I recall an interview with Will Wright some time ago where he stated that a Linux port of Sims Online was technically impossible because, IIRC, the level of synchronization required between the client and the server could not be achieved if they were running on different OSes.
It doesn't appear to be the case that the Sims Online is actually going to be ported to the PS2 (see previous comments), but if news like this ever becomes official, I would like to see an accompanying comment of how they overcame the synchronization difficulties.
I can't find the original interview anywhere, so I could be mistaken. If you can find it, let me know.
The original Lucifer key size was 128-bits, but who's counting? I didn't mention this previously, since it really doesn't have anything to do with a trap door, though it is worthy of speculation. I've always assumed it was to keep speed up and the cost of hardware implementations down since, afterall, this was intended for widespread non-military use.
The record for brute forcing DES is, IIRC, 22 hours and 15 minutes (this was done in some RSA challenge or other), and at that, only recently. I personally feel that it is highly unlikely that the NSA had the facilities to crack the algorithm in any useful amount of time back in the 1970s when the system was adopted. But this isn't the point, either.
Any algorithm can be brute forced. DES uses small keys, so brute forcing it really isn't that hard, which is it's main weakness today. Modern algorithms (like most of the AES finalists) use (or have the ability to use) stronger keys. A true "backdoor" in a cryptosystem would secretly weaken the algorithm to make it many, many times easier to find the key than brute force. Special S-boxes could accomplish this. Something in the algorithm that canceled out most of the key, reducing the effective key length. Something in the algorithm that left traces of the plain text in an easily extractable form in the cipher text. Those are backdoors.
Some conspiracy theorists already claim that DES has a backdoor, even though there is no public evidence to support the theory and lots to suggest otherwise.
When DES was invented (by IBM, IIRC) and the government wanted to adopt it as a standard, the NSA took a look at it and changed around the S-boxes (where S, I believe, is for Substitution) for the version that is actually used. They offered no description of how they created their S-boxes or what features they offered that the other ones didn't, etc.
One possible explanation is that the NSA added a backdoor into DES that secretly weakened it some how (e.g., the ciphertext provides information about the key to make an exhaustive key search several orders of magnitude quicker) to the point where they could decrypt a document without necessarily knowing the key ahead of time with a reasonable amount of effort.
There is no public information about successful cryptanalysis of a full (16 round?) version of DES. That is, if such a backdoor exists, and if someone has found it, it's all very hush hush.
The concept of backdoors in cryptosystems is really very messy. It depends way too much on keeping crucial information about the cryptosystem secret. Chances are, if you disclose enough details to implement a cryptosystem and say it has a backdoor, people (good and bad) are going to find it*. If you don't provide information on how it works, it can really only be implemented in "tamper-proof hardware" (a concept almost as flakey as cryptosystems with backdoors), since any software implementation could be disassembled.
To answer your second question, they really can't (as I assume you suspected). So, if the sniffers found some data they couldn't decrypt, they would have to assume it is either, as you said, random data, or data encrypted with an outlawed (read "aparently secure") cryptosystem. In both cases, the sender must be trying to hide something from the government, and is therefore a threat and should be dealt with accordingly. Simple as that.
For anyone who missed it, the current call is for a global ban on strong crypto, not a national one. And in this case "global" means really global, not a "World Series" kind of global.
The next few weeks/months/years will potentially be filled with events and ideas, like this, that change the world we live in. I'm not afraid for our generation. Most of us know what freedom is like, and I really don't think it's something that can be taken away no matter how hard they try. But our unborn children and grandchildren don't. I don't want them living in a world where freedom and privacy are anything other than fundamental rights. I'm currently optimistic; I just hope that's not misplaced.
* And if DES does have a backdoor and no one has found it, then the NSA deserves a pat on the back because they've stumped us all!:)
What you're missing is that it's more than just personal information being protected, it's your IP.
If I recall correctly, the way it works is that you have a local software proxy (box #1) that encrypts all internet traffic and sends it to a ZK server (box #2) that doesn't know how to decrypt your traffic, but it knows who you are, then it sends your request to another ZK server (box #3) that doesn't know who you are, but knows how to decrypt your traffic and send it on to its intended recipient.
When the reply comes, box #3 encrypts it and sends it back to box #2 (who can't decrypt it, but knows where box #1 is) who sends it back to box #1 that decrypts it and passes it along to the program owning the socket.
I'm sure I've missed something here, but the idea is that nobody who knows what you're doing on the internet knows who you are, and nobody that knows who you are knows what you're doing. Hence, privacy.
I think I'm being punished by laziness here. I've been interested in their product since I discovered it at OLS last year. Never got around to buying it, and now I can't. Bummer. Canadian company and everything...
The information in my digital safe deposit box is organized into a collection of sub-boxes. Each
sub-box contains related information (e.g., a financial information sub-box, a health information sub-box, etc.). Also, each sub-box is encrypted with a different key that I choose.
