Yes, but unfortunately we don't have a super great interoperable way to exchange those GPS coordinates right now. We do have lots of ways to exchange words. This bridges that gap.
Queue all the people complaining about how this is stupid and they will never use it. News flash: just because something isn't useful to you doesn't mean it has no value. There are lots of people in the world and, believe it or not, most of them are not you. If you can't think of how this could be useful, you are either stupid or being deliberately obtuse.
Because most people can't remember a long string of numbers but they can easily remember three english words. It is the same reason people don't carry around 128-bit AES keys in their head, even though it would make for much better security.
This is some of the most sexist bullshit I've ever seen on Slashdot, and that is saying something. Why don't we equally discount businesses having to do with sports, car enthusiasts, video games, power tools and tech gadgets? A business is a business, and if they are making money then it counts. Just because it is a traditionally "female issue" doesn't make it any less useful to society. Guess what? Half of consumers are female, and they vote with their wallets what is important to them.
I am teaching a graduate course for the first time this summer and I can say that is absolutely true for me. I "knew" the material before, but I realized that until I had to get in front of student and actually teach it, I hadn't completely absorbed and understood it on an intuitive level. Their assignment for the final project is to pick an advanced topic and give a lecture on it to the rest of the class. I didn't bother with quizzes or midterms, I figure if you can get in front of other students and explain a new concept to them, then you have learned exactly what I wanted to teach.
Math is the easiest subject there is. We created math because we couldn't deal with all the complicated edge cases of reality. Instead we imagine a perfect world in our heads where we know all the axioms and rules and are free to play around without all the mucky details of the real world.
The equivalent in email is self-signed SMIME certificates or PGP without a key server. I would argue that PGP is just as easy to set up and use in every major email client.
Unless you are using an out of band channel to compare public key fingerprints, it is not "just working" and you are vulnerable to a man in the middle attack. It has the same problem as secure mail, only people ignore it.
1) Trust the network
2) Have a shared secret between the users or
3) Have an out of band channel to compare public key fingerprints
Now, this service is probably going to use the same (or a similar) protocol but fall under category 1 by distributing everyone's public keys. If you trust them to give you the correct key then the system can be secure.
What does uploading your own public key do to help? You are still at the mercy of your local SMTP server for mail you send. Also, a large number of emails are from Gmail to Gmail and only an end-to-end solution can help at all in that case.
Except most people have only one address so that acts as their "identity". Also, what world do you live in where you can buy something with a credit card and not give them your name?
I know you're trying to plug your thing here, but what you are saying is just naive. People use credit cards on the internet, you can't just magic that away with bitcoins or something. At least not yet. The technology isn't there. Do you suggest never using a credit card in real life? Or never telling anyone your name? At that point it is public information right?
That has nothing to do with the problem. We are already assuming that the companies have personal data, they just want to encrypt it to prevent third parties from obtaining it. The problem is that you need to decrypt the data at some point in order to make use of it, so the key must sometimes intersect with the data. Where do you keep it so that someone who gets the data won't also get the key?
What is your point exactly? 2^126 is still massively infeasible, and it only applies to a reduced round version. In fact, since a year or two ago, full-round AES is also subject to a 1-2 bit break. That means that IDEA is at least as secure as AES.
Pretty sure their argument was that it harmed a group of people out of spite and did not benefit anyone. They were saying essentially that you can't make a law punishing a minority for no reason.
Actually the one-time pad doesn't work super well for things like that. If you observe the challenge number and the response (challenge combined with key) then you can trivially retrieve the key, since all three things are linearly related. You actually need something somewhat "stronger" than the one-time pad: a random permutation. Unfortunately, the key space for a random permutation is doubly exponential in the size (compared to singly exponential with OTP) so it is even less practical. In real life, block ciphers are made to approximate random permutations so that is usually what is used in these kinds of protocols.
Sort of, in that it would be really weird if it wasn't true. It is generally thought that primes follow a certain distribution (i.e. any given odd number has a certain probability of being prime, decreasing as the number gets larger). We know there are an infinite number of primes. That means this probability never reaches zero. If it is always non-zero, then there is also always some non-zero probability that we get two primes in a row (just the square of the probability). If there were not infinite twin primes, then it would mean that the "prime event" is not i.i.d., which is not impossible but would be strange. For there to be a point where there ceases to be twin primes would imply some weird arbitrary limit, beyond which primes don't want to "clump" any more.
You mean multiply? If you add then you get ambiguous cases, i.e 2+3=5 where you don't know if it was just five or if it was two and three. If you want to add you would have to do powers of two. Pretty cool, but it has nothing to do with the article:D
Depends on what you mean by "construct". You can just start at N+1 and test everything for primality. We know now that primality testing is in P, and the prime number theorem tells us that the distribution of primes is dense, so this is even efficient.
Nice that they included some highlights of these features in the summary then instead of saying nothing that the title wouldn't tell you just as well... oh wait.
Slashdot Mirror
Okay, that kind of ruins it. Important information I wish we would have had.
