The point is that expertise in scada, coming up with 4 zero days, getting 2 signed driver keys from JMicron and Realtek, and distributing the exploit without the internet to Iranian factories is not something a non-state can do.
Organized crime could theoretically do it, if they decided to invest in developing the necessary technical resources rather than just shooting people. However, organized crime would not do it without an obvious profit motive, especially given the risks (that governments might tie it to them, etc.). There does not seem to be any such motive in this case.
At that rate, it takes 1246 days to cut off everybody, which is fairly precisely 3.5 years.
I assume the copyright holders have a large backlog of IP addresses they've been collecting over the past months/years, which is why they're submitting at such a prodigious rate. One imagines that the set of "infringing ISP customers" in France represents only a small subset of the totality, so the rate will slow down. Yes, I realize that this is obvious and the whole thing is ridiculous, etc...
The whole point of the Internet 2 project was to provide secure, robust, high-speed communication to those who needed it.
While I agree with the high-speed part, I'm not sure that security was every part of the deal, at least not security in the sense that the NSA would care about. I2 is basically a collection of research facilities and lightly-secured academic institutions. While universities aren't terrible with their security, it's way down the list of things we care about.
But getting back on topic, there's a basic problem with any plan to build a segregated Internet. While it's a good idea in the sense that it increases availability and makes DDoS harder, it's essentially nothing more than building a giant firewall around a huge tranche of the Internet. If you've ever observed a worm spread through the Intranet of a large organization, you'll appreciate how ineffective this will be --- all it takes is a few infected machines to threaten the entire network. The concern is that system administrators (the guys who hook critical machines up to the real Internet today) will assume that the segregated network is "safe", and will then make even dumber decisions based on this belief.
He dismisses LUKS and TrueCrypt because they don't offer plausible deniability - because of the headers, as you say. He then moves onto Linux's loopback device in crypto mode. It doesn't write headers. He then comes up with a technique of comparing the raw encrypted data with random text. Turns out using his techniques it is easy to spot the difference. And that is the point of the paper: even without headers or any other tell tale signs, there is no way to hide the fact that you have encrypted data on your disk.
From what I can tell, the paper makes several points:
1. Implementations that write headers leak info on what's encrypted 2. Poor crypto implementations (i.e., not using modes of operation correctly) leak info on what's encrypted 3. Encrypted data stands out when compared with non-random background 4. If you can look at the way a filesystem changes over time, you'll spot people writing encrypted data
I think (1) and (2) are fairly obvious and irrelevant --- if you do things wrong, then of course you'll get caught. I think we've addressed (3) already in this thread. So it remains for us both to agree that you can learn things by observing the way a filesystem changes over time. That doesn't exactly correspond to "using his techniques it is easy to spot the difference [between encrypted data and random text]". In fact, it sounds to me like a whole different flavor of attack, though certainly a powerful one that people should be careful of.
Here you are playing with words. "Encrypted data looks like random data" in this case means in this case "looks identical to the novice, but an expert will find it easy to distinguish the two". But no one would take that meaning from your post. It was poor communication at best.
I would argue that the attacker's expertise is irrelevant to this discussion. If an attacker can obtain periodic snapshots of a user's system, they don't have to be an expert --- they're just blessed with an unusually rich amount of data. No cryptographic technique (short of completely re-randomizing the noisy portions of the disk) is going to hide the fact that you're making suspicious changes to the data. I would further claim that, absent such a history, encrypted data does look like random data. But you are welcome to disagree.
It's been a good long time since I took part in a nice, angry Slashdot flame war, particularly in my PhD subject area. It's been fun.
In essence, encrypted data sticks out like dogs balls because of its high entropy, yet there are enough patterns in it to make it obvious to an expert it isn't just random data.
So, look, in fairness you're a little bit right and a little bit wrong. It is unusual to spot high-entropy data on a filesystem, and that's what encryption looks like. However, if you read the grandparent post, "encrypted data looks like random data" is precisely what I claimed. Nothing more, nothing less.
Most "rubber hose" steg filesystems address the entropy problem by putting lots of random cover data on your disk, whether or not you choose to store secrets. For example, the empty sectors on your drive can be formatted with pseudo-random noise. Reasonable people can disagree about whether this will work (if everyone does it, then perhaps; if only people with secrets do it, then probably not). It'll also be very time consuming.
Furthermore, the article you linked to doesn't say what you think it does. It simply points out that some encryption packages add recognizable headers. If you don't add headers ("hey, look, this is AES data!"), then the result should not have any recognizable patterns.
Some evidently don't agree with this last piece of advise because they have posted their solutions to the problem right here, on one the largest megaphones on the 'net. Fortunately for them, Slashdot has in typical Slashdot fashion come to their rescue. Unlike the piece of miss-information I am responding to which is rated "5, informative", these insightful and informative posts are rated 1. Probably because they necessarily involve long complex commands which are utterly beyond your average slashdotter, which probably means they will rarely be used, which probably means they are right - my last piece of advise is alarmist.
I don't really have anything to say in response to this, but I thought I'd quote it just the same.
