The attack will be done in 1.17 * 2^64 operations. Read: birthday paradox. I've estimated the work time for the first collision as 100,000 CPU years (on my model of CPU).
Do you get a reward for turning in your neighbour? How much for a family member? What about your spouse?
Garbage in, Garbage out. You're telling me "unsophisticated" "security guards" will have the power to turn anyone they don't like into the US authorities.
Need I remind you that these people will not be "arrested", but will be treated like the folks at camp x-ray - threats to national security.
This is a fucking witch hunt and the US gov't is trying to
Construction Boss: cross product you moron! The dot product of zero between the nail and the board means you don't have a board, or you don't have a nail in which case I'll have to spring for workman's comp...but this is canada...so go for it!
Once cryptoAPI is in the kernel,/dev/random will no longer us its own crypto librtaries (SHA-1). IPSec will not use its own crypto (well, freeswan will because they feel there's value there).
CryptoAPI will also permit people to have encrypted filesystems, swap partitions, even BOOT partitions.
Present applications include: eliminate duplicated code, harmonize/facilitate crypto in the kernel, encrypted file systems, swap paritions, cdroms, etc., "turnkey" ipsec
Later applications include: load-time code-signing (that is all binaries and.so's can have their digital signature verified before execution), and other majic stuff.
Basicly it was a design decision, get rid of repeated code. Linux is also being used for new applications. Servers with Encrypted File Systems, IPSec routers, etc etc. So this means Linux needs to evolve too. If the kernel only kept up with hardware changes, then Linux should be dead in 2 years.
Package your application in a self-extracting/self-decrypting archive which uses two keys (k1,k2). k1 is either zero-length or known to the group of indented users. k2 is kept secret until published online at some central site at a time specified by the publisher. If k1 is zero-length, then it'll be an open release of software/data.
software = Decrypt(software, key), where key = Hash(k1 concatenate-with k2).
This is called time-lock crypto as written by Rivest Shamir Wagner in [3].
CertainKey offers this service with all the software/crypto you need at a modest price see [1].
note: I'm a founder of CertainKey...so use discretion.
The prospects of Palladium are fantastic. However from a cryptographic "data flow / data storage" perspective, there are still many fears that the wealthiest corporation in the world will strong-arm this technology through without the required public review and due diligence.
The AES process took years of open and very public scrutiny. Palladium will require at least that long before it is trusted. What are Redmond's timelines for disclosure, review, and deployment dates?
Which implies that the OTP is insecure with known-plaintext, or by brute-forcing, which is untrue for any correctly used OTP.
What would I do if I could invent a cipher better than OTP on a turing b machine?
Walk on water.
Re:Distributed.net no longer in the public eye
on
RC5-64 Success
·
· Score: 2, Interesting
It's been forgotten because they attacked something of little relevence.
RC5? How uses that? Really. The DES challanges were at least interesting because you could go to work the next day and say "hey! d.net checked this algo, don't use it!"
So I say d.net needs to move back to attacking an algorithm people use everyday. Don't think they could do it?
All you "so is GPG broken?" put your pants back on.
Summary of attack:
XSL stands for three of the basic operations in Rijndael and Serpent. The reason why this attack works is because the substitution layer of Rijndael/AES and Serpent can be expressed very neatly as the same domain as the Linear layers.
Now when I say 'neatly' I mean 'it would be possible' not no one's shown us this monster set of equations relatnig the (128+128/192/256) bit inputs to the 128 bit outputs. The Rijndael/AES and Serpent ciphers may be what we call "over defined".
Think back to high school when you have N liniearly independent linear equations and N-1 unknowns. You had an infinate number of posibilities for solutions. If you had N eqns and N unkn's you had 1 sol'n. If you had N eqns and N+1 unkn's you were in a funny place.
The authors suggest Rijndael/AES Serpent is in the latter catagory of the differential nature (and not the linear nature you learned in high school).
So what does this mean? The possibility HAS NOT BE EXCLUDED that this attack is possible. It really proves demostrates nothing that it's at all possible. Which is best anyone's been able to do in the past 6 years.
