The article in question merely extends previously announced Vaudenay attack against CBC-based symmetric ciphers.
Vaudenay algorithm is a Man-in-the-Middle type of an attack that relies on SSL error messages (invalid_pad and invalid_mac) to effeciently deduce message padding information and (somehow) use it to bruteforce the key.
The attack in current article merely fights the fact that certain SSL/TLS versions do not provide error feedback that is required by the Vaudenay algorithm. So, they measure server response time instead and use it to estimate how much of the message processing the server has performed prior to failing the exchange. This obviously provides a missing information to the Vaudenay algorithm so that it can function as designed.
Remember - it's the physicists who are the strange ones, not mathematicians:)
A mathematician, a statistician and a physicist are hired to create a system for predicting the horse race outcomes. They are well funded and given few months. The time passes and they are presenting their results -
a mathematician and a statistician analyzed passed races and created horse racing model,
while a physicist merely says 'Well, I advanced quite a bit - I have built a model of a spherical animal in a vacuum and now I need ten times the money to complete the research'.
The difference is that with a web, you can have more opportunities to find pathways, and you can assign a degree of trust to various "authorities" instead of it being an all-or-nothing thing.
I know, PGP is an elegant idea (and, btw, so is PKI).
But
Will this appeal to an average consumer ? Say, my grandma visits some website and browser says -
Couldn't there be an automated mechanism in place to have the browser check the signature of the site you're visiting against a list of sigs fetched from somewhere else, like a keyserver?
Define 'signature of the site'.
If 'the signature' is its IP or domain name linked to site's public key, then it's a form of a canonical pubkey certificate.
Furthermore, if you are comparing 'the siganture' received from the site with a sig fetched from the 'keyserver', you are effectively verifying a trust chain, which is identical to the PKI certificate handling. This way your 'keyserver' serves as a root CA and you are required to have an initial trust with a 'keyserver' in order for your approach to work.
The problem is how to establish trust with nodes you never heard of. The one and only answer is to rely on the 'opinions' of the people you already trust.
In case of PKI you are starting with a trust into a single root CA and 'propagate' the it along the certification chain assuming that participants will not issue the certificate to a 'bad guy'.
In case of PGP you are starting with a trust into a bunch of friends and if more than N of them say another person can be trusted, you add that person into your friends list. The problem here though is what if you need to verify an identity of the person that none of your friends know. The answer is - you cannot.
And how would I know that the content of some online store that sends me a self-signed or home-brewed-CA certificate is not entirely faked by man-in-the-middle credit card # collector ?
And while you are 'thinking web, not hierarcy' also set aside some time to think how you would be building that web in first place. In particular - how you would be establishing trust with comletely foreign parties.
Their main problem is in *application* protocol (the one on top of the UDP) being stateless. Adding simple state machine implementing client's registration will resolve the problem.
The first client's message says 'hi, i want to talk to you, register me', the server generates an ID for client's IP/port pair and sends ID back to the client. All subsequent packets that client sends include this assigned ID and thus ID serves as a simple 'authentication token' to the server.
It is still possible to spoof an inital message, but the trick is to keep server's registration response to the minimum and rate limit registration requests on the server's firewal.
On any Unix or Unix clone you can just run standard tools or write your own.
I would really really like to see you writing a viable substitute for MS Word. Let me explain.
Most of the people forget that the proprietory file format is not the most important of things that made Microsoft a monopoly.
Their products were simply better and more appealing to users (either visually or financially) than WordPerfect, QuattroPro and others. Even if the file format was open, it would not have changed a thing, because one would've needed to compete against MS development resources, which would be a challenging task.
The same remain true now. PDF and RTF are the open formats. So why aren't there a flourishing competition to the Acrobat and such ?
Unfortunatly with everything in a proprietary format you then end up having to build scripting languages into everything making all of your data files potential entry points for malicious code.
This is absurd. I dont know who is the mysterious 'you' in the quote, but the need for the scripting is not driven by the proprietorness of the format.
Well, redesigned or not:), but I'm telling you that the capsule was no more than 7-8 ft in diameter. I really doubt that one can simply remove ejection seat and put 3 people there instead.... unless I saw a scaled down replica, which is possible, but very unlikely.
I saw that 1-man capsule with my own eyes in Russian Space Museum. You will not be able 'to stuff' a single obese hamburger-lover there, leave alone 3 people. It's not just small, it's freakishly small - it's designed to hold 150 lbs person at max.