The computational complexity of any finite deterministic function of inputs of finite complexity is finite. That means that any necessary analysis can also be conducted in finite time. The only thing protecting AES is the lack of computational resources on the part of attackers.
This is my fault for being imprecise in a Slashdot post. Of course the security of AES is based on attackers' limited resources. If attackers had unlimited resources, they could simply brute-force the keyspace. Of course, without quantum computers this might require the solar system and many nearby star systems to be processed into computing devices. 2^256 is an awfully large number.
When I said "distinguisher running in bounded time" I should have said "probabilistic Turing machine running in a number of time steps that can be expressed as a polynomial function of an adjustable key size".
Does anyone really think that thirty years from now it won't be commonplace to break the encryption of data encrypted using the key lengths we use now?
This is why many modern cryptosystems use adjustable key sizes. However, barring some dramatic new advance (quantum computers), or some as-yet-undiscovered flaw in AES (much more likely), ciphers with 128, 192 and 256 key sizes should be ok in 30 years.
AES is designed to be a pseudo-random function (meaning it's evaluated against that criteria). What this means is that/when used properly/ AES encrypted data should be indistinguishable from random data, at least for a distinguisher running in bounded time. If anyone discovers an efficient algorithm that can distinguish this, it'll be a big nail in AES's coffin (and yes, at the very theoretical level I realize that there already are some known weaknesses in AES, but for the moment you're in good shape).
If it was tested successfully and had no unexpected consequences, I think most people would rejoice. Politicians would get to solve global warming without raising taxes or implementing any unpopular measures. This is what every successful politician wakes up hoping to do (the distorted view you see sometimes on Slashdot notwithstanding).
The problem is those unexpected consequences. I've been hearing about crop residue sequestration for nearly a decade, but the problem has always been in the sequestration process. Will it stay sequestered? Is it economical to get it there? Will it lock up vast amounts of necessary nutrients? I've heard plans to dump it into the ocean but understood those were derailed when some experiments showed that this had some pernicious effects (working from memory, may be wrong here.). There have been similar proposals to seed iron in the ocean in order to fertilize phytoplankton, but they haven't really panned out either.
In short, I'm dying for a quick technological fix, hell we all are. Possibly literally. But that doesn't mean there is one.
The real problem is NOT the OS, since it is pretty obvious this attack has been specifically designed to hit a very small niche target, which means no matter what OS you were running the malware writers would have simply written to that target.
Correct me if I'm wrong, but my understanding is that this worm wasn't hand-carried into the target. That would have been difficult and very risky to the perpetrators. Rather, the worm got to it's target by first spreading through a huge number of vulnerable non-target machines in the hope that one of them would be adjacent to a real target.
One of the other posters on this thread confirms that this nearly happened at the plant he works for, but they were able to contain it before it jumped to the production machines.
So while it's true that the payload itself might have been targeted at any OS, the vector itself was highly dependent on the existence of a monoculture of vulnerable-OS machine that make this delivery strategy so damned effective. It's really just icing that the target machines were also Windows, meaning that the perpetrators could re-use the same vulnerabilities to get all the way in.
"Reverse engineering" only really applies if the details of the cryptographic primitives are not already publicly known (pretty much never the case).
For normal applications of cryptography this would be a valid statement. Kerckhoff's principle tells us that the security of a system should come from the key, not from the secrecy of the algorithm. Hence REing your own device shouldn't help you attack some other party.
DRM is different. By definition every legitimate DRM device has to have the keys built in, otherwise it can't participate in the system. So REing really is a threat. This is why you see obfuscated software, tamper-resistant hardware, etc. in these systems.
This key is the master so its leakage may not have anything to do with RE, unless the key derivation algorithm is really weak. And it could be.
But what was he doing? Studying & living blissfully in a relatively expensive place, financed by his family at home in the position of public authority, on a curse leading to a diploma which will be useless (just for a paper; while cheating) - but with a position in a public institution at home virtually assured after his return.
Minus the cheating bit, your description could really apply to any somewhat privileged middle-class Western individual. In that sense it probably covers you, me, and the vast majority of Slashdot posters as well.
It sounds like your issue with this gentleman is the fact that he's enjoying his status on the backs of his own less-fortunate countrymen, while blaming their problems on someone else. But don't kid yourself that you're somehow morally superior to the guy. Those of us who are lucky to be born into a wealthy country are basically doing the same thing, we're just doing it on the backs of some other country's less-fortunate folks (and many of our own countrymen too).
I assumed it was because they don't want to buy a Windows computer and don't know how to use Linux, *BSD or any of the other alternatives.
I can't help but chuckle every time someone implies that Macs are for lightweights who don't know how computers work. I have a PhD in computer science and attend a lot of conferences full of code-writing grad students. Looking around the audience I see basically three populations:
0. People who could afford, or get their advisor to pay for a Mac. (About 60%) 1. People who couldn't get their advisor to pay for a Mac (and use Linux/BSD on some cheaper laptop). 2. Poor lost souls who still use Windows.
