This reminds me of the/bin/true shipped in Solaris:
bash-2.05$ cat/bin/true
#!/usr/bin/sh
# Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T
# All Rights Reserved
# THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T
# The copyright notice above does not evidence any
# actual or intended publication of such source code.
Yep, the empty program is "UNPUBLISHED PROPRIETARY SOURCE CODE". It might explain why some proprietray confidential stuff are found in other projects...
Yes, factoring is easy if P=NP, because factoring is in NP. What I said is, we don't know whether it's NP-hard, and those two notions are quite different. Here are quick explanations from wikipedia:
NP:
Intuitively, NP is the set of all decision problems for which the instances where the answer is "yes" have efficiently verifiable proofs of the fact that the answer is indeed "yes".
NP-Hard:
NP-hard (non-deterministic polynomial-time hard), in computational complexity theory, is a class of problems that are, informally, "at least as hard as the hardest problems in NP"
While you did a good job at explaining the general relation between NP-hardness and cryptography, there are several factual errors in your message. First, there are many asymmetrical encryption algorithm that are not based on factorization: many are based on the discrete logarithm, and other hard problems are used in a few construction. Second, we don't know whether factoring is NP-hard and it is conjectured not to be NP-hard (which does not mean we think it's polynomial!).
Also, you seem to have missed the point of NP-harder or NP-completeness: if we can sole one NP-hard problem in polynomial time, then by definition this proves that P=NP and we can solve all NP problems in polynomial time. (A problem is said to be NP-complete if it is NP-hard, and it is itself in NP)
Same reason they delay DVD releases. The production companies are giving theater owners a chance to profit off the movies, otherwise people would just buy the DVD.
If this is actually their reasoning, they missed an important difference between movie theaters and radio: the movie experience is better in a theater than in my home, but the music experience is better with a CD than when listening to radio and ads.
It might just cost more time and money to implement an open format that it is to pay the fees.
But it has to be done only once.
If Google or Mozilla releases a nice Open Source browser with video support, and I want to add some feature for my personal needs, or to port it to some fancy hardware or Operating System, I don't need to reimplement the open video format. However if there are licensing fees involved, I will probably have to pay.
are there phone hard keyboards out there that provide key punctuation (pipe, backtick, tilde, square/curly/angle brackets) in no more than two keypresses?
If you go for a N900 you can reconfigure the keyboard any way you want with XKB. Using Fn+key and Shift+Fn+Key for different symbols you should be able to fit anything you need.
Most ISP sell you a broadband connection and punish you if you use it to the full capacity. But somehow they should be allowed to use the full capacity of their connection to the outside world, and therefore offer a crappy service?
You don't seem to have a very good knowledge of cryptography yourself... Good signature algorithms use both a hash and something asymmetric.
Most signature algorithms start with a hash of the original file, because signing a big document would require a lot of computations. This does not reduce the security of the signature, as long as you don't use a broken hash function (and even if your hash function is as broken as MD5, the impact in this kind of scenario would be quite limited). Note that it is actually necessary to do some some kind of preprocessing of the message because RSA has bad multiplicative properties.
BTW, I don't see any mention of the algorithm used by Canon in TFA but they mention a key and hash functions do not have a key, so they're not just hashing the picture (which would indeed by stupid).
Here is what Wikipedia says about the previous discovery of Unbibium by this the team:
In 2008, it was claimed to have been discovered in natural thorium samples[1] but that claim has now been dismissed by recent repetitions of the experiment using more accurate techniques.
People jump up and down and scream that SHA1 and MD5 are broken, but if properly used, they still offer significant password security. One trick is to use salts when storing passwords in the database.
Even, if you use a stupid password system by only hashing the password once without salt, you won't be affected by current attacks on MD5 or SHA-1.
The attack we have so far are only collision attack, and preimage attacks are still quite a long way (well, there is a 2^123 preimage attack on MD5 instead of the expected 2^128). And even preimage attacks wouldn't help you much, because they will most likely give you a random preimage, and there is a lot of them. You can use the random preimage to access the system, but it's not as valuable as the original password (if you have acces to the password file, the machine is probably compromised already, but the original password is probably used also in other system).
