You actually have people doing SQL queries for reports? Rather than views, I would suggest a quick webpage that runs hardcoded queries for the types of reports you want these people to able to run. I would never give anyone real access to the DB if you don't want them to have access to all the data. Close enough to what we do - we generate predefined Crystal reports, and have a web front end that passes parameters we define into the report to select exactly what data the report provides; all the user limit validation is done in the web front end, and the upside is that they can do the queries from anywhere - even customer sites via HTTPS (no licence issues for Access, and they can grab the output as a csv, html or pdf whichever is more convenient for them)
Worth noting in passing that the "referrer" is a voluntary submission from the web browser and can't be relied on - Websluth is an excellent tool that takes a slightly different approach - instead of allowing you to change referrer (although I believe it does that too) it allows you to edit the currently loaded web page "on the fly" and resume browsing where you left off....
pass a xor b to the next stage as "a", pass a to the next stage as "b"
to reverse, you
take a (which is passed forward) and perform the same one-way operation again
xor with the previous result to get b.
obviously, for a single pass this is insecure, but after over a dozen, it becomes impossible to reverse without knowing just what the one-way operation was - which of course is key-dependent.
Not necessarily - I am told a *lot* of military field-crypto is basically a prng stream cypher. There were an extended series of arguments in [pgp-users] between Larry Randall (a supporter of prng stream crypto in hardware) and pgp enthusiasts - check the archives around april.
Keep in mind that a legitimate attack is an exhaustive search of the key space. If there are fewer possible keys than possible plaintexts, then for a given ciphertext the attacker can figure out a range of candidate plaintexts that is smaller than all possible plaintexts. That means the attacker has gained information. This is true - I should have thought it though more. I will surrender on this one before I look a bigger fool than I do now:)
IIRC, the patent application is in the public domain too - after all, if it is secret, how can anyone check it? Patenting is a first-past-the-post system - hence people trying to modify a patent "on the fly" to include stuff originally not covered, rather than start a new one.
Yes, but then you have some information on what the original text could have been, as it should be a valid [insert compression program] file True enough; however, this won't give you any sort of a handle on what the original data was (although it will give you an idea of how much entropy was in the data, if you have any idea how big it should be decompressed). It will give you a good chance of a little keydata (particlarly if the file has a fixed-text header after compression) but as keydata is never reused, that isn't a vunerability.
That's nice enough in theory; however, it is possible to imagine systems that don't require a 1:1 correspondence between key and data length to acquire this property. The simplest example would be to exploit the entropy within data already encoded to generate additional keydata. Given (say) a 2K block of compressed data, you could hash the first K of data to give a single byte; adding this to the keydata for the second K would allow you to reliably and unbreakably encode the second K with 1023 bytes of truely random keydata.
To a large extent, it *is* the data amount in the otp. a system that required you to transport one cd's worth of data to a remote subsiduary *once* in the entire lifetime of the system would be practical; you could send a staff member in person with one install disk for the software, and one data disk for the keys
however, a VPN system relying on CDs with keydata on them would probably eat a cd a day just on routing and housekeeping data, never mind actual traffic.
Not sure about that - crowd motion is random, but constrained; arms don't just jerk back and forth, but move smoothly (although not a constant speed) between a start and end point; both legs can't be off the ground at once without the body moving down under gravity, lifting a leg up means moving it forward (because of the hinges and so forth) its a mechanical system that can be modelled mathematically. It is possible that the encoding is in the constraints of a system, not the actual values (which can be randomly or pseudo-randomly generated.
OTP is a marvellous encryption system - low on cpu, unbreakable security, can be done by hand with less than ten minutes training.
Unfortunately, the large amount of non-reusable key data that is needed (equal in size to the data to be encrypted) means it is almost unusable; a major government could afford to hand courier a cd full of pad to a embassy; I doubt Amazon could afford to do the same to protect your CC details.
Btw, what is the mathematical proof of keylength? I would be interested to see that, as even a simple variant (compressing the plaintext then using OTP) requires less key data...
One point that does occur to me - they claim to have made a patent application - so why not link to that application in the article? I thought the us patent office were online these days?
There seem to be no details in the story about just What this marvelous breakthough is; it can't just be that they use encrypted data as motion data and generate a cartoon of it - that is just steganography, and a pretty obvious version too (plus of course, any movement of one character that obscured a move of another would cause data loss). Anyone know of a more technical piece on this?