Now, graduate CS researchers are not the perfect proxy for the "serious" computer using population, but they absolutely 'know how to use Linux/BSD'. They just prefer Macs in large numbers, at least for personal machines --- servers are a different game.
It's not hard to understand: a Mac comes with a Unix shell, runs a nice optimized version of x86 gcc, and can get a full GNU distribution in a few minutes via Macports. Your video card is always supported by the OS (no futzing around with drivers and X issues). Most importantly, when you need to, you can run a large complement of applications including Keynote and the entire MS Office suite (and yes, unfortunately this is still necessary sometimes). They also run nice hardware and don't suffer from crappy build quality like many Wintel laptops.
FWIW, there are some drawbacks. I have trouble compiling some Linux packages because some MacOS/Mach/BSD conventions are different enough that they break. Also, Apple has a tendency to ship some old-ass libraries with the base operating system, and doesn't update them often enough. MS Office for Mac was designed by monkeys, but that's because MS Office was designed by monkeys.
Peer reviewed papers are one thing. But science also requires the ability of anyone to replicate the experiment and validate the results. This requires the original models (code), data, and procedure used. Without this, the science is invalid.
This subpoena was not looking to get Mann's code or find data that could reproduce his experiments. Mann doesn't even work for that university anymore, and it's doubtful they have his notes. Rather it was an attempt to find evidence of fraud and misuse of funds. That might be noble if there was any particular reason to believe that funds had been misused. But in this case the judge rightly pointed out that AG Cuccinelli had presented no such reason, not even the slightest hint.
Now what the judge did not say is that Cuccinelli's subpoena was obviously politically motivated, and clearly an attempt to increase his standing within the Republican party by persecuting the hell out of a scientist who took a position that the GOP (and its backers) don't like. But anyone with an ounce of sense can see that's what it was. If anti-AGW advocates have an ounce of scientific credibility, I'd expect that they'd be as upset by this as anyone else.
If you want to talk scary, that's scary. Mann worked/works for public universities paid for with tax dollars. Explain why getting access to anything that he does while on tax payer time isn't as simple as saying "hey dude, can we see your work?"
Asking to see his work would have amounted to asking for a dump of his published, peer reviewed research papers. They're available without a subpoena. Just because someone works for the public does not mean that they're subject to arbitrary, unjustified investigation at any time, especially when that investigation is expensive and has to be paid for by the public.
And that's all this judge has said: present evidence that this expensive, time consuming investigation is justified, you get your information. Fail to present it, the public will be spared the cost both of the investigation, and the cost of lost research time that the public will have to bear while this individual is investigated for no reason. It's a valuable function, and our government wouldn't survive without it. In a hypothetical world where investigations have no cost, maybe it would be reasonable to allow this to go forward with no justification. We don't live in that world.
And indeed, if we had an efficient technique for manufacturing gasoline then gasoline could absolutely be called a renewable fuel. If that technique existed we probably wouldn't be messing with hydrogen. Hydrogen is being considered as a likely future transportation fuel precisely because we don't know how to manufacture gasoline efficiently without using petroleum products.
There's some hope for doing it with biofuels (algae based, especially) and Slashdot has some new science story on this subject every other week. But the point here is that a fuel is only renewable if we have a practical technique for renewing it, not just because such a technique might theoretically exist.
new taxes for foreigners doing business in the US, foreign companies doing business in the US, and US citizens previously entitled to tax credits from living abroad, and well over $1 trillion worth of rescinded spending (presumably to get money to give to the State governments). There are other details, obviously.
And you should be thrilled about this. The House is now operating under PAYGO rules, which means that any new spending has to be offset by budget cuts or tax increases elsewhere.
According to the CBO, if we manage to stick with PAYGO discipline, our debt will stabilize (i.e., the country will not fucking die). During the 2001-2008 we did not have PAYGO in force. As a result, we did horrendous, possibly permanent damage to the nation's finances.
So where do you think those racist Democrats went? Maybe they just stopped voting, maybe they joined some third party (though the numbers don't really bear this out). There's really only one party to which the racist "Dixiecrats" could have gone.
(Democratic) President Lyndon Johnson said it best, after signing the Civil Rights Act of 1964: "we have lost the South for a generation." The man was a Texan and he knew what he was talking about. Except maybe the part about it only lasting one generation.
If you're interested, you can also read about how the Republicans took in those southern voters, and the people who made it happen. They were not good people. Ironically, many of them probably weren't even racists at all, by the standards of the day. They simply had no concerns, and realized that this was an opportunity for power and riches. Too bad we still have to live with their ilk.
Factoring is an NP problem : guess the bits and fail if they don't multiply to give what you want. It is also unlikely to be NP-complete as there are sub-exponential algorithms for it (it it were NP-Complete then quasi-P = NP).
Yes, good point!
More to the point, if P = NP, then there are polynomial algorithms for breaking symmetric key ciphers and hashes as well. Then again, polynomial time != implementable in reasonable time.
It means that strong one-way functions don't exist, ergo all of the theoretical, complexity-theoretic results which are predicated around the existence of these functions go poof. There's still always the possibility of finding problems that are very, very hard to solve.
