Slashdot Mirror


User: TechyImmigrant

TechyImmigrant's activity in the archive.

Stories
0
Comments
5,917
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,917

  1. Re:Well, just don't go... on Brazil Blocks Foreign Mobile Phones · · Score: 1

    Please don't. I'll be going for a university engagement and a bunch of rowdy football travelers are going to gum up the flights and push prices up.

  2. Re:Precisely how... on Shuttleworth Wants To Get Rid of Proprietary Firmware · · Score: 1

    I hate ACPI and avoid it at all costs. But I'm fully aware that if you removed ACPI, you would have to replace it with something. My Apple 2 has a scheme for mapping ROMs on cards into memory and calling them at boot time based on descriptors in the ROMs. It has to exist in some form.

     

  3. Re:Precisely how... on Shuttleworth Wants To Get Rid of Proprietary Firmware · · Score: 1

    Not on target systems I don't control. Can I plug my new thing into the USB port of a Samsung phone? Not if I have to replace the kernel. The thing is locked.

    You can arrange your own machines how ever you like, but if you're building things to work on everyone's machines, then you need to test it in many contexts that you don't control.

  4. Re:Precisely how... on Shuttleworth Wants To Get Rid of Proprietary Firmware · · Score: 1

    ACPI solves a problem

    And creates half a dozen worse problems in the process.

    Which bit of "ACPI is horrible, and I'm all for replacing it with something better" did you miss?

  5. Re:Precisely how... on Shuttleworth Wants To Get Rid of Proprietary Firmware · · Score: 2

    Declarative firmware only gets you so far. You can say 'Register to do X is at this address' but without software than knows what the hell to do with X you don't have a solution. Without an open interface spec, you can't write the software.

    That's why open interface specifications are a prerequisite for a bottom-up auditable code set.

  6. Re:Precisely how... on Shuttleworth Wants To Get Rid of Proprietary Firmware · · Score: 5, Interesting

    I'm talking about the device not the kernel.

    I can compile up my own kernel and test my device against it. But I can't go and deploy my device on the myriad computer/OS configurations out there if I need stuff compiled into the kernel. ACPI solves a problem. If your solution that replaces ACPI doesn't solve the problem ACPI solves while also solving the trojan-via-firmware problem, then it's useless. ACPI is horrible, and I'm all for replacing it with something better but I'm not seeing a proposal that does both.

  7. Re:Precisely how... on Shuttleworth Wants To Get Rid of Proprietary Firmware · · Score: 5, Insightful

    I design hardware. I could wait for someone to accept my changes into the Linux Kernel before I start testing it, or I could write some firmware accessible through ACPI.

    What Shutters wants is irrelevant. What he needs is open interface specifications to the hardware.

  8. Re:Hypothesis not demonstrated nor peer reviewed. on Weak Apple PRNG Threatens iOS Exploit Mitigations · · Score: 1

    No. I was pointing out that a PRNG isn't an entropy extractor and a PRNG with a long period still isn't an entropy extractor.

    An entropy extractor has to throw out less data than it takes in in order to increase the per bit entropy. A PRNG does the opposite. It takes in a seed and throws out more data than the length of the seed.

  9. Re:Wait a second on Target Ignored Signs of Data Breach · · Score: 1

    The world has moved on and left you behind. The most effective silicon validation team I know is in Bangalore. We employ people in Bangalore because they're good.

  10. Re:Hypothesis not demonstrated nor peer reviewed. on Weak Apple PRNG Threatens iOS Exploit Mitigations · · Score: 1

    A long period length does not make a good extractor.

  11. Re:Why do we have all these custom PRNGs? on Weak Apple PRNG Threatens iOS Exploit Mitigations · · Score: 1

    I was the chubby guy at the front ranting about theoretical models.

  12. Re:Hypothesis not demonstrated nor peer reviewed. on Weak Apple PRNG Threatens iOS Exploit Mitigations · · Score: 1

    To be fair, I tried googling "what is a good entropy extraction algorithm" and I got back a combination of nonsense and mathematical mumbo jumbo.
    Maybe Bing would give better results but I would feel dirty trying.

