Okay, lets talk about the portrayal of men in the media then. That would be constructive and I'm sure any sane feminist would welcome it. It is not a counter to legitimate claims of sexism to say "oh, but men are sometimes objectified too." We don't have a finite budget for fixing social injustice, lets hash it all out while we're getting to it.
I'll admit that there are a lot of prison rapes, but I'm pretty sure that statement (majority) still isn't true. I don't think anyone ignores that though, it is taken very seriously. It isn't women raping these men anyway, so focusing on reducing the number of male rapists fixes both situations.
Nice derailing. The reason we don't speak out about it is that, comparatively, it is incredibly rare. That's like saying, "why don't we spend an equal amount of money on cancer research and curing the ebola virus."
Yes but related-key is a really weird model which doesn't apply to most use cases. The only thing I have heard of where it might work is if you are using AES in hash function mode, which is incredibly rare.
That would only make sense if you think the NSA is unfathomably arrogant. If they have a way to break ECC, then they have to admit that someone else might be able to break it too. Recommending that every other government agency use a broken system to encrypt their potentially valuable information would be ridiculous.
Where are you getting this? AES256 is still AES, as demonstrated by the fact that the only known attack against AES works for all key sizes. It also reduces from 128 bits to about 126 bits, not 110.
Nobody knows how it was encrypted, maybe it was a zip file with a password that they broke? If they had decrypted an AES file with a random key, we would know about it.
What are you talking about, the s-boxes have to be public in order for people to implement the algorithm. Everything about it is public. What I think you are alluding to is the fact that the motivation behind the setting of certain s-box values was not made public. It was later found out that the NSA purposefully chose those values so that DES was resistant to differential cryptanalysis, a concept which was not known to the academic community at the time. They made the cipher stronger on purpose.
How do you think you fill the 2^50 bits in the first place? Time-space tradeoffs are only good for reducing the complexity of repeated attacks on different ciphertexts, and they don't even work against the ciphers I am talking about because correct use implies an IV and a secure mode of operation like CBC.
Note that no-one has been able to prove there are no efficient solutions to integer factorisation or discrete logs - maybe the reason those proofs is so elusive is because it doesn't exist.
That's because it's impossible to prove such a statement without also proving that P != NP. There is very little hope in constructively showing the difficulty of these problems, we just say "smart people have been working on integer factorization for thousands of years and they haven't figured out a way to do it, so we can trust it for now." It's not foolproof, but it's the best we can do.
No, no and no. It would take a SIGNIFICANT theoretical break on encryptions to bring them within the realm of brute force capability. Even 80 bits of security is considered well outside of the reach of existing machines, and AES has at least 128 bits. Remember, every bit doubles the amount of time it takes to brute force. It would take all the computers in the world billions of years to brute force one key.
I don't know that it is necessarily true, but I wouldn't bet my life that they don't have a backdoor on at least one root CA. Remember, you don't need all of them, just one can do a lot of damage.
I believe the "working with industries to install backdoors" part, but the cracking internet standards encryption? Nope. The report doesn't even say what they are supposed to have cracked, only some nebulous "widely used internet encryption". Do they have a ton of computation power? Yes. Do they have some magical break on AES that no one in academia knows about or can even fathom? No. Just some FUD.
As fas as lesson plans changing, that is BS. Every few years there is a new trend in teaching, or something mandated by the government (i.e. common core) that requires a complete rehaul of the curriculum. I have seen it again and again. Also, depending on your subject, it could just naturally change year to year. In our district, for instance, English teachers have different books to teach almost every year, requiring completely new lesson plans.
Sorry to reply again, but I just wanted to point out that various forms of the MiTM attack have been used to attack block ciphers because you can view them as a large network of smaller components. You can come from both ends and "meet in the middle" of the cipher to gain advantage sometimes. This is how AES was first broken.
Pretty sure what they are saying here is that having a lot of Shannon entropy in your key is not enough for security. The paper seems to be deliberately obtuse though, which is really annoying. I am a cryptographer and it doesn't make a whole lot of sense to me right away. They note that if you draw a word from some stochastic process then the difficulty in guessing that word may not be very high, even if the entropy is high. This is completely intuitive and known.
Imagine you have an algorithm that generates an n-bit secret key. First, it flips a random bit b. If b = 0, then it just outputs a string of n zeroes as the key. If b = 1, then it outputs n random bits. The entropy of this process is n bits, which seems good, but cryptographically it is terrible because half the time it just uses a fixed key of all zeroes. Instead of Shannon entropy, cryptographers uses a different form called min entropy which is inversely proportional to the most likely event. So in the above case, the min entropy would only be one bit, which properly reflects how bad that algorithm is.
It's late, and I might be missing something, but it doesn't seem like anything that wasn't known before. Particularly, they talk about distributions with high entropy but which are not uniform, and in cryptography you always assume you have uniform randomness. It has been known for quite a while that many things are not even possible without uniform randomness. For instance, it is known that encryption cannot be done without uniform randomness.
Slashdot Mirror
Okay, lets talk about the portrayal of men in the media then. That would be constructive and I'm sure any sane feminist would welcome it. It is not a counter to legitimate claims of sexism to say "oh, but men are sometimes objectified too." We don't have a finite budget for fixing social injustice, lets hash it all out while we're getting to it.
