The 800/900 split was so that the US could drop its military into Europe and not mess up the European militray radios. So the Euro civ frequency is the same as the US military and the Euro mil frequency is the same as the US civ frequency. Its about the same for the 1800/1900 as well.
A large part of the profits for printer compaines is in the point of sale printers. These things cost several times what a office printer will cost but the consumables are very low cost. At least three compaines are about to intorduce injets to replace the old ribbion impact printers just as soon as some one else does. The interesting thing about these devices is that their consumables cost very little and print on standard paper. Most of the devices will go though a fraction of the ink that a typical printer will and they can all be refilled using generic inks. Every printer knows that as soon as the ink jets hit the POS market, their secrets are out and so is the markup on their office printer along with their stock price.
I can sniff most low end cicso switches.... The 2924xl and 2950 allow you to block any mac address except broadcast addresses. So if you you flood the network with packets with one broadcast address and one real mac address you overflow its table it goes into a nice bridge mode. With a decent box it takes nearly two whole minutes to crack a single vendors mac codes.
As long as US compaines keep selling out to the short term stock price and sending critical stuff off 1/2 way around the world to be designed by people with no clue about real security, their products are going to be crap and full of holes. At one point I could trust Cisco and Sun but now they are almost at the level of most beige box builders but with them I know who I can go visit to get my money back.
All the new gear I've been buying is Kiwi designed stuff made by ATI. After a decade of dealing with cisco, I can't recomend any of their newer gear. the Current cisco mac address overflow was fixed by real engineers back in 1993. I'm not sure what kind of idiots they get to write their current code since bug history means nothing to them.
Why don't I put this on bugtraq and get it fixed? Its simple, The idiots that put the bug together have good jobs and the good people that know this stuff don't because of cost cutting.
They make a DataScope which is a monocular witha digital range finder and compass built in. Its sort of like the device luke was using when he got hit over the head. I've wanted one to help line of the pringles cans
You can't use RSA to encrypt 6 if the both p and q are that small but your right 4 and 9 were a lame example. Its been years since I messed with this stuff...
However my mistake there doesn't go agisnt my point that a number thats not prime but somehow passes the prime tests will give other solutions to the RSA puzzle. A simple example is E=17, P=61, Q=123. That gives some interesting results even though q is 3*41.
If we take this: This example we can see for P=61, Q=53 and E=17 we can generate a key tuple of (17,3233,2753) which will encrypt 123 as 855. The odd thing is that the key tuple of (17,3233,5873), (17,3233,8993), and (17,3233,124433) also decode (or encode) data the same way. A slow perl program to show this is here.
If you pick the wrong prime, there are other solutions. It appears if you pick the right prime, there also might be other solutions. The whole point of my original point is that you don't need to find one number in a 2^2048 haystack, you just have to find a number that also works.
The only way to be sure a prime is real is attempt to factor it. I've been using the prime tests for 20 years and things are getting better but every few years someone comes up with a new way and some of the numbers the old systems say are prime, aren't prime with the new way. That gives me doubt about how good the prime tests are.
Have you tried plugging 4 and 9 as the base primes into RSA and see what falls out? If they keygen doesn't complain (because you turned off that bit of code or it has a bug or was poorly designed), the rest will be happy. You can do RSA at 8 bit level but I don't recomend it to keep anything secure but its an interesting thing to play with.
Pseudo-primes a term that came from the militray crypto for primes that are above the size you can factor to prove they are prime. Take a look at Knuth volume 2. Mersenne primes (2^n-1) for large values of n are all examples of very good pseudo-primes. Picking a large random number that passes a number of the test but not all of them is an example of a poor pseudo-prime.
Your 1st bit is about generateing pseudo-primes not real primes. The only way to generate a real prime is factor it. The tests should work but ever few years the tests are cleened up because they claim prime numebrs aren't prime.
Are your other statements contradictory? Your 1st comment is that a the number of primes is in the realm of 3.7e151 however you cliam that Certicom claims 3072 bit RSA is about as strong as 128 bit symmetric keys which gives you a stab in the dark 1 in 3.4e38 chance of lucking into the key which implies its about 3.6e12 times easier to break a 3072 bit key than I thought it would take to break a 2048 bit one.
Maybe after your breakfast you can pull out Knuth vol 2 and do the 1st 4 exercises on page 415:-) Maybe for fun you can compare the current editions section on verifing primes to the 1st editions and see that things have changed.