Hmm. I was under the impression the keys on the Timex version were actually plastic - plastic glued to a rubber sheet possibly. Did anyone here actually have one of these beasts?
Oh - and nostalgia moment. I just went and checked in a cupboard, and my ZX spectrum (with plus keyboard upgrade) is still there, along with a boxfull of game tapes:)
*grin* although you could *upgrade* it to the Spectrum level - there was a glue-on rubber keyboard mat that would give you the same "look and feel" as a ZX Spectrum; underneath the mat on a real spectrum there was only a membrane keyboard anyhow (not that modern pcs don't use the same design - although they are mostly separate sheets and the zx used a heat-sealed unit)
To be honest, I don't think worldcom's backbone (as big as it is) is really going to make the internet hurt a lot if it shuts down. Europe recently lost the EBone (its cross-europe network backbone) and other than some minor routing glitches, nothing much has happened (percentage-wise, EBone carried a lot more traffic than worldcom does; obviously, in actual packets the load is smaller)
Nah - probably didn't see them in the states, but we had something here in the UK called a ZX spectrum - the keyboard was a single, molded piece of rubber; if you had dropped one from a three-story building, you could probably have caught it on the first bounce:)
I am not sure that would work either - all that would do would be to require they take it someplace else before ripping it to shreds....
Still, this seems related to "gurilla stocking" of CDs - burning CDs that the major chains won't touch (new or unpopular bands - unpopular with the big recording companies that is), and leaving them in the racks at CD chains prominently labelled "this CD is free - please take one"
I am surprised this works - at least in the uk. I have to my unending dismay occasionally left a book in a public place (wall near a bus stop, phone booth, that sort of thing - places you put something down to use your hands and forget to pick it up again) and have seldom returned to find it either there or "just gone". almost invariably, it has been ripped apart and the pages strewn over a wide area (I must assume by kids; I am sure at least some of them would be dismayed to find they could have gotten upwards of 20ukp for one of them in any decent bookshop)
if this was some sort of geocaching (put somewhere where it would be awkward to discover without explicit finding instructions) then I can see it working, but not where kids could find it.
Not sure - in the UK, sellotape looks like plastic (shiny, can't be written on, distorts rather than tear) while scotch tape is matt, can be written on and tears much more easily.
Slashdot Mirror
You actually have people doing SQL queries for reports? Rather than views, I would suggest a quick webpage that runs hardcoded queries for the types of reports you want these people to able to run. I would never give anyone real access to the DB if you don't want them to have access to all the data.
Close enough to what we do - we generate predefined Crystal reports, and have a web front end that passes parameters we define into the report to select exactly what data the report provides; all the user limit validation is done in the web front end, and the upside is that they can do the queries from anywhere - even customer sites via HTTPS (no licence issues for Access, and they can grab the output as a csv, html or pdf whichever is more convenient for them)
does the first one there get to wear a t-shirt saying "1st p0st" and with a grayscale photo of ms portman?
Worth noting in passing that the "referrer" is a voluntary submission from the web browser and can't be relied on - Websluth is an excellent tool that takes a slightly different approach - instead of allowing you to change referrer (although I believe it does that too) it allows you to edit the currently loaded web page "on the fly" and resume browsing where you left off....
put simply:
- split data in half (a and b)
- do a one-way operation on a
- xor with b
- pass a xor b to the next stage as "a", pass a to the next stage as "b"
to reverse, you- take a (which is passed forward) and perform the same one-way operation again
- xor with the previous result to get b.
obviously, for a single pass this is insecure, but after over a dozen, it becomes impossible to reverse without knowing just what the one-way operation was - which of course is key-dependent.Ok, I call uncle on this one too :)
The basic unit of DES is a one-way cypher...
By definition, it no longer gives you any info at all about the original message - not even its length :)
Not necessarily - I am told a *lot* of military field-crypto is basically a prng stream cypher. There were an extended series of arguments in [pgp-users] between Larry Randall (a supporter of prng stream crypto in hardware) and pgp enthusiasts - check the archives around april.