The difference is that the favouring of Google's traffic isn't artificial. In the classical net neutrality scenario, speeding up one company's traffic requires little or no effort on the part of the ISP--the pipes must already exist that can handle such faster traffic, so in reality they're slowing down their competitors by denying access to these pipes. When you colocate a server, though, that actually *does* cost power, physical space, server insurance, et cetera, and the benefits aren't gained by preferential throttling on the part of the ISP. They can't really be held accountable for convenient network topology. It's true this is a little bit of a grey area, but I think my logic is pretty sound.
This isn't the classical net (non-)neutrality scenario, it's that scenario's test case. Once the test case is common and accepted throughout the industry, there won't be anything controversial about the artificial version.
Right now you're assuming that Verizon won't "slow down their competitors" by denying them access to their networks. In reality it costs Verizon a lot of money to build Internet connectivity (fiber connections, backbone connectivity, etc.). Verizon now has a choice: they can invest enough money to meet or exceed their customers' demand for this limited resource. Or they can invest less. If they invest less, then they're effectively creating an artificial scarcity, which has exactly the same effect as the classical net-neutrality scenario. Vimeo will stream their videos over the backbone and Google will stream them from the head-end. Google will offer higher quality with better service level, and Vimeo won't.
Then, once all the major players have their co-located their data centers, two different things will happen. First, it will take all of the wind out of the net-neutrality fight, since Google/Microsoft etc. are the major corporate supporters. People will still talk about it, but nobody will be spending money lobbying for it. In this country that means its legislative chances are zero. More to the point, once the major players have their own datacenters, there will be a huge push by smaller companies who/also/ want access to those scarce network resources. In practice that'll either mean buying fractional co-location through a company like Akamai (who then pays Verizon through the nose for the service), or perhaps directly from Verizon.
Of course once you've gotten there, why pay for colocation at all? After all, it's only reasonable that smaller companies should be able to buy the same level of access that Google does, without the "waste" of colocation. In fact, it's necessary for fairness! So Verizon can then move on to the more artificial scenarios in which it prioritizes some traffic into its network, and so on and so forth. In the long run the goal will be prioritization and tiering throughout Verizon's network.
Provided that Verizon ensures that it always has sufficient capacity to meet everyone's needs, this won't result in anyone being slowed down. That is, of course, completely wishful, ridiculous thinking.
Re:What would the impacts of this be for cryptogra
on
Claimed Proof That P != NP
·
· Score: 4, Informative
The point is that if P did = NP, then there wouldn't be any reason to think further about whether RSA is an NP problem. The constants might be huge, but there would clearly exist a poly-time algorithm for solving it. If P != NP as this result claims, then there may not be one, which is what cryptographers hope.
I'm sorry, but how is this fundamentally different from the sort of tiered service that net-neutrality advocates worry about? Google pays Verizon a substantial sum of money, and in return Google gets preferential access to the network in the form of local datacenters. This gives Google an advantage over competing providers/provided that the bottleneck is in the peering or backbone connections/. Given that Verizon FIOS seems to have substantial excess fiber capacity within its network, that seems like a likely scenario. (Wireless less so.)
There's a finite amount of room at Verizon's data centers, so I imagine they'll be able to charge plenty of money for this, and that smaller providers will be locked out (or will have to pay fractionally, e.g., through an already-colocated service like Akamai). Verizon gets a new profit center and Verizon users pay for it invisibly through advertising and the cost of any services that Google eventually offers for pay. Which is the truly worrisome aspect of net non-neutrality.
Obviously this is only one step on the road to ISP-controlled, for-profit, tiered service. But it's in the same spirit, and it may be that Google has made it clear they're willing to pay for access to those networks.
Business user: I need fast push access to e-mail and critical documents wherever I go. I don't care about anything else.
Seriously, you can read critical non-text-format documents conveniently on a Blackberry? Far too much of my material comes in as PDF and it's acceptable on an iPhone with its excellent PDF reader. I'm sure modern Android devices do something similar, and have some larger screens (EVO and Droid X). My sister has a Blackberry and the UI, scrolling, and screen resolution are all miserable. I assume that it can probably handle a PDF in some way, I just don't know that I'd be able to live with it if my business depended on it.
Total bullshit. I used to work for the private sector at a museum that was then taken over by the federal government. When the takeover went through, I gained ridiculous pension and medical benefits, along with a $10,000+ increase in my annual salary.
Private museums rarely pay well --- particularly those that are in danger of being taken over by the federal government. It's possible that you were getting paid terrifically and the government made you even richer. However, it's more likely that you weren't, and the government increased your salary to something more reasonable.
When my sister-in-law taught at a parochial private school she made $20-something-k. Now she makes $40-something-k teaching in public schools with violent kids. That's a huge salary increase, but it's hardly going to make her rich. The problem is that the private sector has so marked down what it will pay labor, and for some reason we don't get bitter about that --- instead we get angry when we see public institutions paying a halfway decent wage.
Slashdot Mirror
The point is that expertise in scada, coming up with 4 zero days, getting 2 signed driver keys from JMicron and Realtek, and distributing the exploit without the internet to Iranian factories is not something a non-state can do.