While I don't know of a case where people have cracked RSA proper, there have been many systems that use RSA that have been cracked wide open. SSH and SET come to mind.
RSA is rarely used in its described form and that always seems to intorduce weakneses. RSA requires that you have two true primes to generate they key but the problem is there is no known way to generate a 2048 bit true prime that can't be factored in the same about of time it takes to generate it. What gets used is pseudo-primes. These are primes that pass a large number of tests that indicate that the number is very likly prime. These tests are good enough that no one has broken a psuedo-prime in over a decade. The problem is some of the old tests to say a number is a pseudo-prime turned out to be wrong.
As far as bruteforceing a 2048 bit key, forget it however there are several publications that indicate that the number of solid pseudo-primes that are 512 bits long is about 2^40 so its key strength is about the same as 40 bits. Since we are talking about a 4x as many bits, a good guess of the strenght of a 2048 bit pseudo-prime would be about as hard as guessing a 160 bit DES like key. Harder than modern hardware can scan though but not impossible. With some of the current nibble step attacks on DES, the 40 bit stuff falls though the vector units of a modern processor at rates Deep Crack could only dream of. 2^40 is 1e12 and modern CPUS are doing how many operations a second on a 4e9 hz cpu? Once you stop doing all the decrypto work, you can cut out many steps.
If I was going to attack the key, I would get as many CPUs as I could find guessing at random numbers and hitting the fast prime tests with them and no coordination. A modern CPU can pick a random number, do a few simple psuedo prime tests and then do part of the factor operation to test very quickly if the key might be good. If it is then hand it off for a better check. A million guesses a second isn't unreasonable with the fastest of todays hardware but that still leaves something in the area of 4e38 hours of cpu time to try them all. Thats well inside the theoretical range of other problems like this that have been solved. It just took a few decades sometimes.
What if the numbers involved aren't true primes? Then the number of other keys increases. If once is prime and the other has two facotrs then there are 4 keys that will work. If both numbers have two factors, then there are 9 other keys.
I see this as a way that your computer can pick lottery numbers at random. Maybe it will come up but you can't win if you don't play and this doesn't cost you a $1 per set of numbers.
Last year on foxtel (one of two -- opps I mean one cable TV Aussie compaines) was running reruns of a science show from the 1950's as filler on their sci-fi channel. It may have been called "Why is it so" with Julius Sumner Miller. It was filmed at Sydney Univerity on a very very low budget and almost no editing. He did the typical science show and tell and seemded to target the show towards 6 to 8th grade level but expected them to know a level of science that most science students would have some level of difficulty with. He would mentioned some fact and say "talk to your teacher about that." I feel sorry for the poot teachers since sometimes he stumps me and I've taken (and passed) more university level science courses than I care to count.
TV1 runs the show after things like Trek to fill the spaces they don't fill with comericals. It seems to have the right timing to fit between US TV shows if you remove the comerical breaks. I find that odd since the show predates the time slot requirements it fits by several decades.
Last I saw Beyond 2000 on Aussie TV, it was at some stupid timeslot like 3:00am which isn't a good time to encourage kids that sciencs is cool.
When cable TV was rolled out in the US, many local groups said "You can lay cable in our town only if your showing something other than all the typical TV crap. Make it 1/4 educational and you can have your exclusive license". The result was a number of Turner channles that fit into thouse requirements. Now that no city goverment has the guts to stand up to the FCC and yank the local cable TV license, all the ed tv shows are no more.
Is it just another trend? I think people are buying these things because they are in the shops to replace their 1.5 yr old dead phone and its the "best model" so they think it will last longer. My top of the line Nokia 8310 has developed connection problems just weeks after its warranty expired. Peole keep asking me if I'm going to get a new Nokia phone since mine worked well for a year. My answer is that its a crap phone and next time I'll try a different brand. Its jsut like the last pair of junk Nikes I bought... they were over priced junk and I haven't even considered "their brand" in more than a 1/2 decade. Maybe its time some more of these compaines were visited (or run over) by the Clue Train
If anyone is interested in the web phones, I've got 130+ of them I would love to unload... Make an offer... they will display most pages that netscape 4 would display.
I've written some very nice VB progrqams. Of course their only point in life was to show managment that their idea of work flow wouldn't work with a cool looking gui. Since there was no code behind any of it other than "click this thing popup another dman window", VB was the best language for the job. It also helped to prove that colored buttons might not have been the great idea that managment's several hour meeting thought it would be.
