Interesting how you cite me on my lack of an apostrophe on what is starting to become an accepted (at least colloquialy) form, yet then cite me for "perscriptive grammar".
The sentence in question appeared as if it was written once, and then partially rewritten, but some parts of the earlier version remained. If it was pointed out to the author, I believe (or hope) they would have fixed it.
I re-read the paper, and realize there is more than one way to interpret a part of it. I'm looking, but until then don't trust what I just posted. I may be forced to mod myself -5 misread the fine paper.
MD5 and SHA-1 are both iterated hashes. They work by take one block, hash it, then use the output from that round as the IV for hashing the next. This allows a curious sort of failure:
The attack on MD5 worked independently from the initial state of the cipher, i.e., any arbitrary message could be prepended to the calculated collision, and the hashes would still collide. It doesn't matter what the text before the discovered collision block is. It could be anything (plus padding to make it to a multiple of the block length.)
This makes the break a much more serious problem than simply finding two completely random messages that happen to have the same hash. It's only a guess at the moment, but I assume the SHA-1 attack will work the same way. The brief findings mentioned using the same sort of attack, hopefully the results will be similar.
(Side note 1: The term used by every cryptographer i've ever encountered is "break". Feel free to use what you want, but don't claim that "break" is for some reason incorrect. If you want to argue about it, see my prior post on "Stealing" vs. "Copyright Infringement.")
(Side note 2: Even if one was going to brute force SHA-1, you would still get the same failure mode as described. When trying all the possible hashes, you would simply use the output of SHA1 of the nefarious file as the IV in the brute-force attack. Iterated hashes, in my very uneducated opinion, are on their way out. What they will be replaced with, however, I have no idea. )
Assuming the SHA-1 break is similar to the MD5 break, it would take about 56 hours to go from:
Please transfer $1,000,000 from account 123456789 to account 987654321
to
Please transfer $1,000,000 from account 987654321 to 123456789 CRUH(YI(L*GPIHcdpncxacn.dy4idpi98l(YD$L&Dl94,3x9lx 9(Y
MD5 and SHA-1 are both iterated hashes. The attack on MD5 worked independently from the initial state of the cipher, i.e., any arbitrary message could be prepended to the calculated collision, and the hashes would still collide. Which is a much more serious problem than simply finding two messages that happen to have the same hash. It's only a guess at the moment, but I assume the SHA-1 attack will work the same way, considering it was discovered by two of the people working on the MD4/5/RIPEMD attack.
"this daemon character seems cute from somebody's point of view, but somebody may think which does not suit for the professional products to indicate that are using the FreeBSD inside."
This was bound to come up in this thread. And again we're faced with these silly assertions that there is a "correct" word for doing, ahem, with music.
You can ask the dictionary what a word means (Guess how dictionaries are produced. People write them!), you can ask the supreme court (Have you ever read their bastardizations of technical terms in the opening pages of a ruling?), you can consult "common sense" (you mean those ideas that you know are right but don't know why?), but the only answer you will ever definitively get is that this fundamental idea of language:
A word means whatever people think it means.
Sorry, you can argue all you want about words you don't like, as many many people have done with words in the past (Johnathan Swift opposed the words "mob, operations, ambassadors, communications, preliminaries and banter"), but you will get nowhere. You make no useful point about the subject you're talking about, other than to present yourself as holier-than-thou, through your mastery of the English language that we could only hope to approach.
Language is often formed by analogy, and the most convenient analogy has won. When you complain about someone using the "wrong term" instead of actually refuting their argument, you only do harm to your own position.
Nothing to do with reason? I was simply reminding everyone that war involves death. You're also correct to point out that some number of people are still alive, but to express that as a coefficient of the number killed seems to link two very unrelated counts. If another person is killed in the war, does that mean that four more are saved? What exactly made you pick four anyways? Was it simply because it is greater than one?
Your extrapolation that I hate republicans and George Bush is, just that. I was pointing out a case of narrow-mindedness (believing or suggesting that saddam was the only victim of the war.) In reply, you present another example of profound narrow-mindedness, by suggesting that I hate George Bush because I realize that people died in the war. If only false dichotomies could die too.