ElGamal/DSA are based on discrete logs, not factorization. So I'd say you're safe from DJB for now.
But it is suspected that factorization is AS STRONG as the DL problem. But no proofs exist yet.
It should be assumed however that if the integer DL is solved, all PK crypto (RSA & factor based ciphers included) would fall with ECC and GF(2^x) DLs to fall shortly after...this is just the general sentiment in the field. FYI
aphix twin - prodigy
(music for a jilted generation, fat of the land was a bit too poppy) - Underworld
(!!! my fav. beaucoup fish was liked by many, but the older mid 90's was probebly their best stuff, "cowgirl"...love it!) - Josh Wink
Electronic music is like tofu, everyone has preferences when it comes to seasonsings.
First of all, no one uses metric, metric died long ago. Long live S.I.!
Second of all, SI (System International) has 7 base units from which all other are derived:
1) candella (light intensity) 2) meter (linier distance) 3) mole (quantity) 4) kilogram (mass mass (!) (only base unit that isn't, base (!))) 5) ampare (electric current) 6) kelvim (temperature) 7) second (time)
On Google:
"seven base units of SI" + "I'm feeling lucky"
Everything else can be derived from these units...even CowboyNiel!!
Third of all, as you can see, seconds _ARE_ as you say 'metric'.
Back in the day of Doom2, DEcent and Marathon firends and I would break into my high school's largest (sweeeetest) computer lab and play till 3am.
The notion of school teachers letting me near computers any more then the minimum required to learn was inthinkable...much my own fault...I did a lot of "learning" on those systems.
The old Sun optical mouse pads were made of aluminium. I put one under the CPU unit of my ASUS B1 notebook. As long as it keeps in contact with the bottom of the laptop (rubber feet sometimes get in the way) it keeps it running cooler.
Also, running Linux keeps the laptop temperature down compared to WinXP. Linux seems to be more efficient in that category as well!:)
Freedom of speech is not cheep.
Your enemy could be yelling at the top of their lungs something that they believe so strongly that they're willing to die for it.
And you at the other end are yelling at the top of your lungs the complete opposite view because you believe in your ideas so strongly that you too are willing to die for it.
Freedom is the environment where you and your enemy can yell at each other without the fear of being silenced.
Freedom does not exist in the CRA (Corporate Republic of America).
When you are a corporate citizen claiming to represent thousands of human citizens and your enemy is not a citizen whatsoever, it becomes far too easy to say your enemy is not entitled to freedom.
Should this corporate citizen back down because it had over estimated its influence as it has in this example, public perception has been skewed and your enemy has been marked by the government as an anarchist for their views, and their views do not fall under the protection of the law...only their crimes.
There-in lies the crux:
If you feel righteous enough to point the finger of crime at someone (corporate citizen, human citizen, or otherwise), you had better be prepared to give the shoulder of acceptance to their freedoms.
Slashdot Mirror
Wrong.
The attack will be done in 1.17 * 2^64 operations. Read: birthday paradox. I've estimated the work time for the first collision as 100,000 CPU years (on my model of CPU).
RC5-64 took longer if you need a comparison.
Do you get a reward for turning in your neighbour? How much for a family member? What about your spouse?
Garbage in, Garbage out. You're telling me "unsophisticated" "security guards" will have the power to turn anyone they don't like into the US authorities.
Need I remind you that these people will not be "arrested", but will be treated like the folks at camp x-ray - threats to national security.
This is a fucking witch hunt and the US gov't is trying to
Construction Boss: cross product you moron! The dot product of zero between the nail and the board means you don't have a board, or you don't have a nail in which case I'll have to spring for workman's comp...but this is canada...so go for it!
Sure that works....if s was a line!
s is a complex variable. s = a + bi. So, is more of a plane than an axis.
JLC
Cmplx - the axis of evil according to Zee Director of der Homeland Security Compf
As long as it doesn't have that little f*ck of a smug microsoft paper clip. I hate that thing...
I hate any computer that tries to tell me it's smarter then I am...I can tell the difference between 0 and 2!