I don't think LOTR had as many posts about it. What is the big deal with this film?
Well, perhaps, the deal is that unlike LOTR this film requires some digesting (post-processing:)) in order to appreciate it. It's not a regular popcorn-style movie (Ronin anynone ?), and people expecting it to be are getting pissed off because of that.
Well the license I received for my Real Video clip was indeed valid for 24 hours only. So even if you bypassed their auto-deletion mechanism, you can still watch the clip only within 24 hours.
You forgot to add ".. on the player that respects license restrictions". No matter how they protect the movie (encrypt it with a key that must be fetched from the movielink server or whatever) it will be unprotected right before it goes into the codec or at some point inside the codec if the codec implements DRM. Anyhow, it will be possible to capture raw data and save it for 'the future use'. Requires varying degree of effort, but it is always doable.
It is all snake oil. If they are not being able to control the data on your machine, they will never be able to control it at all. Period.
That's the main driving factor for shoveling trustworthy computing down the customers throat. Either swallow it, relinquish control over your own hardware and rent movies online OR don't rent movies... Hmmm.. what do I choose ? what do I choose ?
Mostly due to this part However, in the meantime NAFA became increasingly irrelevant, because it seems that some of the independent waggon designers travelled to a small country far away beyond the desert. There some ingenious engineers welcomed the independents, and listened to their ideas, and together they built cheap desert-waggons. These were so cheap to operate that they offered rides out into the desert and along the coast for paying passengers, and even built hotels there for people to stay in.
Right on. It would worth giving the 'small country' some credit for having their own engineering force. Besides, it's not that *small* country after all:)
True, but on other hand
on
Gnutella2?
·
· Score: 1
Standartization takes a loooot of time, and involves a lot of politics. Participating and contributing people want the credit, whether we as general public like it or care about it or not (take a look at IKE for example). If not given - some of them tend to stall the process. It is not a technology issue, it's a basic pshycology.
I think it is perfectly legitimate practice to produce a proprietory protocol, put it through internal revision with number of people you know and then release to the public. How you would call it - it's a different issue, but - hey - Gnutella2 is as good name as any.
If a number of people are extensively working in the same area of knowledge, it quite often leads to a simultaneous and independent discoveries of the same or very similar ideas. This is especially true on the frontiers of the research, where an initial idea is merely a seed used to start an iterative refining process, which results in an 'optimal' solution.
The situations like this require great deal of tact from either party not to blame each other in stealing the idea, especially if there was a cooperation happening in some form.
Your comment seems to be biased and based solely on the fact that someone else gained the publicity you were aiming for. Too bad:-/
:I still think having a camera pointed at the sky out in the middle of the pacific so you could have a truely starry night on your ceiling would be amazing!
.. and it will be a total waste of bandwidth as an average Joe wont ever be able to tell true ecuatorial sky from a randomly generated set of bilnking pixels:)
As an extension to your idea though, it'd be cool to be able to spray some extra galaxies here and there onto an actual skies.. just juice it up a bit, you know..:)
.. you dial 911, hangup and in 3 minutes you will have police, firetruck and an ambulance exactly on the spot where you dialed from.
It'd be very stupid of cell companies not to use phone signal lag to compute position of the phone itself. One can do it with 2 receiving nodes with a decent accuracy. Now recall that normally cell is comprised of 6 or more nodes - this is massive data redundancy, which should allow for very good accuracy.
IMO, this functionality has always been in the cell systems. How and when it's used is another question.
Custom media is used to allow physically writing encryption key onto it (in a form of media discrepancies, burnt-through bits or whatever). Then they use this spread-over-CD key to encrypt unaffected areas of CD and there ya go - CD wont work if it's just copied as media defects are not reliably or easily copyable.
Sure you will have an access to a decrypted content once you run the proggy, but now imagine that they use 1024 keys and encrypt data recursively or per-block or in some other non-trivial way.
Sure it's hackable, but at what cost ? There is a good chance that in order to recover raw bits of the file with 17th level map you would actually need to decrypt all previous 16 levels.
Sure you can use a trainer to fake CD defects, but somebody gotta write it first.
So, yeah, it's hackable, but does it worth the effort ? Or moreover - does it worth the wait?
Slashdot Mirror
The article in question merely extends previously announced Vaudenay attack against CBC-based symmetric ciphers.
