Slashdot Mirror


User: TechyImmigrant

TechyImmigrant's activity in the archive.

Stories
0
Comments
5,917
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,917

  1. Re:TrueCrypt uses XTS on Forensics Tool Finds Headerless Encrypted Files · · Score: 1

    XTS mode is deeply depressing.

    Its use represents the inability of people who don't really understand cryptography to accept a single byte of overhead for security.

    A significant class of cryptographic attacks is enabled if you do not use any redundancy in your cryptographic encoding. That is why so many good and fine protocols have things like nonces, PNs or IVs.

    But it simply wouldn't do to have to call your 1.2 TB disk a 1.1 TB disk. So the market droids win over the cryptographers and the customers who would prefer their data to be properly protected, lose.

  2. Re:Don't worry on Forensics Tool Finds Headerless Encrypted Files · · Score: 1

    My job currently requires me to hold and use very large amounts of random data. If it can happen to me, it can happen to anyone.

    Many people who don't strictly need large amounts of random data, would probably benefit from it if in fact they did have it. Particularly when the anti encryption gestapo come knocking.

  3. Re:A little more info on Australian Gov't Offers $560k Cryptographic Protocol For Free · · Score: 1

    Yes.

  4. Re:A little more info on Australian Gov't Offers $560k Cryptographic Protocol For Free · · Score: 1

    You missed the bit about it performing strong mutual authentication. What third party attacks are you concerned about?

  5. Re:A little more info on Australian Gov't Offers $560k Cryptographic Protocol For Free · · Score: 4, Informative

    The protocol looks unremarkable. They pass some entropy and IDs back and forth, using conventional standards based encryption and hash algorithms.

    Their problem is keeping the cards secure and they state clearly that they are using commercially available smart cards.

    There are secrets in the cards, an RSA private key and an AES master key. The bigger problem is keeping these secrets in the cards and distributing the keys to cards. The PLAID protocol has no bearing on these matters.

  6. Re:Please make IEEE-1588 a standard part of 1TbE on The Road To Terabit Ethernet · · Score: 1

    An open letter to any hardware vendor considering making chips for these higher speed protocols:

    Please add the timestamp counters needed to support IEEE-1588 Precise Timing Protocol. These counters don't add much in the way of complexity when added to the NIC, but they are VERY complex to add after the fact.

    Being able to synchronize the clocks of 2 hosts to 5nS or less may seem esoteric right now, but for these sorts of transfer speeds, you are going to have a significant number of users (Test and Measurement folks like me, scientists at places like CERN and FermiLab, grid computing) who will need that kind of time sync.

    http://www.ieee802.org/1/pages/802.1as.html

    There you go.

  7. Re:In Other News.. on Intel Responds To X25-M Fragmentation Issue · · Score: 0

    I authored that comment. I considered it on topic because the topic is the response of a huge corporation to reports of dysfunction in its product.

    The humor was in comparing Intel's quick, honest and effective response to a product dysfunction to Microsoft's failure over decades to respond to the well documented dysfunction in its OS products.

  8. In Other News.. on Intel Responds To X25-M Fragmentation Issue · · Score: 2, Funny

    In other news, Microsoft has responded to reports that Windows Vista is slow, buggy, insecure and horribly bloated by releasing DOS 3.2

  9. Re:It Works Just Fine in Portland on Clearwire Plans Silicon Valley "Sandbox" WiMax Net · · Score: 1

    The West side, from Portland to Forest Grove, Beaverton to Tigard.

    I haven't tried the other side.

  10. It Works Just Fine in Portland on Clearwire Plans Silicon Valley "Sandbox" WiMax Net · · Score: 2, Insightful

    I have Clearwire service in Portland, Oregon. It is through a WiMAX USB dongle.

    I get a reliable 2MB-8MB IP data service, wherever I am in the Portland area. No more, no less. 3G data services don't come close in price or data performance.

    It is a lot less hassle than messing with the myrid different schemes for accessing 802.11 networks when on the go.