  13. Re:Confederacy of Dunces on Google and Microsoft Both Want To Stop Dual-Boot Windows/Android Device · · Score: 1

    good quote, crappy book.

  14. Re:Hypothesis not demonstrated nor peer reviewed. on Weak Apple PRNG Threatens iOS Exploit Mitigations · · Score: 1

    If they'd used one of the many extractors with proven properties, they would know exactly how strong it was.

  15. Re:Why do we have all these custom PRNGs? on Weak Apple PRNG Threatens iOS Exploit Mitigations · · Score: 1

    That's because SP800-90B and C are still in draft form.

    Weren't you at the NIST RNG Workshop helping to get them finished? Thought not.

  16. Re:Hypothesis not demonstrated nor peer reviewed. on Weak Apple PRNG Threatens iOS Exploit Mitigations · · Score: 1

    This isn't a fight between Mandt and Apple. This is Apple being expected to 'do the right thing'. Using an LCG for extraction isn't close to the right thing.

  17. Re:Entropy Extraction on phones on Weak Apple PRNG Threatens iOS Exploit Mitigations · · Score: 1

    That's a chip design problem. Power on dependencies matter.

  18. Re:Hypothesis not demonstrated nor peer reviewed. on Weak Apple PRNG Threatens iOS Exploit Mitigations · · Score: 1

    No. You prove your extractor function is strong. If you don't do that you have nothing.

    Dodis et al. proved that CBC-MAC is a strong extractor and that is what we use in our products as a result.

    LCGs are not shown to be strong extractors to my knowledge. I can see how LCGs might fail completely if the input data isn't IID. Yuval Peres whiteners are in a similar state. There are proofs of its extraction properties, but only for IID data and you cannot get IID data out of the real world.

  19. Re:Hardware on Weak Apple PRNG Threatens iOS Exploit Mitigations · · Score: 2

    >Either way, the proof of a good (P)RNG is in statistical analysis of the output.

    No. The proof of a PRNG is in mathematical analysis of the algorithm.
    The proof of the implementation is in test vectors and known answer tests.

  20. Re:all PRNGs are deterministic on Weak Apple PRNG Threatens iOS Exploit Mitigations · · Score: 1

    This is true. Not something that can be said of most posts under this article.

  21. Re:all PRNGs are deterministic on Weak Apple PRNG Threatens iOS Exploit Mitigations · · Score: 1

    >I'm aware of the intel RNG that uses additional info

    No. It does not use 'additional info', personalization strings or derivation function. There are no external inputs when it's running. It's the simplest instantiation of an SP800-90A AES-CTR-DRBG possible.

    Who told you it uses additional info? They were talking out of their arse.

  22. Re:Not responsible disclosed on Weak Apple PRNG Threatens iOS Exploit Mitigations · · Score: 2

    More like replacing ad-hoc PRNGs with a standard's compliant ones that enjoys some consensus amongst cryptographers that it's fit for purpose.

  23. Portal on Interviews: Ask Jonathan Coulton What You Will · · Score: 2

    Did you finish Portal 1 and 2?

  24. Re:This is what Thatcher was good at on Environmentalists Propose $50 Billion Buyout of Coal Industry - To Shut It Down · · Score: 1

    Don't confuse British conservatism with US conservatism. They are not the same things at all.

  25. Entropy Extraction on phones on Weak Apple PRNG Threatens iOS Exploit Mitigations · · Score: 3, Informative

    The article incoherently addresses entropy extraction, not matters of PRNGs but the author doesn't appear to understand the difference.
    However the 'issue' is still an issue. Predictable output is bad in this context.

    What amazes me is when designers flap around looking for 'random looking' things in memory and interrupts to munch together to get entropic numbers when it's in a phone with a radio next to it which as directly sampling noise and is entirely capable of making it available to the OS for used in seeding PRNGs.

    It's not just Apple. They all do it.