I'm not trying to take anything away from anyone. I'm just trying to make sure people understand that there's a difference between Science and Photoshop.
The scientific validity of these pictures are pointless.
As long as everyone understands that, you're right. But i'm not so sure everyone understands that. Certain News Networks have a tendency to run wild with these pictures.
They probably also have a fraction of the scientific validity. Dealing with these images is not easy. I assure you the scientists who were working on the mission are just as anxious to look at the data they collected as these other people. But pretty pictures, which are about all these people have created, are crap for scientific purposes.
I've never dealt with images like they're using. And I won't. But I have dealt with astronomical spectroscopy, and I know that without the right calibration images, without knowing the details of the instrument, and the exact conditions of the exposure, your results are useless.
Will these images get by a peer-review journal? Not a chance in hell. Extracting meaning from these data is a challenging and long undertaking, and I sure don't trust a "casual astronomer" to do it.
Everyone (everyone educated, i mean) knew the world was round since say, at least a century or two BCE. You can see it in Dante's Divine Comedy. Pythagoras knew it. The myth that Columbus was the first to think the world was round was not propagated until the 1830's, by none other than Washington Irving (and some other french guy.) You can read about it yourself, http://id-www.ucsb.edu/fscf/library/RUSSELL/FlatEa rth.html
The other reply to this post is correct, most all astronomical color images are "false color" images. They could have different colors to indicate different light intensities, or they could be a composite of several images.
In the article, the pictures are just examples of planetary nebulas. They are not the actual images used in the paper. The research was done with spectroscopy, which doesn't make for a very attractive article. Spectroscopy is the bulk of what astronomers deal with anymore, and is far more useful than those pretty pictures. However, every once in a while, science needs to look more appealing than it really is, and false color images are how it's usually done.
(Side note: most CCD cameras used on telescopes can't distinguish color at all. Instead, they have to put filters before the CCD if they want only the blue light or only the red light. This is also the case with the mars rovers, and likely most other space probes. )
The Wang et al attack does not apply to passwords. Their attack applied to situations where the md5 input plaintext was known. Collisions are nowhere near common enough when using less than 16 character inputs to md5 to provide a feasible means of cracking passwords. Nobody has ever found a collision with under 128 bits of input, and the attacks in the article take considerably more than that.
Parent is well-founded. Good hashes, including MD5, are designed to create an "avalanche effect." When one bit changes in the file, it it supposed to change multiple bits in the hash output. Nobody has discovered an attack that avoids this avalanche effect.
The chance that random data changes defeated md5 is astronomical.
Your point "if there's any question about the electronic tally" implies that there are some way to say whether the electronic vote is sound or unsound.
That is of course wrong;
Did you even look at the subject line of the story you're supposed to be commenting on?
There is a far greater difference between Hungary and the Czech republic than there is between Oregon and Wisconsin. Yes, there are many countries in Europe. That's not an excuse not to know them though.
There is fiber on poles everywhere here. Almost every cable company has a decent ammount of fiber in the air going to the nodes, which are also in the air. Telephone companies use fiber on poles too. Sometimes it's just infeasable to get the right of way to lay fiber. Nearly every decent sized street around here has fiber on the poles. You can notice it by the little red or orange tags on the fiber at every pole, so nobody digs their gaffs into it.
And to reply to a reply to the parent post, fiber is more expensive to repair usually. Repairing fiber requires a special splice truck, with a fusion splicer in it, and trained (expensive) techs. There's probably only one fiber splice truck in a small town, probably less than 5 for a decent sized city. Repairing a high pair cable (assuming it's PIC) may take longer, but it can fixed by any outside plant tech.
The splicing costs for this project must be enormous.
For all those who haven't read Cryptonomicon: There's an event in the book where Stephenson explictly states that the second amendment is to permit revolution. That's why so many people felt the urge to reply to this.
Slashdot Mirror
I can't wait until the dupe of this story gets posted in a week!
Interesting how you cite me on my lack of an apostrophe on what is starting to become an accepted (at least colloquialy) form, yet then cite me for "perscriptive grammar".
The sentence in question appeared as if it was written once, and then partially rewritten, but some parts of the earlier version remained. If it was pointed out to the author, I believe (or hope) they would have fixed it.