Organized crime could theoretically do it, if they decided to invest in developing the necessary technical resources rather than just shooting people. However, organized crime would not do it without an obvious profit motive, especially given the risks (that governments might tie it to them, etc.). There does not seem to be any such motive in this case.
At that rate, it takes 1246 days to cut off everybody, which is fairly precisely 3.5 years.
I assume the copyright holders have a large backlog of IP addresses they've been collecting over the past months/years, which is why they're submitting at such a prodigious rate. One imagines that the set of "infringing ISP customers" in France represents only a small subset of the totality, so the rate will slow down. Yes, I realize that this is obvious and the whole thing is ridiculous, etc...
The whole point of the Internet 2 project was to provide secure, robust, high-speed communication to those who needed it.
While I agree with the high-speed part, I'm not sure that security was every part of the deal, at least not security in the sense that the NSA would care about. I2 is basically a collection of research facilities and lightly-secured academic institutions. While universities aren't terrible with their security, it's way down the list of things we care about.
But getting back on topic, there's a basic problem with any plan to build a segregated Internet. While it's a good idea in the sense that it increases availability and makes DDoS harder, it's essentially nothing more than building a giant firewall around a huge tranche of the Internet. If you've ever observed a worm spread through the Intranet of a large organization, you'll appreciate how ineffective this will be --- all it takes is a few infected machines to threaten the entire network. The concern is that system administrators (the guys who hook critical machines up to the real Internet today) will assume that the segregated network is "safe", and will then make even dumber decisions based on this belief.
He dismisses LUKS and TrueCrypt because they don't offer plausible deniability - because of the headers, as you say. He then moves onto Linux's loopback device in crypto mode. It doesn't write headers. He then comes up with a technique of comparing the raw encrypted data with random text. Turns out using his techniques it is easy to spot the difference. And that is the point of the paper: even without headers or any other tell tale signs, there is no way to hide the fact that you have encrypted data on your disk.
From what I can tell, the paper makes several points:
1. Implementations that write headers leak info on what's encrypted
2. Poor crypto implementations (i.e., not using modes of operation correctly) leak info on what's encrypted
3. Encrypted data stands out when compared with non-random background
4. If you can look at the way a filesystem changes over time, you'll spot people writing encrypted data
I think (1) and (2) are fairly obvious and irrelevant --- if you do things wrong, then of course you'll get caught. I think we've addressed (3) already in this thread. So it remains for us both to agree that you can learn things by observing the way a filesystem changes over time. That doesn't exactly correspond to "using his techniques it is easy to spot the difference [between encrypted data and random text]". In fact, it sounds to me like a whole different flavor of attack, though certainly a powerful one that people should be careful of.
Here you are playing with words. "Encrypted data looks like random data" in this case means in this case "looks identical to the novice, but an expert will find it easy to distinguish the two". But no one would take that meaning from your post. It was poor communication at best.
I would argue that the attacker's expertise is irrelevant to this discussion. If an attacker can obtain periodic snapshots of a user's system, they don't have to be an expert --- they're just blessed with an unusually rich amount of data. No cryptographic technique (short of completely re-randomizing the noisy portions of the disk) is going to hide the fact that you're making suspicious changes to the data. I would further claim that, absent such a history, encrypted data does look like random data. But you are welcome to disagree.
It's been a good long time since I took part in a nice, angry Slashdot flame war, particularly in my PhD subject area. It's been fun.
In essence, encrypted data sticks out like dogs balls because of its high entropy, yet there are enough patterns in it to make it obvious to an expert it isn't just random data.
So, look, in fairness you're a little bit right and a little bit wrong. It is unusual to spot high-entropy data on a filesystem, and that's what encryption looks like. However, if you read the grandparent post, "encrypted data looks like random data" is precisely what I claimed. Nothing more, nothing less.
Most "rubber hose" steg filesystems address the entropy problem by putting lots of random cover data on your disk, whether or not you choose to store secrets. For example, the empty sectors on your drive can be formatted with pseudo-random noise. Reasonable people can disagree about whether this will work (if everyone does it, then perhaps; if only people with secrets do it, then probably not). It'll also be very time consuming.
Furthermore, the article you linked to doesn't say what you think it does. It simply points out that some encryption packages add recognizable headers. If you don't add headers ("hey, look, this is AES data!"), then the result should not have any recognizable patterns.
Some evidently don't agree with this last piece of advise because they have posted their solutions to the problem right here, on one the largest megaphones on the 'net. Fortunately for them, Slashdot has in typical Slashdot fashion come to their rescue. Unlike the piece of miss-information I am responding to which is rated "5, informative", these insightful and informative posts are rated 1. Probably because they necessarily involve long complex commands which are utterly beyond your average slashdotter, which probably means they will rarely be used, which probably means they are right - my last piece of advise is alarmist.
I don't really have anything to say in response to this, but I thought I'd quote it just the same.
What about http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.19.7206? Seems that fits your bill; in essence, there are certain statistical biases in many of the encryption schemes that can be calculated quite quickly.