I'll admit that there are a lot of prison rapes, but I'm pretty sure that statement (majority) still isn't true. I don't think anyone ignores that though, it is taken very seriously. It isn't women raping these men anyway, so focusing on reducing the number of male rapists fixes both situations.
Nice derailing. The reason we don't speak out about it is that, comparatively, it is incredibly rare. That's like saying, "why don't we spend an equal amount of money on cancer research and curing the ebola virus."
Yes but related-key is a really weird model which doesn't apply to most use cases. The only thing I have heard of where it might work is if you are using AES in hash function mode, which is incredibly rare.
That would only make sense if you think the NSA is unfathomably arrogant. If they have a way to break ECC, then they have to admit that someone else might be able to break it too. Recommending that every other government agency use a broken system to encrypt their potentially valuable information would be ridiculous.
Not sure where you're getting that from. It currently has about 252 bits of security under the best known theoretical attack.
Where are you getting this? AES256 is still AES, as demonstrated by the fact that the only known attack against AES works for all key sizes. It also reduces from 128 bits to about 126 bits, not 110.
You have taken all the complexity and hidden it behind the word "reciprocal" without explaining anything. All you did is reword the sentence.
Nobody knows how it was encrypted, maybe it was a zip file with a password that they broke? If they had decrypted an AES file with a random key, we would know about it.
What are you talking about, the s-boxes have to be public in order for people to implement the algorithm. Everything about it is public. What I think you are alluding to is the fact that the motivation behind the setting of certain s-box values was not made public. It was later found out that the NSA purposefully chose those values so that DES was resistant to differential cryptanalysis, a concept which was not known to the academic community at the time. They made the cipher stronger on purpose.
How do you think you fill the 2^50 bits in the first place? Time-space tradeoffs are only good for reducing the complexity of repeated attacks on different ciphertexts, and they don't even work against the ciphers I am talking about because correct use implies an IV and a secure mode of operation like CBC.
Note that no-one has been able to prove there are no efficient solutions to integer factorisation or discrete logs - maybe the reason those proofs is so elusive is because it doesn't exist.
That's because it's impossible to prove such a statement without also proving that P != NP. There is very little hope in constructively showing the difficulty of these problems, we just say "smart people have been working on integer factorization for thousands of years and they haven't figured out a way to do it, so we can trust it for now." It's not foolproof, but it's the best we can do.
No, no and no. It would take a SIGNIFICANT theoretical break on encryptions to bring them within the realm of brute force capability. Even 80 bits of security is considered well outside of the reach of existing machines, and AES has at least 128 bits. Remember, every bit doubles the amount of time it takes to brute force. It would take all the computers in the world billions of years to brute force one key.
I don't know that it is necessarily true, but I wouldn't bet my life that they don't have a backdoor on at least one root CA. Remember, you don't need all of them, just one can do a lot of damage.
That's why I said I believe that part. What I don't believe is that they have cracked any widely used standard protocols like the article implies.
I believe the "working with industries to install backdoors" part, but the cracking internet standards encryption? Nope. The report doesn't even say what they are supposed to have cracked, only some nebulous "widely used internet encryption". Do they have a ton of computation power? Yes. Do they have some magical break on AES that no one in academia knows about or can even fathom? No. Just some FUD.
Congratulations on explaining absolutely nothing.
As fas as lesson plans changing, that is BS. Every few years there is a new trend in teaching, or something mandated by the government (i.e. common core) that requires a complete rehaul of the curriculum. I have seen it again and again. Also, depending on your subject, it could just naturally change year to year. In our district, for instance, English teachers have different books to teach almost every year, requiring completely new lesson plans.
Sorry to reply again, but I just wanted to point out that various forms of the MiTM attack have been used to attack block ciphers because you can view them as a large network of smaller components. You can come from both ends and "meet in the middle" of the cipher to gain advantage sometimes. This is how AES was first broken.
Umm... no. It applies to any two encryption methods. I don't know why you would think it has to be the same cipher twice.
Whoops yeah, my bad.
This is a widely held misconception. Double encryption is not significantly stronger than single encryption due to the meet-in-the-middle attack.
Pretty sure what they are saying here is that having a lot of Shannon entropy in your key is not enough for security. The paper seems to be deliberately obtuse though, which is really annoying. I am a cryptographer and it doesn't make a whole lot of sense to me right away. They note that if you draw a word from some stochastic process then the difficulty in guessing that word may not be very high, even if the entropy is high. This is completely intuitive and known.
Imagine you have an algorithm that generates an n-bit secret key. First, it flips a random bit b. If b = 0, then it just outputs a string of n zeroes as the key. If b = 1, then it outputs n random bits. The entropy of this process is n bits, which seems good, but cryptographically it is terrible because half the time it just uses a fixed key of all zeroes. Instead of Shannon entropy, cryptographers uses a different form called min entropy which is inversely proportional to the most likely event. So in the above case, the min entropy would only be one bit, which properly reflects how bad that algorithm is.
It's late, and I might be missing something, but it doesn't seem like anything that wasn't known before. Particularly, they talk about distributions with high entropy but which are not uniform, and in cryptography you always assume you have uniform randomness. It has been known for quite a while that many things are not even possible without uniform randomness. For instance, it is known that encryption cannot be done without uniform randomness.
This is a widely held misconception. Double encryption is not significantly stronger than single encryption due to the meet-in-the-middle attack.
What structural problems?