If I want to give, for example, my mortgage brokers access to my financial information, I tell them which sub-box they can find that in, and the key for the sub-box.
This obviously isn't the most convenient system from a key-management perspective. You also have to trust your mortgage brokers not to let your key out. But would it, otherwise, work?
Aside: it'd be nice to have a log of anyone who accessed that information, much like the credit bureau holds. Ever seen a print out of your credit history? Fascinating stuff, I tell you.
What makes a passphrase like that so good? IMHO, any password that can't be grabbed by a dictionary attack is hard enough to crack that you may aswell dive straight into the fixed length binary key space of the hashed secret that is actually used. Am I wrong, or just naïve?
This must not be the case of companies in the Waterloo region. All the résumés I sent were PDFs rendered from a LaTeX document. I only had one response asking me to resend the resume in Word format, ironically from Spicer, who have a product that can display just about any document...
LaTeX's strength is the beauty of its output. It's not that simple or easy to use or anything (it's not that difficult, either). But it is very flexible, very powerful, and looks gorgeous when printed.
Producing such nice output isn't easy. It can take minutes to render a large document from source to the final output. This is not good for the web.
Finally, LaTeX was designed for printed output. Bringing it to the web would require something so different that it wouldn't be LaTeX anymore.
BTW, I produced a half decent résumé in LaTeX (got me 3 interviews and 3 job offers, each interviewer mentioned that it stood out from the pack). If anyone wants the source, send me an email.
My boss has implemented this concept of core hours for me (I say "for me" because I am my company's only employee. The other 3 are the owners and my bossi.). I think it's a happy comprimise.
Essentially, I have to be in the office from 10:30 to 2:30 everyday (all meetings are conveniently scheduled in that time). So half my hours are fixed, the other half (or... well... three fifths, really) are flex.
It keeps everyone happy here, but, like I said, I'm the only one in the position to complain.:)
So do the Linux, commercial Unix, and Windows versions share any code?
How is this effected by the GPL? Can a company, who owns all copyrights to GPLed product A and closed source product B take code from product A (which they own) and put it in product B (which they also own)?
Slashdot Mirror
I recall an interview with Will Wright some time ago where he stated that a Linux port of Sims Online was technically impossible because, IIRC, the level of synchronization required between the client and the server could not be achieved if they were running on different OSes.
It doesn't appear to be the case that the Sims Online is actually going to be ported to the PS2 (see previous comments), but if news like this ever becomes official, I would like to see an accompanying comment of how they overcame the synchronization difficulties.
I can't find the original interview anywhere, so I could be mistaken. If you can find it, let me know.
The original Lucifer key size was 128-bits, but who's counting? I didn't mention this previously, since it really doesn't have anything to do with a trap door, though it is worthy of speculation. I've always assumed it was to keep speed up and the cost of hardware implementations down since, afterall, this was intended for widespread non-military use.
The record for brute forcing DES is, IIRC, 22 hours and 15 minutes (this was done in some RSA challenge or other), and at that, only recently. I personally feel that it is highly unlikely that the NSA had the facilities to crack the algorithm in any useful amount of time back in the 1970s when the system was adopted. But this isn't the point, either.
Any algorithm can be brute forced. DES uses small keys, so brute forcing it really isn't that hard, which is it's main weakness today. Modern algorithms (like most of the AES finalists) use (or have the ability to use) stronger keys. A true "backdoor" in a cryptosystem would secretly weaken the algorithm to make it many, many times easier to find the key than brute force. Special S-boxes could accomplish this. Something in the algorithm that canceled out most of the key, reducing the effective key length. Something in the algorithm that left traces of the plain text in an easily extractable form in the cipher text. Those are backdoors.
Some conspiracy theorists already claim that DES has a backdoor, even though there is no public evidence to support the theory and lots to suggest otherwise.
When DES was invented (by IBM, IIRC) and the government wanted to adopt it as a standard, the NSA took a look at it and changed around the S-boxes (where S, I believe, is for Substitution) for the version that is actually used. They offered no description of how they created their S-boxes or what features they offered that the other ones didn't, etc.
One possible explanation is that the NSA added a backdoor into DES that secretly weakened it some how (e.g., the ciphertext provides information about the key to make an exhaustive key search several orders of magnitude quicker) to the point where they could decrypt a document without necessarily knowing the key ahead of time with a reasonable amount of effort.
There is no public information about successful cryptanalysis of a full (16 round?) version of DES. That is, if such a backdoor exists, and if someone has found it, it's all very hush hush.