Yes, but unfortunately we don't have a super great interoperable way to exchange those GPS coordinates right now. We do have lots of ways to exchange words. This bridges that gap.
Queue all the people complaining about how this is stupid and they will never use it. News flash: just because something isn't useful to you doesn't mean it has no value. There are lots of people in the world and, believe it or not, most of them are not you. If you can't think of how this could be useful, you are either stupid or being deliberately obtuse.
Have you not realized that three english words are easier to remember than 12-20 random numbers?
Because most people can't remember a long string of numbers but they can easily remember three english words. It is the same reason people don't carry around 128-bit AES keys in their head, even though it would make for much better security.
This is some of the most sexist bullshit I've ever seen on Slashdot, and that is saying something. Why don't we equally discount businesses having to do with sports, car enthusiasts, video games, power tools and tech gadgets? A business is a business, and if they are making money then it counts. Just because it is a traditionally "female issue" doesn't make it any less useful to society. Guess what? Half of consumers are female, and they vote with their wallets what is important to them.
I am teaching a graduate course for the first time this summer and I can say that is absolutely true for me. I "knew" the material before, but I realized that until I had to get in front of student and actually teach it, I hadn't completely absorbed and understood it on an intuitive level. Their assignment for the final project is to pick an advanced topic and give a lecture on it to the rest of the class. I didn't bother with quizzes or midterms, I figure if you can get in front of other students and explain a new concept to them, then you have learned exactly what I wanted to teach.
Math is the easiest subject there is. We created math because we couldn't deal with all the complicated edge cases of reality. Instead we imagine a perfect world in our heads where we know all the axioms and rules and are free to play around without all the mucky details of the real world.
This post is so much irony... they are number 11.
You still need an out of band channel, which I just said.
The equivalent in email is self-signed SMIME certificates or PGP without a key server. I would argue that PGP is just as easy to set up and use in every major email client.
Unless you are using an out of band channel to compare public key fingerprints, it is not "just working" and you are vulnerable to a man in the middle attack. It has the same problem as secure mail, only people ignore it.
OTR only works if you either:
1) Trust the network
2) Have a shared secret between the users or
3) Have an out of band channel to compare public key fingerprints
Now, this service is probably going to use the same (or a similar) protocol but fall under category 1 by distributing everyone's public keys. If you trust them to give you the correct key then the system can be secure.
What does uploading your own public key do to help? You are still at the mercy of your local SMTP server for mail you send. Also, a large number of emails are from Gmail to Gmail and only an end-to-end solution can help at all in that case.
Except most people have only one address so that acts as their "identity". Also, what world do you live in where you can buy something with a credit card and not give them your name?
I know you're trying to plug your thing here, but what you are saying is just naive. People use credit cards on the internet, you can't just magic that away with bitcoins or something. At least not yet. The technology isn't there. Do you suggest never using a credit card in real life? Or never telling anyone your name? At that point it is public information right?
That has nothing to do with the problem. We are already assuming that the companies have personal data, they just want to encrypt it to prevent third parties from obtaining it. The problem is that you need to decrypt the data at some point in order to make use of it, so the key must sometimes intersect with the data. Where do you keep it so that someone who gets the data won't also get the key?
What is your point exactly? 2^126 is still massively infeasible, and it only applies to a reduced round version. In fact, since a year or two ago, full-round AES is also subject to a 1-2 bit break. That means that IDEA is at least as secure as AES.
Pretty sure their argument was that it harmed a group of people out of spite and did not benefit anyone. They were saying essentially that you can't make a law punishing a minority for no reason.
Actually the one-time pad doesn't work super well for things like that. If you observe the challenge number and the response (challenge combined with key) then you can trivially retrieve the key, since all three things are linearly related. You actually need something somewhat "stronger" than the one-time pad: a random permutation. Unfortunately, the key space for a random permutation is doubly exponential in the size (compared to singly exponential with OTP) so it is even less practical. In real life, block ciphers are made to approximate random permutations so that is usually what is used in these kinds of protocols.
What kind of computer science program doesn't have an algorithms course?
Sort of, in that it would be really weird if it wasn't true. It is generally thought that primes follow a certain distribution (i.e. any given odd number has a certain probability of being prime, decreasing as the number gets larger). We know there are an infinite number of primes. That means this probability never reaches zero. If it is always non-zero, then there is also always some non-zero probability that we get two primes in a row (just the square of the probability). If there were not infinite twin primes, then it would mean that the "prime event" is not i.i.d., which is not impossible but would be strange. For there to be a point where there ceases to be twin primes would imply some weird arbitrary limit, beyond which primes don't want to "clump" any more.
You mean multiply? If you add then you get ambiguous cases, i.e 2+3=5 where you don't know if it was just five or if it was two and three. If you want to add you would have to do powers of two. Pretty cool, but it has nothing to do with the article :D
Depends on what you mean by "construct". You can just start at N+1 and test everything for primality. We know now that primality testing is in P, and the prime number theorem tells us that the distribution of primes is dense, so this is even efficient.
Nice that they included some highlights of these features in the summary then instead of saying nothing that the title wouldn't tell you just as well... oh wait.