Vaudenay algorithm is a Man-in-the-Middle type of an attack that relies on SSL error messages (invalid_pad and invalid_mac) to effeciently deduce message padding information and (somehow) use it to bruteforce the key.
The attack in current article merely fights the fact that certain SSL/TLS versions do not provide error feedback that is required by the Vaudenay algorithm. So, they measure server response time instead and use it to estimate how much of the message processing the server has performed prior to failing the exchange. This obviously provides a missing information to the Vaudenay algorithm so that it can function as designed.
Ok, non-anonymous SSL is immune to M-n-M attacks. Better ?
Remember - it's the physicists who are the strange ones, not mathematicians :)
A mathematician, a statistician and a physicist are hired to create a system for predicting the horse race outcomes. They are well funded and given few months. The time passes and they are presenting their results -
a mathematician and a statistician analyzed passed races and created horse racing model,
while a physicist merely says 'Well, I advanced quite a bit - I have built a model of a spherical animal in a vacuum and now I need ten times the money to complete the research'.
The difference is that with a web, you can have more opportunities to find pathways, and you can assign a degree of trust to various "authorities" instead of it being an all-or-nothing thing.
I know, PGP is an elegant idea (and, btw, so is PKI).
But
Will this appeal to an average consumer ? Say, my grandma visits some website and browser says -
the current trust value is 77.5%
Yeah, right. Cool, but what's next ?
Couldn't there be an automated mechanism in place to have the browser check the signature of the site you're visiting against a list of sigs fetched from somewhere else, like a keyserver?
Define 'signature of the site'.
If 'the signature' is its IP or domain name linked to site's public key, then it's a form of a canonical pubkey certificate.
Furthermore, if you are comparing 'the siganture' received from the site with a sig fetched from the 'keyserver', you are effectively verifying a trust chain, which is identical to the PKI certificate handling. This way your 'keyserver' serves as a root CA and you are required to have an initial trust with a 'keyserver' in order for your approach to work.
The problem is how to establish trust with nodes you never heard of. The one and only answer is to rely on the 'opinions' of the people you already trust.
In case of PKI you are starting with a trust into a single root CA and 'propagate' the it along the certification chain assuming that participants will not issue the certificate to a 'bad guy'.
In case of PGP you are starting with a trust into a bunch of friends and if more than N of them say another person can be trusted, you add that person into your friends list. The problem here though is what if you need to verify an identity of the person that none of your friends know. The answer is - you cannot.
And how would I know that the content of some online store that sends me a self-signed or home-brewed-CA certificate is not entirely faked by man-in-the-middle credit card # collector ?
And while you are 'thinking web, not hierarcy' also set aside some time to think how you would be building that web in first place. In particular - how you would be establishing trust with comletely foreign parties.
Their main problem is in *application* protocol (the one on top of the UDP) being stateless. Adding simple state machine implementing client's registration will resolve the problem.
The first client's message says 'hi, i want to talk to you, register me', the server generates an ID for client's IP/port pair and sends ID back to the client. All subsequent packets that client sends include this assigned ID and thus ID serves as a simple 'authentication token' to the server.
It is still possible to spoof an inital message, but the trick is to keep server's registration response to the minimum and rate limit registration requests on the server's firewal.
On any Unix or Unix clone you can just run standard tools or write your own.
I would really really like to see you writing a viable substitute for MS Word. Let me explain.
Most of the people forget that the proprietory file format is not the most important of things that made Microsoft a monopoly.
Their products were simply better and more appealing to users (either visually or financially) than WordPerfect, QuattroPro and others. Even if the file format was open, it would not have changed a thing, because one would've needed to compete against MS development resources, which would be a challenging task.
The same remain true now. PDF and RTF are the open formats. So why aren't there a flourishing competition to the Acrobat and such ?
Unfortunatly with everything in a proprietary format you then end up having to build scripting languages into everything making all of your data files potential entry points for malicious code.
This is absurd. I dont know who is the mysterious 'you' in the quote, but the need for the scripting is not driven by the proprietorness of the format.
Well, redesigned or not :), but I'm telling you that the capsule was no more than 7-8 ft in diameter. I really doubt that one can simply remove ejection seat and put 3 people there instead.... unless I saw a scaled down replica, which is possible, but very unlikely.
You were severly misled, chill.
I saw that 1-man capsule with my own eyes in Russian Space Museum. You will not be able 'to stuff' a single obese hamburger-lover there, leave alone 3 people. It's not just small, it's freakishly small - it's designed to hold 150 lbs person at max.