Not true!
van Oorschott and Weiner used a cycle finding algorithm which reduced the memory and bandwidth requirment 2**32 fold.
Briefly decribed here:
http://www.certankey.com/dnet/
The cryptoAPI is the real kicker here folks.
/dev/random will no longer us its own crypto librtaries (SHA-1). IPSec will not use its own crypto (well, freeswan will because they feel there's value there).
.so's can have their digital signature verified before execution), and other majic stuff.
Once cryptoAPI is in the kernel,
CryptoAPI will also permit people to have encrypted filesystems, swap partitions, even BOOT partitions.
Present applications include: eliminate duplicated code, harmonize/facilitate crypto in the kernel, encrypted file systems, swap paritions, cdroms, etc., "turnkey" ipsec
Later applications include: load-time code-signing (that is all binaries and
JLC
Crypto is used everywhere. /dev/random uses MD5 and SHA1, shadow-utils uses DES and MD5. The kernel uses MD5 for non-crypto reasons all over the place.
Aside: MD5 should not be used.
Basicly it was a design decision, get rid of repeated code. Linux is also being used for new applications. Servers with Encrypted File Systems, IPSec routers, etc etc. So this means Linux needs to evolve too. If the kernel only kept up with hardware changes, then Linux should be dead in 2 years.
I am the horse and I have a mouth.
This is our attempt at "helping" this. OSS isn't in the business of being the "thought police" (aka. intellectual property control)
Funny how country codes AF, IQ and KP don't have laws forbidding export/use of crypto.
I am the horse and I have a mouth.
RH 8.0 looks like it's going to have cryptoAPI in its shipped kernel.
I am the horse and I have a mouth.
Package your application in a self-extracting/self-decrypting archive which uses two keys (k1,k2). k1 is either zero-length or known to the group of indented users. k2 is kept secret until published online at some central site at a time specified by the publisher. If k1 is zero-length, then it'll be an open release of software/data.
software = Decrypt(software, key), where key = Hash(k1 concatenate-with k2).
This is called time-lock crypto as written by Rivest Shamir Wagner in [3].
CertainKey offers this service with all the software/crypto you need at a modest price see [1].
note: I'm a founder of CertainKey...so use discretion.
References:
[1]
[2]
[3]
An MD5 attack can be accomplished in O(2^64) or roughtly 2.5 d.net years.
RC5-64 was a O(2^63).
ECC-109 was a O(2^54).
JLC
The prospects of Palladium are fantastic. However from a cryptographic "data flow / data storage" perspective, there are still many fears that the wealthiest corporation in the world will strong-arm this technology through without the required public review and due diligence.
The AES process took years of open and very public scrutiny. Palladium will require at least that long before it is trusted. What are Redmond's timelines for disclosure, review, and deployment dates?
Which implies that the OTP is insecure with known-plaintext, or by brute-forcing, which is untrue for any correctly used OTP.
What would I do if I could invent a cipher better than OTP on a turing b machine?
Walk on water.
It's been forgotten because they attacked something of little relevence.
RC5? How uses that? Really. The DES challanges were at least interesting because you could go to work the next day and say "hey! d.net checked this algo, don't use it!"
So I say d.net needs to move back to attacking an algorithm people use everyday. Don't think they could do it?
Cracking MD5 wide ope can be done in 2 years using the same number of people at the RC5-64 project. And you'll get millions of cracks in the algorithm and not just one.
We'll see what nugget says...
Hashing your data? Not with MD5 which will possibly be the nest d.net project.
http://www.certainkey.com/dnet/
JLC
The XSL attack is highly subjective.
c rypt
All you "so is GPG broken?" put your pants back on.
Summary of attack:
XSL stands for three of the basic operations in Rijndael and Serpent. The reason why this attack works is because the substitution layer of Rijndael/AES and Serpent can be expressed very neatly as the same domain as the Linear layers.
Now when I say 'neatly' I mean 'it would be possible' not no one's shown us this monster set of equations relatnig the (128+128/192/256) bit inputs to the 128 bit outputs. The Rijndael/AES and Serpent ciphers may be what we call "over defined".