See http://eprint.iacr.org/2002/149.pdf.
The computational complexity of any finite deterministic function of inputs of finite complexity is finite. That means that any necessary analysis can also be conducted in finite time. The only thing protecting AES is the lack of computational resources on the part of attackers.
This is my fault for being imprecise in a Slashdot post. Of course the security of AES is based on attackers' limited resources. If attackers had unlimited resources, they could simply brute-force the keyspace. Of course, without quantum computers this might require the solar system and many nearby star systems to be processed into computing devices. 2^256 is an awfully large number.
When I said "distinguisher running in bounded time" I should have said "probabilistic Turing machine running in a number of time steps that can be expressed as a polynomial function of an adjustable key size".
Does anyone really think that thirty years from now it won't be commonplace to break the encryption of data encrypted using the key lengths we use now?
This is why many modern cryptosystems use adjustable key sizes. However, barring some dramatic new advance (quantum computers), or some as-yet-undiscovered flaw in AES (much more likely), ciphers with 128, 192 and 256 key sizes should be ok in 30 years.
Erp, I meant Pseudo-Random Permutation, which is indistinguishable from a PRF if the amount of data is realistic.
AES is designed to be a pseudo-random function (meaning it's evaluated against that criteria). What this means is that /when used properly/ AES encrypted data should be indistinguishable from random data, at least for a distinguisher running in bounded time. If anyone discovers an efficient algorithm that can distinguish this, it'll be a big nail in AES's coffin (and yes, at the very theoretical level I realize that there already are some known weaknesses in AES, but for the moment you're in good shape).
If it was tested successfully and had no unexpected consequences, I think most people would rejoice. Politicians would get to solve global warming without raising taxes or implementing any unpopular measures. This is what every successful politician wakes up hoping to do (the distorted view you see sometimes on Slashdot notwithstanding).
The problem is those unexpected consequences. I've been hearing about crop residue sequestration for nearly a decade, but the problem has always been in the sequestration process. Will it stay sequestered? Is it economical to get it there? Will it lock up vast amounts of necessary nutrients? I've heard plans to dump it into the ocean but understood those were derailed when some experiments showed that this had some pernicious effects (working from memory, may be wrong here.). There have been similar proposals to seed iron in the ocean in order to fertilize phytoplankton, but they haven't really panned out either.
In short, I'm dying for a quick technological fix, hell we all are. Possibly literally. But that doesn't mean there is one.
The real problem is NOT the OS, since it is pretty obvious this attack has been specifically designed to hit a very small niche target, which means no matter what OS you were running the malware writers would have simply written to that target.
Correct me if I'm wrong, but my understanding is that this worm wasn't hand-carried into the target. That would have been difficult and very risky to the perpetrators. Rather, the worm got to it's target by first spreading through a huge number of vulnerable non-target machines in the hope that one of them would be adjacent to a real target.
One of the other posters on this thread confirms that this nearly happened at the plant he works for, but they were able to contain it before it jumped to the production machines.
So while it's true that the payload itself might have been targeted at any OS, the vector itself was highly dependent on the existence of a monoculture of vulnerable-OS machine that make this delivery strategy so damned effective. It's really just icing that the target machines were also Windows, meaning that the perpetrators could re-use the same vulnerabilities to get all the way in.
"Reverse engineering" only really applies if the details of the cryptographic primitives are not already publicly known (pretty much never the case).
For normal applications of cryptography this would be a valid statement. Kerckhoff's principle tells us that the security of a system should come from the key, not from the secrecy of the algorithm. Hence REing your own device shouldn't help you attack some other party.
DRM is different. By definition every legitimate DRM device has to have the keys built in, otherwise it can't participate in the system. So REing really is a threat. This is why you see obfuscated software, tamper-resistant hardware, etc. in these systems.
This key is the master so its leakage may not have anything to do with RE, unless the key derivation algorithm is really weak. And it could be.
But what was he doing? Studying & living blissfully in a relatively expensive place, financed by his family at home in the position of public authority, on a curse leading to a diploma which will be useless (just for a paper; while cheating) - but with a position in a public institution at home virtually assured after his return.
Minus the cheating bit, your description could really apply to any somewhat privileged middle-class Western individual. In that sense it probably covers you, me, and the vast majority of Slashdot posters as well.
It sounds like your issue with this gentleman is the fact that he's enjoying his status on the backs of his own less-fortunate countrymen, while blaming their problems on someone else. But don't kid yourself that you're somehow morally superior to the guy. Those of us who are lucky to be born into a wealthy country are basically doing the same thing, we're just doing it on the backs of some other country's less-fortunate folks (and many of our own countrymen too).
I assumed it was because they don't want to buy a Windows computer and don't know how to use Linux, *BSD or any of the other alternatives.