Re:1) light fire. 2) open gas can...
on
Droning On
·
· Score: 1
I blame the Electors that decided who they were voting for before they were elected. The system in the Constitution would work better than the current system for picking a president.
Re:These drones are way too expensive
on
Droning On
·
· Score: 1
A 727 lists about a million but a WWII mustang cost about $6 mil. Typical jet charter is about $2k/hr. Light twin engine rental can be under $250/hr and you typically only pay for flight time.
Re:These drones are way too expensive
on
Droning On
·
· Score: 1
You don't know what cargo pilots get do you? They make about the same as a grade school teacher.
This might be good for you. This will force Clear Channel to go aginst AOL/Time Warner and right now neither have the money for that fight and it might bankrupt them both.
There are lots of jobs in India for Americans in the IT field. They even pay upto 10x as much as what the local would get but you need to have some managment skills and be able to communicate with the locals.
Inidian compaines are starting to outsource upper managment as well. CEO's time will come in about 20 years. Just like putting cars together in the 1980's, programming has gotten to the point where "anyone can do it" so its shipped overseas.
I've been wanting to get my hands on a GPS constellation simulator (like this one)ever since I saw one at GPS ION years ago. The problem is US$20k is a bit over my price range for a toy that would provide such a small window of entertainment. If this law happens, then I expect an open source sim within weeks complete with schematics, borad layouts and of course code.
on a semi OT note: There will be a civil GPS users meeting Downunder in Feb if anyone has any feedback they want to give the US govt about the system.
If a "user pays" system works, they why is the goverment involed in something where they user can pay? Maybe its because that just causes incrimental increases in costs closer to the production point or the real user is hard to find? Goverments hate other people making a markup on their tax.
Roads were built in the US to serve a military use. Who was the "user" of that system?
The goverments job is to do things that no one else can and critical infastructure is included in that.
Did you take physics? Remember all those ^2 things in the energy formulas? There is a very good chance that teh Suburban puts 4x the lateral force on the road that that the Cavalier does for any given stoping situation.
Ever see the special speed limits for trucks on the bridges? Those are not for the down force on the bridge, they are for the lateral forces when slowing down.
Roads could be built better but they require a stable foundation and most roads are built on poor foundations. A good foundation cost about 10x to 100x what the surface does.
Slashdot Mirror
The 800/900 split was so that the US could drop its military into Europe and not mess up the European militray radios. So the Euro civ frequency is the same as the US military and the Euro mil frequency is the same as the US civ frequency. Its about the same for the 1800/1900
as well.
A large part of the profits for printer compaines is in the point of sale printers. These things cost several times what a office printer will cost but the consumables are very low cost. At least three compaines are about to intorduce injets to replace the old ribbion impact printers just as soon as some one else does. The interesting thing about these devices is that their consumables cost very little and print on standard paper. Most of the devices will go though a fraction of the ink that a typical printer will and they can all be refilled using generic inks. Every printer knows that as soon as the ink jets hit the POS market, their secrets are out and so is the markup on their office printer along with their stock price.
I can sniff most low end cicso switches....
The 2924xl and 2950 allow you to block any mac address except broadcast addresses. So if you you flood the network with packets with one broadcast address and one real mac address you overflow its table it goes into a nice bridge mode. With a decent box it takes nearly two whole minutes to crack a single vendors mac codes.
As long as US compaines keep selling out to the short term stock price and sending critical stuff off 1/2 way around the world to be designed by people with no clue about real security, their products are going to be crap and full of holes. At one point I could trust Cisco and Sun but now they are almost at the level of most beige box builders but with them I know who I can go visit to get my money back.
All the new gear I've been buying is Kiwi designed stuff made by ATI. After a decade of dealing with cisco, I can't recomend any of their newer gear. the Current cisco mac address overflow was fixed by real engineers back in 1993. I'm not sure what kind of idiots they get to write their current code since bug history means nothing to them.
Why don't I put this on bugtraq and get it fixed? Its simple, The idiots that put the bug together have good jobs and the good people that know this stuff don't because of cost cutting.
They make a DataScope which is a monocular witha digital range finder and compass built in. Its sort of like the device luke was using when he got hit over the head. I've wanted one to help line of the pringles cans
You can't use RSA to encrypt 6 if the both p and q are that small but your right 4 and 9 were a lame example. Its been years since I messed with this stuff...