Keep in mind that a legitimate attack is an exhaustive search of the key space. If there are fewer possible keys than possible plaintexts, then for a given ciphertext the attacker can figure out a range of candidate plaintexts that is smaller than all possible plaintexts. That means the attacker has gained information. :)
This is true - I should have thought it though more. I will surrender on this one before I look a bigger fool than I do now
Jason finds way to recycle used oil
gives a more technical view of the current discovery (its a prng by the way)
IIRC, the patent application is in the public domain too - after all, if it is secret, how can anyone check it? Patenting is a first-past-the-post system - hence people trying to modify a patent "on the fly" to include stuff originally not covered, rather than start a new one.
Yes, but then you have some information on what the original text could have been, as it should be a valid [insert compression program] file
True enough; however, this won't give you any sort of a handle on what the original data was (although it will give you an idea of how much entropy was in the data, if you have any idea how big it should be decompressed). It will give you a good chance of a little keydata (particlarly if the file has a fixed-text header after compression) but as keydata is never reused, that isn't a vunerability.
That's nice enough in theory; however, it is possible to imagine systems that don't require a 1:1 correspondence between key and data length to acquire this property. The simplest example would be to exploit the entropy within data already encoded to generate additional keydata. Given (say) a 2K block of compressed data, you could hash the first K of data to give a single byte; adding this to the keydata for the second K would allow you to reliably and unbreakably encode the second K with 1023 bytes of truely random keydata.
however, a VPN system relying on CDs with keydata on them would probably eat a cd a day just on routing and housekeeping data, never mind actual traffic.
I still doubt anything here is practical though.
Unfortunately, the large amount of non-reusable key data that is needed (equal in size to the data to be encrypted) means it is almost unusable; a major government could afford to hand courier a cd full of pad to a embassy; I doubt Amazon could afford to do the same to protect your CC details.
Btw, what is the mathematical proof of keylength? I would be interested to see that, as even a simple variant (compressing the plaintext then using OTP) requires less key data...
One point that does occur to me - they claim to have made a patent application - so why not link to that application in the article? I thought the us patent office were online these days?
There seem to be no details in the story about just What this marvelous breakthough is; it can't just be that they use encrypted data as motion data and generate a cartoon of it - that is just steganography, and a pretty obvious version too (plus of course, any movement of one character that obscured a move of another would cause data loss).
Anyone know of a more technical piece on this?
Oh - and nostalgia moment. I just went and checked in a cupboard, and my ZX spectrum (with plus keyboard upgrade) is still there, along with a boxfull of game tapes :)
*grin* although you could *upgrade* it to the Spectrum level - there was a glue-on rubber keyboard mat that would give you the same "look and feel" as a ZX Spectrum; underneath the mat on a real spectrum there was only a membrane keyboard anyhow (not that modern pcs don't use the same design - although they are mostly separate sheets and the zx used a heat-sealed unit)
To be honest, I don't think worldcom's backbone (as big as it is) is really going to make the internet hurt a lot if it shuts down. Europe recently lost the EBone (its cross-europe network backbone) and other than some minor routing glitches, nothing much has happened (percentage-wise, EBone carried a lot more traffic than worldcom does; obviously, in actual packets the load is smaller)
Nah - probably didn't see them in the states, but we had something here in the UK called a ZX spectrum - the keyboard was a single, molded piece of rubber; if you had dropped one from a three-story building, you could probably have caught it on the first bounce :)
Still, this seems related to "gurilla stocking" of CDs - burning CDs that the major chains won't touch (new or unpopular bands - unpopular with the big recording companies that is), and leaving them in the racks at CD chains prominently labelled "this CD is free - please take one"
I am surprised this works - at least in the uk. I have to my unending dismay occasionally left a book in a public place (wall near a bus stop, phone booth, that sort of thing - places you put something down to use your hands and forget to pick it up again) and have seldom returned to find it either there or "just gone". almost invariably, it has been ripped apart and the pages strewn over a wide area (I must assume by kids; I am sure at least some of them would be dismayed to find they could have gotten upwards of 20ukp for one of them in any decent bookshop)
if this was some sort of geocaching (put somewhere where it would be awkward to discover without explicit finding instructions) then I can see it working, but not where kids could find it.
Not sure - in the UK, sellotape looks like plastic (shiny, can't be written on, distorts rather than tear) while scotch tape is matt, can be written on and tears much more easily.