I can't help but chuckle every time someone implies that Macs are for lightweights who don't know how computers work. I have a PhD in computer science and attend a lot of conferences full of code-writing grad students. Looking around the audience I see basically three populations:
0. People who could afford, or get their advisor to pay for a Mac. (About 60%)
1. People who couldn't get their advisor to pay for a Mac (and use Linux/BSD on some cheaper laptop).
2. Poor lost souls who still use Windows.
Now, graduate CS researchers are not the perfect proxy for the "serious" computer using population, but they absolutely 'know how to use Linux/BSD'. They just prefer Macs in large numbers, at least for personal machines --- servers are a different game.
It's not hard to understand: a Mac comes with a Unix shell, runs a nice optimized version of x86 gcc, and can get a full GNU distribution in a few minutes via Macports. Your video card is always supported by the OS (no futzing around with drivers and X issues). Most importantly, when you need to, you can run a large complement of applications including Keynote and the entire MS Office suite (and yes, unfortunately this is still necessary sometimes). They also run nice hardware and don't suffer from crappy build quality like many Wintel laptops.
FWIW, there are some drawbacks. I have trouble compiling some Linux packages because some MacOS/Mach/BSD conventions are different enough that they break. Also, Apple has a tendency to ship some old-ass libraries with the base operating system, and doesn't update them often enough. MS Office for Mac was designed by monkeys, but that's because MS Office was designed by monkeys.
Peer reviewed papers are one thing. But science also requires the ability of anyone to replicate the experiment and validate the results. This requires the original models (code), data, and procedure used. Without this, the science is invalid.
This subpoena was not looking to get Mann's code or find data that could reproduce his experiments. Mann doesn't even work for that university anymore, and it's doubtful they have his notes. Rather it was an attempt to find evidence of fraud and misuse of funds. That might be noble if there was any particular reason to believe that funds had been misused. But in this case the judge rightly pointed out that AG Cuccinelli had presented no such reason, not even the slightest hint.
Now what the judge did not say is that Cuccinelli's subpoena was obviously politically motivated, and clearly an attempt to increase his standing within the Republican party by persecuting the hell out of a scientist who took a position that the GOP (and its backers) don't like. But anyone with an ounce of sense can see that's what it was. If anti-AGW advocates have an ounce of scientific credibility, I'd expect that they'd be as upset by this as anyone else.
If you want to talk scary, that's scary. Mann worked/works for public universities paid for with tax dollars. Explain why getting access to anything that he does while on tax payer time isn't as simple as saying "hey dude, can we see your work?"
Asking to see his work would have amounted to asking for a dump of his published, peer reviewed research papers. They're available without a subpoena. Just because someone works for the public does not mean that they're subject to arbitrary, unjustified investigation at any time, especially when that investigation is expensive and has to be paid for by the public.
And that's all this judge has said: present evidence that this expensive, time consuming investigation is justified, you get your information. Fail to present it, the public will be spared the cost both of the investigation, and the cost of lost research time that the public will have to bear while this individual is investigated for no reason. It's a valuable function, and our government wouldn't survive without it. In a hypothetical world where investigations have no cost, maybe it would be reasonable to allow this to go forward with no justification. We don't live in that world.
I guess that's "scary".
And indeed, if we had an efficient technique for manufacturing gasoline then gasoline could absolutely be called a renewable fuel. If that technique existed we probably wouldn't be messing with hydrogen. Hydrogen is being considered as a likely future transportation fuel precisely because we don't know how to manufacture gasoline efficiently without using petroleum products.
There's some hope for doing it with biofuels (algae based, especially) and Slashdot has some new science story on this subject every other week. But the point here is that a fuel is only renewable if we have a practical technique for renewing it, not just because such a technique might theoretically exist.
new taxes for foreigners doing business in the US, foreign companies doing business in the US, and US citizens previously entitled to tax credits from living abroad, and well over $1 trillion worth of rescinded spending (presumably to get money to give to the State governments). There are other details, obviously.
And you should be thrilled about this. The House is now operating under PAYGO rules, which means that any new spending has to be offset by budget cuts or tax increases elsewhere.
According to the CBO, if we manage to stick with PAYGO discipline, our debt will stabilize (i.e., the country will not fucking die). During the 2001-2008 we did not have PAYGO in force. As a result, we did horrendous, possibly permanent damage to the nation's finances.
Let's pray that we don't go back to those days.
So where do you think those racist Democrats went? Maybe they just stopped voting, maybe they joined some third party (though the numbers don't really bear this out). There's really only one party to which the racist "Dixiecrats" could have gone.
(Democratic) President Lyndon Johnson said it best, after signing the Civil Rights Act of 1964: "we have lost the South for a generation." The man was a Texan and he knew what he was talking about. Except maybe the part about it only lasting one generation.
If you're interested, you can also read about how the Republicans took in those southern voters, and the people who made it happen. They were not good people. Ironically, many of them probably weren't even racists at all, by the standards of the day. They simply had no concerns, and realized that this was an opportunity for power and riches. Too bad we still have to live with their ilk.
Factoring is an NP problem : guess the bits and fail if they don't multiply to give what you want. It is also unlikely to be NP-complete as there are sub-exponential algorithms for it (it it were NP-Complete then quasi-P = NP).
Yes, good point!
More to the point, if P = NP, then there are polynomial algorithms for breaking symmetric key ciphers and hashes as well. Then again, polynomial time != implementable in reasonable time.