However my mistake there doesn't go agisnt my point that a number thats not prime but somehow passes the prime tests will give other solutions to the RSA puzzle. A simple example is E=17, P=61, Q=123. That gives some interesting results even though q is 3*41.
If we take this:
This example we can see for P=61, Q=53 and E=17
we can generate a key tuple of (17,3233,2753) which will encrypt 123 as 855. The odd thing is that the key tuple of (17,3233,5873), (17,3233,8993), and (17,3233,124433) also decode (or encode) data the same way. A slow perl program to show this is here.
If you pick the wrong prime, there are other solutions. It appears if you pick the right prime, there also might be other solutions. The whole point of my original point is that you don't need to find one number in a 2^2048 haystack, you just have to find a number that also works.
The only way to be sure a prime is real is attempt to factor it. I've been using the prime tests for 20 years and things are getting better but every few years someone comes up with a new way and some of the numbers the old systems say are prime, aren't prime with the new way. That gives me doubt about how good the prime tests are.
Have you tried plugging 4 and 9 as the base primes into RSA and see what falls out? If they keygen doesn't complain (because you turned off that bit of code or it has a bug or was poorly designed), the rest will be happy. You can do RSA at 8 bit level but I don't recomend it to keep anything secure but its an interesting thing to play with.
Pseudo-primes a term that came from the militray crypto for primes that are above the size you can factor to prove they are prime. Take a look at Knuth volume 2. Mersenne primes (2^n-1) for large values of n are all examples of very good pseudo-primes. Picking a large random number that passes a number of the test but not all of them is an example of a poor pseudo-prime.
:-) Maybe for fun you can compare the current editions section on verifing primes to the 1st editions and see that things have changed.
Your 1st bit is about generateing pseudo-primes not real primes. The only way to generate a real prime is factor it. The tests should work but ever few years the tests are cleened up because they claim prime numebrs aren't prime.
Are your other statements contradictory?
Your 1st comment is that a the number of primes is in the realm of 3.7e151 however you cliam that Certicom claims 3072 bit RSA is about as strong as 128 bit symmetric keys which gives you a stab in the dark 1 in 3.4e38 chance of lucking into the key which implies its about 3.6e12 times easier to break a 3072 bit key than I thought it would take to break a 2048 bit one.
Maybe after your breakfast you can pull out Knuth vol 2 and do the 1st 4 exercises on page 415
While I don't know of a case where people have cracked RSA proper, there have been many systems that use RSA that have been cracked wide open. SSH and SET come to mind.
RSA is rarely used in its described form and that always seems to intorduce weakneses. RSA requires that you have two true primes to generate they key but the problem is there is no known way to generate a 2048 bit true prime that can't be factored in the same about of time it takes to generate it. What gets used is pseudo-primes. These are primes that pass a large number of tests that indicate that the number is very likly prime. These tests are good enough that no one has broken a psuedo-prime in over a decade. The problem is some of the old tests to say a number is a pseudo-prime turned out to be wrong.
As far as bruteforceing a 2048 bit key, forget it however there are several publications that indicate that the number of solid pseudo-primes that are 512 bits long is about 2^40 so its key strength is about the same as 40 bits. Since we are talking about a 4x as many bits, a good guess of the strenght of a 2048 bit pseudo-prime would be about as hard as guessing a 160 bit DES like key. Harder than modern hardware can scan though but not impossible. With some of the current nibble step attacks on DES, the 40 bit stuff falls though the vector units of a modern processor at rates Deep Crack could only dream of. 2^40 is 1e12 and modern CPUS are doing how many operations a second on a 4e9 hz cpu? Once you stop doing all the decrypto work, you can cut out many steps.
If I was going to attack the key, I would get as many CPUs as I could find guessing at random numbers and hitting the fast prime tests with them and no coordination. A modern CPU can pick a random number, do a few simple psuedo prime tests and then do part of the factor operation to test very quickly if the key might be good. If it is then hand it off for a better check. A million guesses a second isn't unreasonable with the fastest of todays hardware but that still leaves something in the area of 4e38 hours of cpu time to try them all. Thats well inside the theoretical range of other problems like this that have been solved. It just took a few decades sometimes.
What if the numbers involved aren't true primes? Then the number of other keys increases. If once is prime and the other has two facotrs then there are 4 keys that will work. If both numbers have two factors, then there are 9 other keys.
I see this as a way that your computer can pick lottery numbers at random. Maybe it will come up but you can't win if you don't play and this doesn't cost you a $1 per set of numbers.