That being said, you should not use MD5 or SHA-1 because they are broken, and the weakness used in the collision attack might be usable for stronger attacks. So far they have a limited impact, but just don't use MD5 ans SHA-1 anymore, it's not worth it.
I think "able to brute-force thousands of passwords in an hour" qualifies as a weakness in SHA-1.
No it's a strength of SHA-1 to be fast.
If you want to design a system that resists stupid users with weak password, you can iterate the hash function a high number of times in you password system, but please keep the hash fucntion fast for other purposes. The best part is, that's actually what is done for the Linux/etc/passwd file. The MD5 scheme uses a thousand iteration of MD5 according to Wikipedia
This just shows one more time that SHA1 is deprecated — You really don't want to use it anymore.
No it doesn't show anything. Your "attack" would only have been marginally slower with SHA-2, because SHA-2 is a bit slower of SHA-1. You didn't exploit any weakness of SHA-1 in this brute-force attack.
What is it going to take for us to realize that the TSA is simply not effective?
Actually they are rather efficient: it's been quite a long time since someone blew up a plane. Most of the visible part of what they do is utterly useless (and I don't know about the non-visible part), but somehow, they have a pretty good track record.
The next terrorist should really smuggle a part of his bomb in his ass.
It doesn't matter whether he blows up the plane or not, but everybody will be afraid of flying after they add the next security measure to take care of this attempt...
You are right that the amount of physical damage is minimal, but actual physical damage is not the goal of terrorists: spreading the message is the goal, and the spreading of that message is greatly heightened by a dramatic delivery, such as the deaths of innocent people.
Security measures in airports also serve the terrorists. It is not dramatic but it reminds everybody of the possibility of a dramatic event. And it costs an awful lot of money and time.
That could be acceptable if it was effective, but the problem is that it's not. If I were a terrorist, I would just hide whatever material I need to destroy the plane inside my body: for instance, I could swallow it like drug-smugglers, or put it in my anus or vagina, or use fake breast implants. This will not be detected by those new fancy screeners.
Well, actually if I really were a terrorist, I would not try to a blow up a plane, because there are so many easier way to kill people in a dramatic way (like in a mall, and at the line in front of the security checks in an airport), but that only makes those measures even more stupid.
The fact that the new screeners are invasive is just the cherry on top of cake. The ban on liquids is just as stupid but it costs less time and money, and is less invasive, so it's reasonable to fight the screeners first.
Do you know single person having non-NATed computer for web browsing?
Most of the machines I use for browsing are non-NATed. My machine at the university has a public IP. My home machine also has a public IP, because I want to be able to use it as a server, and it's easier to have a single machine than two. Even my laptop gets a public IP when I use the hotspots of my ISP.
just like some are injecting bogus packets into eDonkey networks, as MD4 is not secure anymore
Do you have reference on that? I mean, the injection part, no the MD4 is broken part.
Since preimage attacks on MD4 are far from practical, you cannot inject bogus packet to infect a given file. You need to create a special file that exists in two versions: a legitimate one and a bogus one. Then you would have to get people to download you file, and now you can inject the bogus version. But I would be really surprised if someone was actually doing this: it's much easier and just as efficient to infect some file with a trojan and distibute it.
You need a really badly broken hash in order to be able to inject packets in a random file.
The efficiency of a radiant heater is essentially one, just like a convective heater. If you want something more efficient you have to use a heat pump.
In France, we have many flats with electric heaters (mostly convective), and in this situation incandescent light do not use more energy that energy-saving bulbs in winter. The extra energy creates heat, and that translates to less energy used by the heater.
You missed my point. I'm definitely not jealous of you for living in the US. The point is that in Europe we have more freedom and a better quality of living than you do (take a look at the democracy index, for instance). And you don't even seem to believe it possible, which is kind of sad.
Slashdot Mirror
This reminds me of the /bin/true shipped in Solaris: /bin/true
/* SVr4.0 1.4 */
bash-2.05$ cat
#!/usr/bin/sh
# Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T
# All Rights Reserved
# THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T
# The copyright notice above does not evidence any
# actual or intended publication of such source code.
#ident "@(#)true.sh 1.6 93/01/11 SMI"
bash-2.05$
Yep, the empty program is "UNPUBLISHED PROPRIETARY SOURCE CODE". It might explain why some proprietray confidential stuff are found in other projects...