    So I get fiber to home, high speed mobile internet through 802.16 and I get to design crypto in microprocessors. Who needs silicon valley? Portland is the place for a Geek to be. Even Linus lives nearby.

  11. Re:Personal experience on DHS To Grab Biometric Data From Green Card Holders · · Score: 1

    >I'm a greencard holder married to a local, resident since Aug. '98... I've been out of the country, oh, say 25 times since then, and was fingerprinted on 75% of re-entries... what's the fuss? If you hold a greencard they ALREADY have those fingerprints. Object to that if you can find a good reason.

    Me too. Similar numbers, came in 1999, American wife, I travel a lot. Except I've been fingerprinted 0 times. They clearly don't like you very much.

  12. Re:US citizens will be next? on DHS To Grab Biometric Data From Green Card Holders · · Score: 1

    >The point is that to get a green card you must be cleared with the FBI, have almost every cavity of your body manually inspected, your picture and fingerprints taken and have a full medical check-up. So, what's the point of taking picture and fingerprints again every time a green card holder crosses the border? Do you really feel safer because DHS do it?

    It depends what they're doing it for. They took my fingerprints as part of the green card process. If they're taking my fingerprint on the border as some sort of tracking, that's really dumb. They have my name, number and fingerprint already. If they are taking the fingerprint to match against the green card fingerprint database as some sort of biometric authentication that I'm really the guy associated with the green card, then that makes some sort of sense. Although in the big picture it is a waste of time, green card abuse isn't the greatest threat to my day to day health and safety.

  13. Re:A crack on The Real Story On WPA's Flaw · · Score: 1

    >I think it's fair to claim the WPA is currently broken.

    Yes its broken when used in concert with normal network protocols. You can use the TKIP attack to launch an ARP poisoning attack.

    >The only correct response is to come to the realization that there is currently no secure wireless security protocol (at least not one that is standardized and in wide use).

    What's wrong with CCMP? Or PKMv2?

  14. Re:A crack on The Real Story On WPA's Flaw · · Score: 2, Informative

    In the 802.11 spec, WPA (a marketing term) is called a TSN. CCMP (WPA2) is called an RSN.

    T stands for Transitional.
    R stands for Robust.

    TKIP was known to be at risk of cryptographic attack at the time of its creation and was created for use on older hardware. Hence the name. We were supposed to transition to newer hardware which could implement an RSN.

    If we had followed the spec, we would have transitioned to AES/CCMP/WPA2 and future attacks on TKIP would be moot.

  15. Beware of the curse of Reiser on Shuttleworth On Redefining File Systems · · Score: 1

    Meddle not in the ways of filesystems. Lest you succumb to the curse of Reiser.

  16. Re:That's it on Every Email In UK To Be Monitored · · Score: 0, Redundant

    I already left.

  17. Re:WiMax and OFDM on WiMax Is Finally Coming — Here's How It Performs · · Score: 1

    The standard supports both half and full duplex radios. The BS scheduler takes into account the capability of the SS when scheduling when it can receive or transmit.

    The advanced pilot structures in OFDMA permit rapid doppler compensation, MIMO and other funky stuff.

    The period ranging is increased in rate for mobile terminals to provide for estimation of the more rapidly changing channel and appropriate power and timing adjustment.

    Every radio, especially a super linear one needed for OFDM will have dynamic range issues, but they are not particularly insurmountable. There are the usual collection of PAPR reduction and power control mechanisms in place in the spec.

  18. Re:Clearwire - Security through Obscurity on WiMax Is Finally Coming — Here's How It Performs · · Score: 1

    As before, crypto in 802.16 is link security. Good for hiding your on air packets but that is a side effect of the primary purpose of preventing theft of service.

    It has nothing to do with end to end security. Use SSL/SSH/TLS/IPSec or whatever for that.

  19. Re:Clearwire - Security through Obscurity on WiMax Is Finally Coming — Here's How It Performs · · Score: 1

    FYI - The WiMAX Standard Profiles require that all devices support strong payload encryption over-the-air, as spelled out in the 802.16 standard.