Note that the correct pronunciation is stah-KNEES-Laf (Not "stah-KNEE-swaf"). :-p
I don't think LOTR had as many posts about it. What is the big deal with this film?
:)) in order to appreciate it. It's not a regular popcorn-style movie (Ronin anynone ?), and people expecting it to be are getting pissed off because of that.
Well, perhaps, the deal is that unlike LOTR this film requires some digesting (post-processing
You are *dyslexic*, dude. I asked to mod up the message I replied to, not my own .. geez.
Well the license I received for my Real Video clip was indeed valid for 24 hours only. So even if you bypassed their auto-deletion mechanism, you can still watch the clip only within 24 hours.
.. what do I choose ? what do I choose ?
You forgot to add ".. on the player that respects license restrictions". No matter how they protect the movie (encrypt it with a key that must be fetched from the movielink server or whatever) it will be unprotected right before it goes into the codec or at some point inside the codec if the codec implements DRM. Anyhow, it will be possible to capture raw data and save it for 'the future use'. Requires varying degree of effort, but it is always doable.
It is all snake oil. If they are not being able to control the data on your machine, they will never be able to control it at all. Period.
That's the main driving factor for shoveling trustworthy computing down the customers throat. Either swallow it, relinquish control over your own hardware and rent movies online OR don't rent movies... Hmmm
snake oil
Mostly due to this part
:)
However, in the meantime NAFA became increasingly irrelevant, because it seems that some of the independent waggon designers travelled to a small country far away beyond the desert. There some ingenious engineers welcomed the independents, and listened to their ideas, and together they built cheap desert-waggons. These were so cheap to operate that they offered rides out into the desert and along the coast for paying passengers, and even built hotels there for people to stay in.
Right on. It would worth giving the 'small country' some credit for having their own engineering force. Besides, it's not that *small* country after all
Standartization takes a loooot of time, and involves a lot of politics. Participating and contributing people want the credit, whether we as general public like it or care about it or not (take a look at IKE for example). If not given - some of them tend to stall the process. It is not a technology issue, it's a basic pshycology.
I think it is perfectly legitimate practice to produce a proprietory protocol, put it through internal revision with number of people you know and then release to the public. How you would call it - it's a different issue, but - hey - Gnutella2 is as good name as any.
If a number of people are extensively working in the same area of knowledge, it quite often leads to a simultaneous and independent discoveries of the same or very similar ideas. This is especially true on the frontiers of the research, where an initial idea is merely a seed used to start an iterative refining process, which results in an 'optimal' solution.
:-/
The situations like this require great deal of tact from either party not to blame each other in stealing the idea, especially if there was a cooperation happening in some form.
Your comment seems to be biased and based solely on the fact that someone else gained the publicity you were aiming for. Too bad
For those Windows people who prefer an open-sourced alternatives, there is an eMule ed2k network client.
2c
As an extension to your idea though, it'd be cool to be able to spray some extra galaxies here and there onto an actual skies
This problem is priced at $1 million if solved.
I would like to see canada.com getting ./'ed. :)
Or I will start copying CNN's articles and expect them to be modded up too
.. you dial 911, hangup and in 3 minutes you will have police, firetruck and an ambulance exactly on the spot where you dialed from.
It'd be very stupid of cell companies not to use phone signal lag to compute position of the phone itself. One can do it with 2 receiving nodes with a decent accuracy. Now recall that normally cell is comprised of 6 or more nodes - this is massive data redundancy, which should allow for very good accuracy.
IMO, this functionality has always been in the cell systems. How and when it's used is another question.
Custom media is used to allow physically writing encryption key onto it (in a form of media discrepancies, burnt-through bits or whatever). Then they use this spread-over-CD key to encrypt unaffected areas of CD and there ya go - CD wont work if it's just copied as media defects are not reliably or easily copyable.
Sure you will have an access to a decrypted content once you run the proggy, but now imagine that they use 1024 keys and encrypt data recursively or per-block or in some other non-trivial way.
Sure it's hackable, but at what cost ? There is a good chance that in order to recover raw bits of the file with 17th level map you would actually need to decrypt all previous 16 levels.
Sure you can use a trainer to fake CD defects, but somebody gotta write it first.
So, yeah, it's hackable, but does it worth the effort ? Or moreover - does it worth the wait?
Prototype it right, people !
Support domestic banana farmers !
bottom right corner