The goal of this was to prove that one should read all EULAs, so that one can see if an app is spyware if it is buried in the EULA.
Is this sentence readable to anyone?
Please, proofread what you submit. Cause the slashdot "editors" sure aren't going to do it for you.
I re-read the paper, and realize there is more than one way to interpret a part of it. I'm looking, but until then don't trust what I just posted. I may be forced to mod myself -5 misread the fine paper.
HAH. That's the first times i've ever seen someone get their newspeak grammar corrected. I like it.
MD5 and SHA-1 are both iterated hashes. They work by take one block, hash it, then use the output from that round as the IV for hashing the next. This allows a curious sort of failure:
The attack on MD5 worked independently from the initial state of the cipher, i.e., any arbitrary message could be prepended to the calculated collision, and the hashes would still collide. It doesn't matter what the text before the discovered collision block is. It could be anything (plus padding to make it to a multiple of the block length.)
This makes the break a much more serious problem than simply finding two completely random messages that happen to have the same hash. It's only a guess at the moment, but I assume the SHA-1 attack will work the same way. The brief findings mentioned using the same sort of attack, hopefully the results will be similar.
(Side note 1: The term used by every cryptographer i've ever encountered is "break". Feel free to use what you want, but don't claim that "break" is for some reason incorrect. If you want to argue about it, see my prior post on "Stealing" vs. "Copyright Infringement.")
(Side note 2: Even if one was going to brute force SHA-1, you would still get the same failure mode as described. When trying all the possible hashes, you would simply use the output of SHA1 of the nefarious file as the IV in the brute-force attack. Iterated hashes, in my very uneducated opinion, are on their way out. What they will be replaced with, however, I have no idea. )
Assuming the SHA-1 break is similar to the MD5 break, it would take about 56 hours to go from:
x 9(Y
Please transfer $1,000,000 from account 123456789 to account 987654321
to
Please transfer $1,000,000 from account 987654321 to 123456789 CRUH(YI(L*GPIHcdpncxacn.dy4idpi98l(YD$L&Dl94,3x9l
MD5 and SHA-1 are both iterated hashes. The attack on MD5 worked independently from the initial state of the cipher, i.e., any arbitrary message could be prepended to the calculated collision, and the hashes would still collide. Which is a much more serious problem than simply finding two messages that happen to have the same hash. It's only a guess at the moment, but I assume the SHA-1 attack will work the same way, considering it was discovered by two of the people working on the MD4/5/RIPEMD attack.
Every farm i've ever seen has a tank of fuel (either diesel or gasoline) somewhere.
"this daemon character seems cute from somebody's point of view, but somebody may think which does not suit for the professional products to indicate that are using the FreeBSD inside."
Does this sentence make any sense to anyone?
This was bound to come up in this thread. And again we're faced with these silly assertions that there is a "correct" word for doing, ahem, with music.
You can ask the dictionary what a word means (Guess how dictionaries are produced. People write them!), you can ask the supreme court (Have you ever read their bastardizations of technical terms in the opening pages of a ruling?), you can consult "common sense" (you mean those ideas that you know are right but don't know why?), but the only answer you will ever definitively get is that this fundamental idea of language:
A word means whatever people think it means.
Sorry, you can argue all you want about words you don't like, as many many people have done with words in the past (Johnathan Swift opposed the words "mob, operations, ambassadors, communications, preliminaries and banter"), but you will get nowhere. You make no useful point about the subject you're talking about, other than to present yourself as holier-than-thou, through your mastery of the English language that we could only hope to approach.
Language is often formed by analogy, and the most convenient analogy has won. When you complain about someone using the "wrong term" instead of actually refuting their argument, you only do harm to your own position.
Nothing to do with reason? I was simply reminding everyone that war involves death. You're also correct to point out that some number of people are still alive, but to express that as a coefficient of the number killed seems to link two very unrelated counts. If another person is killed in the war, does that mean that four more are saved? What exactly made you pick four anyways? Was it simply because it is greater than one?
Your extrapolation that I hate republicans and George Bush is, just that. I was pointing out a case of narrow-mindedness (believing or suggesting that saddam was the only victim of the war.) In reply, you present another example of profound narrow-mindedness, by suggesting that I hate George Bush because I realize that people died in the war. If only false dichotomies could die too.
