And on the flipside, Chess, Go and Rubik's cube couldn't possibly be as hard as Tetris... they are all finite problems and so can be solved in constant time. Admittedly, a constant time that is enormous, but constant nonetheless. You need an infinite family of problems before you can get an NP-hard problem.
As it turns out, you can define infinite problems based on Go (play it on an n x n board instead of 19 x 19) or for the Rubik's (give an arbitrary configuration for an n x n cube instead of 3 x 3) but there's no natural way to do this for chess.
Remember it is not possible to prove that a method is secure, its only by showing it to be insecure that we learn
something. So to a certian extent the security of a algorythm is based in part on trust in the methods and the
designers. As it is analysed we become more (or less) confidant in that trust.
Actually, that's untrue. Most of the modern work in cryptography has focused on methods that have some well-defined notion of security that can be proven under a simple assumption. Now we don't know for sure (say) that factoring can't be done in polynomial time, but if the security of our cryptosystem is equivalent to the difficulty of factoring, we have a good reason to assume its security.
DES is by far the most analysed algorythm around and it has withstood everything that has been thrown at it. The
key size is much too small but there is no known method of attack that is faster then key exhaustion.When it is
extended to 3DES we have a equivalent key length of 112 bits (minimum, some research say 128+). It is not feasable
to brute force 112+ bits of key.
Again, untrue. Key Exhaustion may be in fact the most practical attack, but there are other attacks which involve gathering a lot of data but then analyzing the date in far less time than an exhaustive key search attack.
In time the other algorythms may analysed enough to match the trust that 3DES has but until then I will stick with
tried and true.
There is certainly something to tried and true, but myself, I'd rather sacrifice some efficiency and use provably secure techniques. But I think the original question is a little odd, since anyone who hacks systems will tell you the way to go is NOT through the cryptography. It's important to have good encryption, but even single DES is too much of a pain to break as a cryptosystem: a cracker would try to find some other way to compromise the security.
I'm not a lawyer but my understanding is that a mistrial is declared if the trial is tainted in some way. If there is evidence that one side wants to use and the other side wants to suppress, and it gets decided without the jury seeing it, then the trial hasn't been tainted.
The one-time pad works like this: let K be a key and let M be a message. The ciphertext is computed as the bitwise XOR
C = M^K (is that the right symbol? I forget)
and decryption is done the same way, since
M = C^K.
But it doesn't matter what encryption scheme you're using, it's not going to matter against the kind of attack the FBI was using here. If you have to type a password, they can find out the password. If there were biometrics (fingerprints, retina scans, or such) the FBI could place a bug that just records what comes on the screen.
Public key systems like RSA and DSA use a key pair generated randomly. In order to get entropy for the randomness, they often have the user do things like wiggle the mouse about or hit keys. When they use entropy from key typing, it's usually got more to do with the timing of the keystrokes than which keys were actually pressed.
Anyway, even if it was like a password, you (as the user) would never need to enter it again, so in that sense it's different from a password.
Also, most implementations make you have a password you have to use to get your computer to use your private key. This is actually a password and could be guessed or something similar, but it is never sent over a network, it's just something internal to your computer.
Correct me if I'm wrong... but it doesn't get transmitted as plaintext, the communication between the two machines is encrypted with blowfish or 3des.
The actual session would be encrypted, yes. After all, that's part of the point. But the initial phase isn't part of the session. That's when they have to do things like set up the shared key the two systems will use for the session, stuff like that.
Slashdot Mirror
And on the flipside, Chess, Go and Rubik's cube couldn't possibly be as hard as Tetris... they are all finite problems and so can be solved in constant time. Admittedly, a constant time that is enormous, but constant nonetheless. You need an infinite family of problems before you can get an NP-hard problem.
As it turns out, you can define infinite problems based on Go (play it on an n x n board instead of 19 x 19) or for the Rubik's (give an arbitrary configuration for an n x n cube instead of 3 x 3)
but there's no natural way to do this for chess.
Actually, that's untrue. Most of the modern work in cryptography has focused on methods that have some well-defined notion of security that can be proven under a simple assumption. Now we don't know for sure (say) that factoring can't be done in polynomial time, but if the security of our cryptosystem is equivalent to the difficulty of factoring, we have a good reason to assume its security.
DES is by far the most analysed algorythm around and it has withstood everything that has been thrown at it. The key size is much too small but there is no known method of attack that is faster then key exhaustion.When it is extended to 3DES we have a equivalent key length of 112 bits (minimum, some research say 128+). It is not feasable to brute force 112+ bits of key.
Again, untrue. Key Exhaustion may be in fact the most practical attack, but there are other attacks which involve gathering a lot of data but then analyzing the date in far less time than an exhaustive key search attack.
In time the other algorythms may analysed enough to match the trust that 3DES has but until then I will stick with tried and true.
There is certainly something to tried and true, but myself, I'd rather sacrifice some efficiency and use provably secure techniques. But I think the original question is a little odd, since anyone who hacks systems will tell you the way to go is NOT through the cryptography. It's important to have good encryption, but even single DES is too much of a pain to break as a cryptosystem: a cracker would try to find some other way to compromise the security.
I'm not a lawyer but my understanding is that a mistrial is declared if the trial is tainted in some way. If there is evidence that one side wants to use and the other side wants to suppress, and it gets decided without the jury seeing it, then the trial hasn't been tainted.
C = M^K (is that the right symbol? I forget)
and decryption is done the same way, since
M = C^K.
But it doesn't matter what encryption scheme you're using, it's not going to matter against the kind of attack the FBI was using here. If you have to type a password, they can find out the password. If there were biometrics (fingerprints, retina scans, or such) the FBI could place a bug that just records what comes on the screen.
Public key systems like RSA and DSA use a key pair generated randomly. In order to get entropy for the randomness, they often have the user do things like wiggle the mouse about or hit keys. When they use entropy from key typing, it's usually got more to do with the timing of the keystrokes than which keys were actually pressed. Anyway, even if it was like a password, you (as the user) would never need to enter it again, so in that sense it's different from a password. Also, most implementations make you have a password you have to use to get your computer to use your private key. This is actually a password and could be guessed or something similar, but it is never sent over a network, it's just something internal to your computer.
The actual session would be encrypted, yes. After all, that's part of the point. But the initial phase isn't part of the session. That's when they have to do things like set up the shared key the two systems will use for the session, stuff like that.