Yes, factoring is easy if P=NP, because factoring is in NP. What I said is, we don't know whether it's NP-hard, and those two notions are quite different. Here are quick explanations from wikipedia:
NP: Intuitively, NP is the set of all decision problems for which the instances where the answer is "yes" have efficiently verifiable proofs of the fact that the answer is indeed "yes".
NP-Hard: NP-hard (non-deterministic polynomial-time hard), in computational complexity theory, is a class of problems that are, informally, "at least as hard as the hardest problems in NP"
While you did a good job at explaining the general relation between NP-hardness and cryptography, there are several factual errors in your message. First, there are many asymmetrical encryption algorithm that are not based on factorization: many are based on the discrete logarithm, and other hard problems are used in a few construction. Second, we don't know whether factoring is NP-hard and it is conjectured not to be NP-hard (which does not mean we think it's polynomial!).
Also, you seem to have missed the point of NP-harder or NP-completeness: if we can sole one NP-hard problem in polynomial time, then by definition this proves that P=NP and we can solve all NP problems in polynomial time. (A problem is said to be NP-complete if it is NP-hard, and it is itself in NP)
Same reason they delay DVD releases. The production companies are giving theater owners a chance to profit off the movies, otherwise people would just buy the DVD.
If this is actually their reasoning, they missed an important difference between movie theaters and radio: the movie experience is better in a theater than in my home, but the music experience is better with a CD than when listening to radio and ads.
Obviously iOS is much more secure than Android:
It might just cost more time and money to implement an open format that it is to pay the fees.
But it has to be done only once.
If Google or Mozilla releases a nice Open Source browser with video support, and I want to add some feature for my personal needs, or to port it to some fancy hardware or Operating System, I don't need to reimplement the open video format. However if there are licensing fees involved, I will probably have to pay.
are there phone hard keyboards out there that provide key punctuation (pipe, backtick, tilde, square/curly/angle brackets) in no more than two keypresses?
If you go for a N900 you can reconfigure the keyboard any way you want with XKB. Using Fn+key and Shift+Fn+Key for different symbols you should be able to fit anything you need.
Of course the most common passwords are weak, the strong passwords are unique...
Most ISP sell you a broadband connection and punish you if you use it to the full capacity. But somehow they should be allowed to use the full capacity of their connection to the outside world, and therefore offer a crappy service?
LOIC has been around for a long time. According to Wikipedia it was allready used for Operation Chanalogy, almost three years ago.
What you're missing is that those assets become much more valuation after they had been open sourced.
In particular, StarOffice bacame widespread only after it was open source and renamed OpenOffice.
You don't seem to have a very good knowledge of cryptography yourself... Good signature algorithms use both a hash and something asymmetric.
Most signature algorithms start with a hash of the original file, because signing a big document would require a lot of computations. This does not reduce the security of the signature, as long as you don't use a broken hash function (and even if your hash function is as broken as MD5, the impact in this kind of scenario would be quite limited). Note that it is actually necessary to do some some kind of preprocessing of the message because RSA has bad multiplicative properties.
BTW, I don't see any mention of the algorithm used by Canon in TFA but they mention a key and hash functions do not have a key, so they're not just hashing the picture (which would indeed by stupid).
In 2008, it was claimed to have been discovered in natural thorium samples[1] but that claim has now been dismissed by recent repetitions of the experiment using more accurate techniques.
People jump up and down and scream that SHA1 and MD5 are broken, but if properly used, they still offer significant password security. One trick is to use salts when storing passwords in the database.
Even, if you use a stupid password system by only hashing the password once without salt, you won't be affected by current attacks on MD5 or SHA-1.
The attack we have so far are only collision attack, and preimage attacks are still quite a long way (well, there is a 2^123 preimage attack on MD5 instead of the expected 2^128). And even preimage attacks wouldn't help you much, because they will most likely give you a random preimage, and there is a lot of them. You can use the random preimage to access the system, but it's not as valuable as the original password (if you have acces to the password file, the machine is probably compromised already, but the original password is probably used also in other system).