First they cancel Dr Who and now Tomorrow's World. How will the Brits learn about science?
Last year on foxtel (one of two -- opps I mean one cable TV Aussie compaines) was running reruns of a science show from the 1950's as filler on their sci-fi channel. It may have been called "Why is it so" with Julius Sumner Miller. It was filmed at Sydney Univerity on a very very low budget and almost no editing. He did the typical science show and tell and seemded to target the show towards 6 to 8th grade level but expected them to know a level of science that most science students would have some level of difficulty with. He would mentioned some fact and say "talk to your teacher about that." I feel sorry for the poot teachers since sometimes he stumps me and I've taken (and passed) more university level science courses than I care to count.
TV1 runs the show after things like Trek to fill the spaces they don't fill with comericals. It seems to have the right timing to fit between US TV shows if you remove the comerical breaks. I find that odd since the show predates the time slot requirements it fits by several decades.
Last I saw Beyond 2000 on Aussie TV, it was at some stupid timeslot like 3:00am which isn't a good time to encourage kids that sciencs is cool.
When cable TV was rolled out in the US, many local groups said "You can lay cable in our town only if your showing something other than all the typical TV crap. Make it 1/4 educational and you can have your exclusive license". The result was a number of Turner channles that fit into thouse requirements. Now that no city goverment has the guts to stand up to the FCC and yank the local cable TV license, all the ed tv shows are no more.
Is it just another trend? I think people are buying these things because they are in the shops to replace their 1.5 yr old dead phone and its the "best model" so they think it will last longer. My top of the line Nokia 8310 has developed connection problems just weeks after its warranty expired. Peole keep asking me if I'm going to get a new Nokia phone since mine worked well for a year. My answer is that its a crap phone and next time I'll try a different brand. Its jsut like the last pair of junk Nikes I bought... they were over priced junk and I haven't even considered "their brand" in more than a 1/2 decade. Maybe its time some more of these compaines were visited (or run over) by the Clue Train
If anyone is interested in the web phones, I've got 130+ of them I would love to unload... Make an offer... they will display most pages that netscape 4 would display.
I've written some very nice VB progrqams. Of course their only point in life was to show managment that their idea of work flow wouldn't work with a cool looking gui. Since there was no code behind any of it other than "click this thing popup another dman window", VB was the best language for the job. It also helped to prove that colored buttons might not have been the great idea that managment's several hour meeting thought it would be.
Not always... but most of the time.
A copy of it is Here
I blame the Electors that decided who they were voting for before they were elected. The system in the Constitution would work better than the current system for picking a president.
A 727 lists about a million but a WWII mustang cost about $6 mil. Typical jet charter is about $2k/hr. Light twin engine rental can be under $250/hr and you typically only pay for flight time.
You don't know what cargo pilots get do you? They make about the same as a grade school teacher.
This might be good for you. This will force Clear Channel to go aginst AOL/Time Warner and right now neither have the money for that fight and it might bankrupt them both.
There are lots of jobs in India for Americans in the IT field. They even pay upto 10x as much as what the local would get but you need to have some managment skills and be able to communicate with the locals.
Inidian compaines are starting to outsource upper managment as well. CEO's time will come in about 20 years. Just like putting cars together in the 1980's, programming has gotten to the point where "anyone can do it" so its shipped overseas.
I've been wanting to get my hands on a GPS constellation simulator (like this one)ever since I saw one at GPS ION years ago. The problem is US$20k is a bit over my price range for a toy that would provide such a small window of entertainment. If this law happens, then I expect an open source sim within weeks complete with schematics, borad layouts and of course code.
on a semi OT note: There will be a civil GPS users meeting Downunder in Feb if anyone has any feedback they want to give the US govt about the system.
If a "user pays" system works, they why is the goverment involed in something where they user can pay? Maybe its because that just causes incrimental increases in costs closer to the production point or the real user is hard to find? Goverments hate other people making a markup on their tax.
Roads were built in the US to serve a military use. Who was the "user" of that system?
The goverments job is to do things that no one else can and critical infastructure is included in that.
Did you take physics? Remember all those ^2 things in the energy formulas? There is a very good chance that teh Suburban puts 4x the lateral force on the road that that the Cavalier does for any given stoping situation.
Ever see the special speed limits for trucks on the bridges? Those are not for the down force on the bridge, they are for the lateral forces when slowing down.
Roads could be built better but they require a stable foundation and most roads are built on poor foundations. A good foundation cost about 10x to 100x what the surface does.