I thought SHA-1 which similarly compromised and folks were advised to use the SHA-2 variants SHA-256 & SHA-512... with SHA-384 being mostly silly except for very specific applications where key length was limited but computation was not.
Just because they didn't hold an "Apple Special Event" announcing this doesn't really mean they are hiding it. How much documentation is floating around for the rest of Apple's EFI stuff. How many people really need documentation for EFI stuff?
Not that I have a better idea but I was under the impression that this method was obsolete. Also I wonder if this does not hasten the death of the drives it is used on.
They can believe anything they want to believe. However concocting some bullshit scam to teach religion in science classes in public schools is unacceptable and unconstitutional.
I've thought about this idea that the Bundestrojaner would make snooping cheaper and easier. I think it would have another effect: About 15 minutes after they let the first one out into the wild some teenager in Slovenia would publish a CLI app that would detect and disable it or alternately hijack the app to share the contents of the drive on whatever P2P app Slovenian teenagers are into this week. Then everyone who *really* had a reason to make sure they were not infected would have this app and only the average Joe would be out there sharing his hard drive contents with the world.
Serious Question: I am not a web developer. Acid2 Compliance means what to me?
That Webpages render correctly? What sorts... like those goddamn IE only pages? The pages that use some codec that is popular with 13-17 crowd in Slovenia? The pages from my bank that do not render properly with any browser I have ever tried?
Now that Comcast is actively monitoring and selectively interfering with traffic doesn't that mean they are no longer a common carrier? Aren't they now obliged to detect and stop all the child porn and all the unlicensed & infringing material, and slander & libel, and terrorist threats ? More importantly aren't they legally responsible for such content on their network? Can't they now be sued by various interests?
Fuck. You are so right. This article is just some advertisement for some obscure profiler.
However I take exception to your use of the world "Editor". Slashdot does not have Editors. They have guys who accept submissions. They don't read The Fucking Articles, They don't check links, The don't edit submissions...
I don't think the parallel you draw is an accurate or relevant one. Rather because the pool of talent is so small the NSA may have to employ foreign nationals living abroad to work on new algorithms. They may employ people living abroad to specifically defeat cryptosystems currently in use by foreign governments or groups. However I also think that in the enterprise of poisoning an international effort to develop an algorithm for any cryptographic purpose the risk of exposure is far greater employing someone living abroad (foreign national or not) as apposed to someone physically located in Fort Meade. It really would suck for the NSA if one of their stools published the backdoor shortly after the publication and acceptance of the algorithm it was hidden within.
I should hasten to add that nothing said so far would convince me to use un-audited code in an important system but it does cause me to actually believe the auditors.
It's just the protocol header that is encrypted with Bittorrent, not the data and it is not particularly good encryption and it doesn't really stop ISPs from specifically throttling Bittorrent traffic (which is the issue today).
You can route Bittorrent through an SSH tunnel which would encrypt the data as well. Presumably you'd need a VPN service provider because I don't think a shell account provider would take to kindly to widespread use of their services in this way.
Had all the algorithms in question been developed in the United States I would had put that bit in myself. But they weren't. So I don't consider that to be a probability I need to take into account... in that I actually use some of the other algorithms and for a variety of other reasons I steer clear of the one promoted by the NSA and NIST. Not the least of which is that I have different goals than stated goals of the NIST's selection process.
No. I was replying to someone who said the NSA had put backdoors in all available Random Number Generators and I wondered how the NSA could possibly get a backdoor in all of such algorithms. My line of thinking was this
1: Open algorithms are the mainstay of the crypto community 2: All those algorithms described in the article have been published 3: The NSA did not sponsor, develop, or promote all of random number generators described in article (much less all that are available) 4: The NSA is not the sole distributor of the source or binary versions of these algorithms
I know the NSA has a bunch of really sharp folks but how could they pull off having a backdoor in an Random Number Generator algorithm which they did not design, did not sponsor development of, and do not distribute?
As far as Dual_EC_DRBG goes it is clear how they could have pulled off a stealthy backdoor, the algorithm is their own design.
I've done product development for just over 15 years.
We document everything we do, how we it, why we did, and the results of what we did. And at any moment the FDA can stroll in and have long in depth look.
No problem... but then again we aren't doing anything illegal, unethical, or immoral.
Slashdot Mirror
Because any subscriber can add whatever ass-stupid shit they want.
I thought SHA-1 which similarly compromised and folks were advised to use the SHA-2 variants SHA-256 & SHA-512... with SHA-384 being mostly silly except for very specific applications where key length was limited but computation was not.
Just because they didn't hold an "Apple Special Event" announcing this doesn't really mean they are hiding it. How much documentation is floating around for the rest of Apple's EFI stuff. How many people really need documentation for EFI stuff?
Bittorrent is just another protocol to share data. Does it really matter what protocol is used to get the data?