It means that strong one-way functions don't exist, ergo all of the theoretical, complexity-theoretic results which are predicated around the existence of these functions go poof. There's still always the possibility of finding problems that are very, very hard to solve.
The difference is that the favouring of Google's traffic isn't artificial. In the classical net neutrality scenario, speeding up one company's traffic requires little or no effort on the part of the ISP--the pipes must already exist that can handle such faster traffic, so in reality they're slowing down their competitors by denying access to these pipes. When you colocate a server, though, that actually *does* cost power, physical space, server insurance, et cetera, and the benefits aren't gained by preferential throttling on the part of the ISP. They can't really be held accountable for convenient network topology. It's true this is a little bit of a grey area, but I think my logic is pretty sound.
This isn't the classical net (non-)neutrality scenario, it's that scenario's test case. Once the test case is common and accepted throughout the industry, there won't be anything controversial about the artificial version.
Right now you're assuming that Verizon won't "slow down their competitors" by denying them access to their networks. In reality it costs Verizon a lot of money to build Internet connectivity (fiber connections, backbone connectivity, etc.). Verizon now has a choice: they can invest enough money to meet or exceed their customers' demand for this limited resource. Or they can invest less. If they invest less, then they're effectively creating an artificial scarcity, which has exactly the same effect as the classical net-neutrality scenario. Vimeo will stream their videos over the backbone and Google will stream them from the head-end. Google will offer higher quality with better service level, and Vimeo won't.
Then, once all the major players have their co-located their data centers, two different things will happen. First, it will take all of the wind out of the net-neutrality fight, since Google/Microsoft etc. are the major corporate supporters. People will still talk about it, but nobody will be spending money lobbying for it. In this country that means its legislative chances are zero. More to the point, once the major players have their own datacenters, there will be a huge push by smaller companies who /also/ want access to those scarce network resources. In practice that'll either mean buying fractional co-location through a company like Akamai (who then pays Verizon through the nose for the service), or perhaps directly from Verizon.
Of course once you've gotten there, why pay for colocation at all? After all, it's only reasonable that smaller companies should be able to buy the same level of access that Google does, without the "waste" of colocation. In fact, it's necessary for fairness! So Verizon can then move on to the more artificial scenarios in which it prioritizes some traffic into its network, and so on and so forth. In the long run the goal will be prioritization and tiering throughout Verizon's network.
Provided that Verizon ensures that it always has sufficient capacity to meet everyone's needs, this won't result in anyone being slowed down. That is, of course, completely wishful, ridiculous thinking.
The point is that if P did = NP, then there wouldn't be any reason to think further about whether RSA is an NP problem. The constants might be huge, but there would clearly exist a poly-time algorithm for solving it. If P != NP as this result claims, then there may not be one, which is what cryptographers hope.
I'm sorry, but how is this fundamentally different from the sort of tiered service that net-neutrality advocates worry about? Google pays Verizon a substantial sum of money, and in return Google gets preferential access to the network in the form of local datacenters. This gives Google an advantage over competing providers /provided that the bottleneck is in the peering or backbone connections/. Given that Verizon FIOS seems to have substantial excess fiber capacity within its network, that seems like a likely scenario. (Wireless less so.)
There's a finite amount of room at Verizon's data centers, so I imagine they'll be able to charge plenty of money for this, and that smaller providers will be locked out (or will have to pay fractionally, e.g., through an already-colocated service like Akamai). Verizon gets a new profit center and Verizon users pay for it invisibly through advertising and the cost of any services that Google eventually offers for pay. Which is the truly worrisome aspect of net non-neutrality.
Obviously this is only one step on the road to ISP-controlled, for-profit, tiered service. But it's in the same spirit, and it may be that Google has made it clear they're willing to pay for access to those networks.
Business user: I need fast push access to e-mail and critical documents wherever I go. I don't care about anything else.
Seriously, you can read critical non-text-format documents conveniently on a Blackberry? Far too much of my material comes in as PDF and it's acceptable on an iPhone with its excellent PDF reader. I'm sure modern Android devices do something similar, and have some larger screens (EVO and Droid X). My sister has a Blackberry and the UI, scrolling, and screen resolution are all miserable. I assume that it can probably handle a PDF in some way, I just don't know that I'd be able to live with it if my business depended on it.
Total bullshit. I used to work for the private sector at a museum that was then taken over by the federal government. When the takeover went through, I gained ridiculous pension and medical benefits, along with a $10,000+ increase in my annual salary.
Private museums rarely pay well --- particularly those that are in danger of being taken over by the federal government. It's possible that you were getting paid terrifically and the government made you even richer. However, it's more likely that you weren't, and the government increased your salary to something more reasonable.
When my sister-in-law taught at a parochial private school she made $20-something-k. Now she makes $40-something-k teaching in public schools with violent kids. That's a huge salary increase, but it's hardly going to make her rich. The problem is that the private sector has so marked down what it will pay labor, and for some reason we don't get bitter about that --- instead we get angry when we see public institutions paying a halfway decent wage.