And N people are dead.
(You fill in the N. Pick between 1,475 and 100,000.)
I'm not trying to take anything away from anyone. I'm just trying to make sure people understand that there's a difference between Science and Photoshop.
The scientific validity of these pictures are pointless.
As long as everyone understands that, you're right. But i'm not so sure everyone understands that.
Certain News Networks have a tendency to run wild with these pictures.
They probably also have a fraction of the scientific validity. Dealing with these images is not easy. I assure you the scientists who were working on the mission are just as anxious to look at the data they collected as these other people. But pretty pictures, which are about all these people have created, are crap for scientific purposes.
I've never dealt with images like they're using. And I won't. But I have dealt with astronomical spectroscopy, and I know that without the right calibration images, without knowing the details of the instrument, and the exact conditions of the exposure, your results are useless.
Will these images get by a peer-review journal? Not a chance in hell. Extracting meaning from these data is a challenging and long undertaking, and I sure don't trust a "casual astronomer" to do it.
Everyone (everyone educated, i mean) knew the world was round since say, at least a century or two BCE. You can see it in Dante's Divine Comedy. Pythagoras knew it. The myth that Columbus was the first to think the world was round was not propagated until the 1830's, by none other than Washington Irving (and some other french guy.) You can read about it yourself, http://id-www.ucsb.edu/fscf/library/RUSSELL/FlatEa rth.html
The other reply to this post is correct, most all astronomical color images are "false color" images. They could have different colors to indicate different light intensities, or they could be a composite of several images.
In the article, the pictures are just examples of planetary nebulas. They are not the actual images used in the paper. The research was done with spectroscopy, which doesn't make for a very attractive article. Spectroscopy is the bulk of what astronomers deal with anymore, and is far more useful than those pretty pictures. However, every once in a while, science needs to look more appealing than it really is, and false color images are how it's usually done.
(Side note: most CCD cameras used on telescopes can't distinguish color at all. Instead, they have to put filters before the CCD if they want only the blue light or only the red light. This is also the case with the mars rovers, and likely most other space probes. )
The Wang et al attack does not apply to passwords. Their attack applied to situations where the md5 input plaintext was known. Collisions are nowhere near common enough when using less than 16 character inputs to md5 to provide a feasible means of cracking passwords. Nobody has ever found a collision with under 128 bits of input, and the attacks in the article take considerably more than that.
Parent is well-founded. Good hashes, including MD5, are designed to create an "avalanche effect." When one bit changes in the file, it it supposed to change multiple bits in the hash output. Nobody has discovered an attack that avoids this avalanche effect.
The chance that random data changes defeated md5 is astronomical.
Your point "if there's any question about the electronic tally" implies that there are some way to say whether the electronic vote is sound or unsound.
That is of course wrong;
Did you even look at the subject line of the story you're supposed to be commenting on?
Europe is not analogous to the US.
There is a far greater difference between Hungary and the Czech republic than there is between Oregon and Wisconsin. Yes, there are many countries in Europe. That's not an excuse not to know them though.
There is fiber on poles everywhere here. Almost every cable company has a decent ammount of fiber in the air going to the nodes, which are also in the air. Telephone companies use fiber on poles too. Sometimes it's just infeasable to get the right of way to lay fiber. Nearly every decent sized street around here has fiber on the poles. You can notice it by the little red or orange tags on the fiber at every pole, so nobody digs their gaffs into it.
And to reply to a reply to the parent post, fiber is more expensive to repair usually. Repairing fiber requires a special splice truck, with a fusion splicer in it, and trained (expensive) techs. There's probably only one fiber splice truck in a small town, probably less than 5 for a decent sized city. Repairing a high pair cable (assuming it's PIC) may take longer, but it can fixed by any outside plant tech.
The splicing costs for this project must be enormous.
Wow, all I can say is wow.
That's some of the best writing in a slashdot comment I've ever seen. Truely excellent.
For all those who haven't read Cryptonomicon: There's an event in the book where Stephenson explictly states that the second amendment is to permit revolution. That's why so many people felt the urge to reply to this.
... and a drag on all manuvering done in space.
There's an air in space museum.