That being said, you should not use MD5 or SHA-1 because they are broken, and the weakness used in the collision attack might be usable for stronger attacks. So far they have a limited impact, but just don't use MD5 ans SHA-1 anymore, it's not worth it.
I think "able to brute-force thousands of passwords in an hour" qualifies as a weakness in SHA-1.
No it's a strength of SHA-1 to be fast.
If you want to design a system that resists stupid users with weak password, you can iterate the hash function a high number of times in you password system, but please keep the hash fucntion fast for other purposes. The best part is, that's actually what is done for the Linux /etc/passwd file. The MD5 scheme uses a thousand iteration of MD5 according to Wikipedia
This just shows one more time that SHA1 is deprecated — You really don't want to use it anymore.
No it doesn't show anything. Your "attack" would only have been marginally slower with SHA-2, because SHA-2 is a bit slower of SHA-1. You didn't exploit any weakness of SHA-1 in this brute-force attack.
What is it going to take for us to realize that the TSA is simply not effective?
Actually they are rather efficient: it's been quite a long time since someone blew up a plane. Most of the visible part of what they do is utterly useless (and I don't know about the non-visible part), but somehow, they have a pretty good track record.
The next terrorist should really smuggle a part of his bomb in his ass.
It doesn't matter whether he blows up the plane or not, but everybody will be afraid of flying after they add the next security measure to take care of this attempt...
You are right that the amount of physical damage is minimal, but actual physical damage is not the goal of terrorists: spreading the message is the goal, and the spreading of that message is greatly heightened by a dramatic delivery, such as the deaths of innocent people.
Security measures in airports also serve the terrorists. It is not dramatic but it reminds everybody of the possibility of a dramatic event. And it costs an awful lot of money and time.
That could be acceptable if it was effective, but the problem is that it's not. If I were a terrorist, I would just hide whatever material I need to destroy the plane inside my body: for instance, I could swallow it like drug-smugglers, or put it in my anus or vagina, or use fake breast implants. This will not be detected by those new fancy screeners.
Well, actually if I really were a terrorist, I would not try to a blow up a plane, because there are so many easier way to kill people in a dramatic way (like in a mall, and at the line in front of the security checks in an airport), but that only makes those measures even more stupid.
The fact that the new screeners are invasive is just the cherry on top of cake. The ban on liquids is just as stupid but it costs less time and money, and is less invasive, so it's reasonable to fight the screeners first.
Do you know single person having non-NATed computer for web browsing?
Most of the machines I use for browsing are non-NATed. My machine at the university has a public IP. My home machine also has a public IP, because I want to be able to use it as a server, and it's easier to have a single machine than two. Even my laptop gets a public IP when I use the hotspots of my ISP.
I hope they won't go the route of a lot of news sites and make stuff that should be text video.
Wikipedia is all about collaborative editing. As long as making a collaborative video is out of reach, they will stick to text.
just like some are injecting bogus packets into eDonkey networks, as MD4 is not secure anymore
Do you have reference on that? I mean, the injection part, no the MD4 is broken part.
Since preimage attacks on MD4 are far from practical, you cannot inject bogus packet to infect a given file. You need to create a special file that exists in two versions: a legitimate one and a bogus one. Then you would have to get people to download you file, and now you can inject the bogus version. But I would be really surprised if someone was actually doing this: it's much easier and just as efficient to infect some file with a trojan and distibute it.
You need a really badly broken hash in order to be able to inject packets in a random file.
The seasonality doesn't really rule out an external source. On Earth we have seasonal meteorite showers, I guess they could have the same on Mars.
The efficiency of a radiant heater is essentially one, just like a convective heater. If you want something more efficient you have to use a heat pump.
In France, we have many flats with electric heaters (mostly convective), and in this situation incandescent light do not use more energy that energy-saving bulbs in winter. The extra energy creates heat, and that translates to less energy used by the heater.
You missed my point. I'm definitely not jealous of you for living in the US. The point is that in Europe we have more freedom and a better quality of living than you do (take a look at the democracy index, for instance). And you don't even seem to believe it possible, which is kind of sad.