    Whether a network is configured to enable that feature is an operator choice; this generation of equipment may still have 'compromises', as in "It's supported!", but if you turn it on for everybody the scheduling of users gets crappy and packets dropped because the network processor's memory bandwidth is eaten up by 2x more users data going to and from the HW crypto accelerator.

    Yes, I've worked in wireless telco.

    The crypto overhead is 12 bytes per MPDU. Given the packing and fragmentation, this doesn't mean 12 bytes per MSDU aka IP packet.

    Carriers want it on not because it protects users, but because it protects them from theft of service.

    The per packet processing overhead is effectively zero if you implement it right. The spec was written the way it was written to permit an inline AES-CCM unit in the datapath with a latency of no more than 11 clocks. A tiny sliver of silicon can cope with all the crypto load of a BS. Implementers who decide to offload the crypto onto processors are fools.

  20. Re:WiMax and OFDM on WiMax Is Finally Coming — Here's How It Performs · · Score: 1

    Just to clarify - OFDM is the modulation method used to convery data.

    Is "OFDM" a real thing or is it just some dyslexic's way of spelling ODFM?

    Orthogonal Frequency Division Multiplex. But you already knew that.

    OFDM variants of 802.16 have been around for a while. OFDM is a generic term for a form of modulation. However in 802.16, OFDM is a specific physical layer specification that covers more than modulation. It covers the frame structure and things that in other specs would be considered a MAC.

    There are other PHYs in 802.16. SC, SCa, OFDMA etc.

    The one that is the basis of the promised mobile WiMAX networks is OFDMA. The point being it has super sexy multiple access in the uplink where the multiple users transmit at the same time, on the same frequency with the orthogonal subcarriers from the same OFDM symbol magically interleaving.

    OFDM mode is more to do with fixed deployments.

    They both make 3G look like RS232.

    Also the link security is actually secure, which is my fault. Sorry. The backhaul isn't though. It never will be. Use end to end security because VoIP has LI.

  21. Re:What's new there, though? on ISO Relevance Questioned After OOXML Appeals Fail · · Score: 5, Informative

    everywhere but the US metric is the standard

    Been to the UK lately?

    Yes.
    By law, goods are sold in metric units.
    Paper sizes are metric.
    Metric is the system taught in schools and used in engineering.

    There are some exceptions, mostly for beer and sprits.
     

  22. Re:Not 'Unsecured'. It's 'Open System' on Defcon "Warballoon" Finds 1/3 of Wireless Networks Unsecured · · Score: 1

    Separating guest traffic on a VLAN is a fine idea.

    It's a shame that off the shelf, consumer grade wireless routers don't do it.
     

  23. Not 'Unsecured'. It's 'Open System' on Defcon "Warballoon" Finds 1/3 of Wireless Networks Unsecured · · Score: 4, Insightful

    802.11 APs that people refer to as being 'unsecured' are in fact broadcasting a beacon declaring them to be 'Open System'. It is right there in the spec, section 8.2.2.2 .

    'Open System' means exactly that. Come on it. We're open.

    This is a good thing. I don't secure my wireless LAN. I secure my computers. If people want to borrow a bit of my bandwidth, go right ahead. My neighbor does it all the time when he can't get his crappy cable internet to work.

    This should be encouraged. Call them 'Open' and call it a good thing.

  24. Re:Brought to you by closed source on More Skype Back Door Speculation · · Score: 1

    Open or not, you can't provide a VoIP-POTS switch service as Skype do, without running into the LI (Lawful Intercept) laws that scatter the world.

  25. Re:Damn you, technology! on GPS Tracking Device Beats Radar Gun in Court · · Score: 4, Insightful

    >Now there's a neat project idea: create a GPS spoofing device.

    That is a standard piece of GPS test equipment. A test GPS signal source and an antenna cone to place over the GPS device. Any time and location can be spoofed.