The concept of backdoors in cryptosystems is really very messy. It depends way too much on keeping crucial information about the cryptosystem secret. Chances are, if you disclose enough details to implement a cryptosystem and say it has a backdoor, people (good and bad) are going to find it*. If you don't provide information on how it works, it can really only be implemented in "tamper-proof hardware" (a concept almost as flakey as cryptosystems with backdoors), since any software implementation could be disassembled.
To answer your second question, they really can't (as I assume you suspected). So, if the sniffers found some data they couldn't decrypt, they would have to assume it is either, as you said, random data, or data encrypted with an outlawed (read "aparently secure") cryptosystem. In both cases, the sender must be trying to hide something from the government, and is therefore a threat and should be dealt with accordingly. Simple as that.
For anyone who missed it, the current call is for a global ban on strong crypto, not a national one. And in this case "global" means really global, not a "World Series" kind of global.
The next few weeks/months/years will potentially be filled with events and ideas, like this, that change the world we live in. I'm not afraid for our generation. Most of us know what freedom is like, and I really don't think it's something that can be taken away no matter how hard they try. But our unborn children and grandchildren don't. I don't want them living in a world where freedom and privacy are anything other than fundamental rights. I'm currently optimistic; I just hope that's not misplaced.
* And if DES does have a backdoor and no one has found it, then the NSA deserves a pat on the back because they've stumped us all! :)
What you're missing is that it's more than just personal information being protected, it's your IP.
If I recall correctly, the way it works is that you have a local software proxy (box #1) that encrypts all internet traffic and sends it to a ZK server (box #2) that doesn't know how to decrypt your traffic, but it knows who you are, then it sends your request to another ZK server (box #3) that doesn't know who you are, but knows how to decrypt your traffic and send it on to its intended recipient.
When the reply comes, box #3 encrypts it and sends it back to box #2 (who can't decrypt it, but knows where box #1 is) who sends it back to box #1 that decrypts it and passes it along to the program owning the socket.
I'm sure I've missed something here, but the idea is that nobody who knows what you're doing on the internet knows who you are, and nobody that knows who you are knows what you're doing. Hence, privacy.
I think I'm being punished by laziness here. I've been interested in their product since I discovered it at OLS last year. Never got around to buying it, and now I can't. Bummer. Canadian company and everything...
Maybe that "this service is unavailable to kids under 13" warning when the Windows ICQ client pops up aren't so stupid after all...
On second thought, this is absolutely no better than if I held the information myself. Nevermind.
The information in my digital safe deposit box is organized into a collection of sub-boxes. Each sub-box contains related information (e.g., a financial information sub-box, a health information sub-box, etc.). Also, each sub-box is encrypted with a different key that I choose.
If I want to give, for example, my mortgage brokers access to my financial information, I tell them which sub-box they can find that in, and the key for the sub-box.
This obviously isn't the most convenient system from a key-management perspective. You also have to trust your mortgage brokers not to let your key out. But would it, otherwise, work?
Aside: it'd be nice to have a log of anyone who accessed that information, much like the credit bureau holds. Ever seen a print out of your credit history? Fascinating stuff, I tell you.
No one ever said security was free...
What makes a passphrase like that so good? IMHO, any password that can't be grabbed by a dictionary attack is hard enough to crack that you may aswell dive straight into the fixed length binary key space of the hashed secret that is actually used. Am I wrong, or just naïve?
Hrm... sounds familiar...
This must not be the case of companies in the Waterloo region. All the résumés I sent were PDFs rendered from a LaTeX document. I only had one response asking me to resend the resume in Word format, ironically from Spicer, who have a product that can display just about any document...
LaTeX's strength is the beauty of its output. It's not that simple or easy to use or anything (it's not that difficult, either). But it is very flexible, very powerful, and looks gorgeous when printed.
Producing such nice output isn't easy. It can take minutes to render a large document from source to the final output. This is not good for the web.
Finally, LaTeX was designed for printed output. Bringing it to the web would require something so different that it wouldn't be LaTeX anymore.
BTW, I produced a half decent résumé in LaTeX (got me 3 interviews and 3 job offers, each interviewer mentioned that it stood out from the pack). If anyone wants the source, send me an email.
My boss has implemented this concept of core hours for me (I say "for me" because I am my company's only employee. The other 3 are the owners and my bossi.). I think it's a happy comprimise. Essentially, I have to be in the office from 10:30 to 2:30 everyday (all meetings are conveniently scheduled in that time). So half my hours are fixed, the other half (or... well... three fifths, really) are flex. It keeps everyone happy here, but, like I said, I'm the only one in the position to complain. :)
Yeah, but are they giving away free posters? I don't think so...
So do the Linux, commercial Unix, and Windows versions share any code? How is this effected by the GPL? Can a company, who owns all copyrights to GPLed product A and closed source product B take code from product A (which they own) and put it in product B (which they also own)?
My mom's vacationing there right now. Not that this is of interest to anyone. I just thought it to be an interesting coincidence.