Besides, it's not like are going to be sharing 500 Terabyte HD movie collections with their phones... yet.
Not that I have a better idea but I was under the impression that this method was obsolete.
Also I wonder if this does not hasten the death of the drives it is used on.
Neither state nor federal funds can be used for these purposes and this is all about public schools and state employees.
They can believe anything they want to believe. However concocting some bullshit scam to teach religion in science classes in public schools is unacceptable and unconstitutional.
I've thought about this idea that the Bundestrojaner would make snooping cheaper and easier. I think it would have another effect: About 15 minutes after they let the first one out into the wild some teenager in Slovenia would publish a CLI app that would detect and disable it or alternately hijack the app to share the contents of the drive on whatever P2P app Slovenian teenagers are into this week. Then everyone who *really* had a reason to make sure they were not infected would have this app and only the average Joe would be out there sharing his hard drive contents with the world.
"Islamist" is newspeak for a militant extremist Muslim. In my mind, because it lacks militant or extremist, it is double plus ungood.
I hear it on the English language news broadcast in Austria / Germany all the time. Don't they use it in the US?
Serious Question: I am not a web developer. Acid2 Compliance means what to me?
That Webpages render correctly? What sorts...
like those goddamn IE only pages?
The pages that use some codec that is popular with 13-17 crowd in Slovenia?
The pages from my bank that do not render properly with any browser I have ever tried?
I was using Camino last year and then it just sort of stagnated.
Now I'm doing the Firefox - Safari shuffle.
These people obvously have never eaten hash.
Now that Comcast is actively monitoring and selectively interfering with traffic doesn't that mean they are no longer a common carrier? Aren't they now obliged to detect and stop all the child porn and all the unlicensed & infringing material, and slander & libel, and terrorist threats ?
More importantly aren't they legally responsible for such content on their network? Can't they now be sued by various interests?
So, in answer to your question: Less than 5 minutes.
Fuck. You are so right. This article is just some advertisement for some obscure profiler.
However I take exception to your use of the world "Editor". Slashdot does not have Editors. They have guys who accept submissions.
They don't read The Fucking Articles, They don't check links, The don't edit submissions...
I don't think the parallel you draw is an accurate or relevant one. Rather because the pool of talent is so small the NSA may have to employ foreign nationals living abroad to work on new algorithms. They may employ people living abroad to specifically defeat cryptosystems currently in use by foreign governments or groups. However I also think that in the enterprise of poisoning an international effort to develop an algorithm for any cryptographic purpose the risk of exposure is far greater employing someone living abroad (foreign national or not) as apposed to someone physically located in Fort Meade. It really would suck for the NSA if one of their stools published the backdoor shortly after the publication and acceptance of the algorithm it was hidden within.
I should hasten to add that nothing said so far would convince me to use un-audited code in an important system but it does cause me to actually believe the auditors.
It's just the protocol header that is encrypted with Bittorrent, not the data and it is not particularly good encryption
and it doesn't really stop ISPs from specifically throttling Bittorrent traffic (which is the issue today).
You can route Bittorrent through an SSH tunnel which would encrypt the data as well. Presumably you'd need a VPN service provider because I don't think a shell account provider would take to kindly to widespread use of their services in this way.
Had all the algorithms in question been developed in the United States I would had put that bit in myself. But they weren't. So I don't consider that to be a probability I need to take into account... in that I actually use some of the other algorithms and for a variety of other reasons I steer clear of the one promoted by the NSA and NIST. Not the least of which is that I have different goals than stated goals of the NIST's selection process.
meh... movable type has been around for ages and that's far, far more dangerous.
Works for HDCP: http://www.freedom-to-tinker.com/?p=1007
No. I was replying to someone who said the NSA had put backdoors in all available Random Number Generators and I wondered how the NSA could possibly get a backdoor in all of such algorithms. My line of thinking was this
1: Open algorithms are the mainstay of the crypto community
2: All those algorithms described in the article have been published
3: The NSA did not sponsor, develop, or promote all of random number generators described in article (much less all that are available)
4: The NSA is not the sole distributor of the source or binary versions of these algorithms
I know the NSA has a bunch of really sharp folks but how could they pull off having a backdoor in an Random Number Generator algorithm which they did not design, did not sponsor development of, and do not distribute?
As far as Dual_EC_DRBG goes it is clear how they could have pulled off a stealthy backdoor, the algorithm is their own design.
This is just one part of a well designed system and I'd say all of this part it is already useless.
How do you back door an Open algorithm you didn't design and don't distribute?
But this is the NSA we're talking about... Not the Bush administration.
I've done product development for just over 15 years.
We document everything we do, how we it, why we did, and the results of what we did. And at any moment the FDA can stroll in and have long in depth look.
No problem... but then again we aren't doing anything illegal, unethical, or immoral.