Think back to high school when you have N liniearly independent linear equations and N-1 unknowns. You had an infinate number of posibilities for solutions. If you had N eqns and N unkn's you had 1 sol'n. If you had N eqns and N+1 unkn's you were in a funny place.
The authors suggest Rijndael/AES Serpent is in the latter catagory of the differential nature (and not the linear nature you learned in high school).
So what does this mean? The possibility HAS NOT BE EXCLUDED that this attack is possible. It really proves demostrates nothing that it's at all possible. Which is best anyone's been able to do in the past 6 years.
JLC
See sci.crypt thread:
http://groups.google.ca/groups?q=XSL+group%3Asci.
ElGamal/DSA are based on discrete logs, not factorization. So I'd say you're safe from DJB for now.
But it is suspected that factorization is AS STRONG as the DL problem. But no proofs exist yet.
It should be assumed however that if the integer DL is solved, all PK crypto (RSA & factor based ciphers included) would fall with ECC and GF(2^x) DLs to fall shortly after...this is just the general sentiment in the field. FYI
JLC
aphix twin
- prodigy
(music for a jilted generation, fat of the land was a bit too poppy)
- Underworld
(!!! my fav. beaucoup fish was liked by many, but the older mid 90's was probebly their best stuff, "cowgirl"...love it!)
- Josh Wink
Electronic music is like tofu, everyone has preferences when it comes to seasonsings.
> Still, you're left with 8 which is divisible by 1,2,4 and 8. It's better than 10 but with 12 you get integers when splitting into thirds.
/. trolling posibilities!
'Camon! We can wish for better than that!
Think Euclidian (aka. Factorial) numbers!
1*2*3 = 6
1*2*3*4 = 24
1*2*3*4*5 = 120
120 fingers, imagine the words per minute! Imagine the
JLC
First of all, no one uses metric, metric died long ago. Long live S.I.!
Second of all, SI (System International) has 7 base units from which all other are derived:
1) candella (light intensity)
2) meter (linier distance)
3) mole (quantity)
4) kilogram (mass mass (!) (only base unit that isn't, base (!)))
5) ampare (electric current)
6) kelvim (temperature)
7) second (time)
On Google:
"seven base units of SI" + "I'm feeling lucky"
Everything else can be derived from these units...even CowboyNiel!!
Third of all, as you can see, seconds _ARE_ as you say 'metric'.
Silly Americans...
JLC
PDAs and CellPhones merge into a hybrid device.
PDSa and calculators mergs into hybrid devices.
Does this mean I'll have reverse polish notion on my cell phone? PLease say I will, please!
emit doog 008 1
Back in the day of Doom2, DEcent and Marathon firends and I would break into my high school's largest (sweeeetest) computer lab and play till 3am.
The notion of school teachers letting me near computers any more then the minimum required to learn was inthinkable...much my own fault...I did a lot of "learning" on those systems.
"Oooh! That's what the System Folder does!"
JLC
The old Sun optical mouse pads were made of aluminium. I put one under the CPU unit of my ASUS B1 notebook. As long as it keeps in contact with the bottom of the laptop (rubber feet sometimes get in the way) it keeps it running cooler.
:)
Also, running Linux keeps the laptop temperature down compared to WinXP. Linux seems to be more efficient in that category as well!
Your enemy could be yelling at the top of their lungs something that they believe so strongly that they're willing to die for it.
And you at the other end are yelling at the top of your lungs the complete opposite view because you believe in your ideas so strongly that you too are willing to die for it.
Freedom is the environment where you and your enemy can yell at each other without the fear of being silenced.
Freedom does not exist in the CRA (Corporate Republic of America).
When you are a corporate citizen claiming to represent thousands of human citizens and your enemy is not a citizen whatsoever, it becomes far too easy to say your enemy is not entitled to freedom.
Should this corporate citizen back down because it had over estimated its influence as it has in this example, public perception has been skewed and your enemy has been marked by the government as an anarchist for their views, and their views do not fall under the protection of the law...only their crimes.
There-in lies the crux: