first place I look but there are plenty more. Anything 32 bit will be fine. You might be able to squeeze it into a 16 bit AVR class device, but the ECDH might take a few hundred milliseconds.
I wrote python implementation of all these algorithms (to verify the vectors match for hardware implementations) and Ed25519 and Curve25519 run in non human perceptible time on a desktop. C on a micro will be fine. Just stay away from 8051s.
I could give you exact clock counts for native hardware implementations but then I would have to shoot you.
This explains why I keep getting poor quality scans of papers that logically never needed scanning because they started out in Latex before landing as PS and PDF.
The abstracts are available. You can find who wrote it. If I need a paper I email one of the authors and they send it. People email me asking for papers I wrote.
I'd always heard you were NOT supposed to make your tea with boiling water...just under boiling was the correct way to do it...?
I have been told by someone who knows about tea that the best way to do it is have the teapot on the other side of the kitchen from the kettle. Once the water boils, in the time it takes to carry the kettle to the teapot, the temperature is just right.
The main thing is you don't want to boil the tea.
Yes. Exactly correct. with black tea you need to start with boiling water and then pour it over the tea bags, but take a few seconds between boiling and pouring so the temperature is just right.
What is this "prior art" concept you speak of? It sounds antiquated; I'll race you to the patent office.
The prior art is what I thought of this morning (a kettle with rechargeable batteries in the base that speed up the boiling when used by adding to the power from the mains). By posting the idea here in the open, no one else could patent such a thing.
Absolutely not. Boiling water releases all the dissolved gasses and makes the tea taste flat. You do not boil water for tea, you heat it to a point just below.
The tea leaves don't care if the water is boiling.
By the time you turn off the boiling kettle and move it to the tea kettle or mug, then pour it through the air, it is a point just below 100C. A little bit of practice helps you get the timing right.
Yes the supply of hardware engineers is ok. The supply of cryptographers is low and the supply of cryptographers who can also design production quality silicon designs is horribly low. So we're expensive. But those costs ameliorated over millions of chips isn't high. So for volume products it's ok and usually those chips are available in the market for use in low volume products as well.
Hardcoding keys into silicon without a huge amount of clever obfuscation hardware is indeed idiotic, when extracting one of those keys leads to a BORE (Break Once, Reuse Everywhere) attack.
I'm now attempting to resist the temptation to build one and retrofit it into my kettle.
3D printed base to store the batteries. A simple charger-switchover circuit, a second element, a temperature sensor and a little micro to tell it when to charge and when to heat.
Try to patent it and this slashdot post will be the prior art to destroy you in court...
Security is only expensive relative to the prices for components that kettle manufacturers dream of.
Relative to your wallet, the cost of the silicon area for some public key and symmetric crypto along with a good RNG is a fraction of a cent up front and a few cents at the end of the producer-consumer chain. This I know because it's my job to design this stuff.
You'd probably be happy to pay a few cents extra per product for all devices to employ good crypto hardware, but somewhere along the chain is some idiot saying security is expensive.
Great! Now I can be micromanaged at home over "your kettle says you steeped your tea for 1m30s at 173 degrees! Savage! This is an Oolong or gods sake!"
Isn't that illegal? You'll have the tea inspectors round if you aren't careful.
Slashdot Mirror
I find it interesting that not having security clearance is viewed as an impediment.
I'm well employed in computer security and not having any clearance, not having signed any government secrets agreement has been an essential part of being able to do my job.
While I work with people with clearances, I simply cannot trust them for specific things because it is not possible to know who they are really working for. Once you have signed up, you are clear for some government work, but tainted for work on the outside. Take your pick.
LOL u suck
You can read one if you like. http://www.deadhat.com/papers/...
That isn't enough to get me to jack in my job and go bug hunting full time.
An ARM like that will do fine.
Program it up and tell us how fast it goes. Ed25519 ECDSA and Curve25519 ECDH.
There's reference code all over the internetz.
Why should the government, or anyone not financially involved in the design, construction, and operation of the datacenter pay if the datacenter is not operating within the parameters that it was licensed for?
Of course I haven't read the article, but is that true? Is the datacenter louder than they said it would be when the approval was granted, or are people just now deciding to complain about it?
It seems like they were deciding to complain about it when they turned the generators on and they realized their lives would be a living hell from then on.
Who do you think you're kidding? Paris is a shithole, a sewer, a garbage dump.
Not all of it. Like all cities there are nice bits and scummy bits.
France is a notorious pain in the ass place to try to do business, and especially in Paris and especially for companies that aren't french. They would have probably gotten a warmer reception trying to build a high-rise apartment building in San Francisco.
But the restaurants are great.
in the US we would generally try to use ballistic tanks if close to the property line or any sensitive locations.
I'd prefer the tanks were tethered securely to the ground.
I get to watch maybe 2 shows a week when I'm paying attention. 0 when I have other things to do.
It's not a case of being able to access specific shows, it's a case of whether or not there is something to watch in the vast number of shows available to me. There usually is.
Currently half way through Salamander on Netflix.
There are plenty of places to pay for movies online if that's your bag.
The abstracts are available. You can find who wrote it. If I need a paper I email one of the authors and they send it.
People email me asking for papers I wrote.
Why the need for tweeting?
Methinks the author might possibly have something else to do besides answering requests for papers all day.
That's somebody else's problem. The 2 or 3 people who read my papers don't represent a major load on my work day.
Why the need for tweeting?
Because you can get the paper from somebody other than the author.
Perhaps I should go and get more coffee. My brain isn't working this morning.
Just stay away from 8051s.
Interesting you say that. I've been using one, the CC2541, because it's got a bluetooth radio built in. It's 32MHz with 2-5 cycles per instruction, most clustering towards 2, hardware divider and so on. It's somewhat comparable to an small ATMEL in speed. It's also got an AES128 unit built in so that's very fast.
I've not been using the crypto though.
It's the 256 bit multiplication with modulo reduction that is a problem for things with limited addressing. It can be done, but it will be a few times slower than something done on 32 bits because there are so many more iterations. So I wouldn't choose an 8051 for that, but that doesn't mean you can't use a modern 8051 if that the processor you're given.
The small ARMs are plenty capable, as long as you don't do silly things like 4096 RSA.
Ed25519 and Curve25519 are pretty darned lightweight and get you 128 bit brute force bounds which matches AES nicely.
For that kind of thing, Atmel would be the first place I look but there are plenty more. Anything 32 bit will be fine. You might be able to squeeze it into a 16 bit AVR class device, but the ECDH might take a few hundred milliseconds.
I wrote python implementation of all these algorithms (to verify the vectors match for hardware implementations) and Ed25519 and Curve25519 run in non human perceptible time on a desktop. C on a micro will be fine. Just stay away from 8051s.
I could give you exact clock counts for native hardware implementations but then I would have to shoot you.
This explains why I keep getting poor quality scans of papers that logically never needed scanning because they started out in Latex before landing as PS and PDF.
The abstracts are available. You can find who wrote it. If I need a paper I email one of the authors and they send it.
People email me asking for papers I wrote.
Why the need for tweeting?
I have been told by someone who knows about tea that the best way to do it is have the teapot on the other side of the kitchen from the kettle. Once the water boils, in the time it takes to carry the kettle to the teapot, the temperature is just right.
The main thing is you don't want to boil the tea.
Yes. Exactly correct. with black tea you need to start with boiling water and then pour it over the tea bags, but take a few seconds between boiling and pouring so the temperature is just right.
What is this "prior art" concept you speak of? It sounds antiquated; I'll race you to the patent office.
The prior art is what I thought of this morning (a kettle with rechargeable batteries in the base that speed up the boiling when used by adding to the power from the mains). By posting the idea here in the open, no one else could patent such a thing.
Tea requires boiling water.
Absolutely not. Boiling water releases all the dissolved gasses and makes the tea taste flat. You do not boil water for tea, you heat it to a point just below.
The tea leaves don't care if the water is boiling.
By the time you turn off the boiling kettle and move it to the tea kettle or mug, then pour it through the air, it is a point just below 100C. A little bit of practice helps you get the timing right.
Yes the supply of hardware engineers is ok. The supply of cryptographers is low and the supply of cryptographers who can also design production quality silicon designs is horribly low. So we're expensive. But those costs ameliorated over millions of chips isn't high. So for volume products it's ok and usually those chips are available in the market for use in low volume products as well.
Hardcoding keys into silicon without a huge amount of clever obfuscation hardware is indeed idiotic, when extracting one of those keys leads to a BORE (Break Once, Reuse Everywhere) attack.
It might be time to get some. Shame, I mean.
Only if it's WiFi connected.
Well the 'nice' part is debatable. The rest you say is true.
I used to have one of those. But me and my teasmade parted company when I moved to the USA.
I'm now attempting to resist the temptation to build one and retrofit it into my kettle.
3D printed base to store the batteries. A simple charger-switchover circuit, a second element, a temperature sensor and a little micro to tell it when to charge and when to heat.
Try to patent it and this slashdot post will be the prior art to destroy you in court...
Security is only expensive relative to the prices for components that kettle manufacturers dream of.
Relative to your wallet, the cost of the silicon area for some public key and symmetric crypto along with a good RNG is a fraction of a cent up front and a few cents at the end of the producer-consumer chain. This I know because it's my job to design this stuff.
You'd probably be happy to pay a few cents extra per product for all devices to employ good crypto hardware, but somewhere along the chain is some idiot saying security is expensive.
Great! Now I can be micromanaged at home over "your kettle says you steeped your tea for 1m30s at 173 degrees! Savage! This is an Oolong or gods sake!"
Isn't that illegal?
You'll have the tea inspectors round if you aren't careful.