You think thats secure? For the ultra paranoid I've encrypted it into ROT26:
Could you introduce yourself ?
I'm a security technologist. My career has been a series of generalizations. I started working in cryptography: mathematical security. Then I realized that all the cryptography in the world won't help if the computer is insecure, and all the computer security won't help if the network is insecure. Since then, I have been concentrating more on the social and economic aspects of security, realizing that all the technology in the world won't help if those aren't done right.
More on my background can be found on schneier.com
NSA licensed Certicom's EC patents for $25 million last year, and recently announced the new US government standard for key agreement and digital signatures, called Suite B. It uses Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Menezes-Qu-Vanstone (ECMQV) for key agreement, and Elliptic Curve Digital Signature Algorithm (ECDSA) for signature generation/verification. Do you think that NSA is promoting ECC based crypto because they cannot crack RSA/DSA based one ?
Although I wrote that in 1999, I am still skeptical about elliptic curves.
Or maybe just because they can crack RSA/DSA they prefer to protect USbusiness with ECC (supposed to be harder to crack)?
With sufficient key lengths, all of this is uncrackable. I don't believe that the NSA has any secret mathematics that they use to break RSA/DSA or ECC.
Would a quantum computer do the job ?
In theory, yes. In practice, we have no idea how to build one to do it. Maybe in fifty years. Or twenty-five.
Some time ago you co-authored a paper on software monopoly risks. What about crypto monopoly? Don't you think that having just a couple of public-key algorithms based on the same math problem could lead to a catastrophe if cracked ?
The security advantages of a common cryptographic algorithm far outweigh the disadvantages. I've written about that as well:
What would you do if you found a solution to the factorization problem?
Any cryptographer, if they found something so significant as a solution of the factorization, would publish their results. Such a discovery would likely result in profound changes in how we view number theory, and would be the mathematical discovery of the decade...and maybe even more important.
Since most crypto protocols on the internet, such as SSL or SSH, uses public-keys to build a secure channel, wouldn't a unexpected public disclosure create a chaos on the internet ?
No. Chaos is hard to create, even on the Internet.
Here's an example. Go to Amazon.com. Buy a book without using SSL. Watch the total lack of chaos.
In the security community there are various ways of thinking about vulnerabilities disclosure (public-, full-, responsible-, no-). What is the situation in the crypto community ? What type of disclosure process is there ?
Most security professionals believe in full disclosure, and cryptographers are no exception. The advancement of the science is best served by the free exchange of ideas.
Why is often used a money-rewarded challenge to verify a crypto algorithm?
Because it's free consulting work, and money is an attempt to add some financial incentive. Most of the time it's a sham. While there are some legitimate contests, most are just attempts to gain publicity.
Recently some papers addressing hash functions were published, and you suggested on your blog that it's time to get to work r
The bike has a 6kW (8 hp) electric motor, top speed of 50 mph (80kph), a range of 100 miles (160km). The engine is completely silent, which might not go well with many motorcycle lovers.
I'm a bike rider and it would be great to ride with a silent engine up to some traffic lights behind another bike. Then, as the lights change I overtake him almost instantly.
But.. on this bike I'd have 8hp and the other bike could have 150+. No contest.
THE footballers of tomorrow will have the midfield guile of Zinedine Zidane, the finishing ability of Andriy Shevchenko and the staying power of Roy Keane.
Pampered multi millionaire footballers won't even step foot on a field if other players have slightly hard shin guards, let alone legs made of titianium!
I've been working in the Technical Support department of a major Anti-Virus company all day and I am currently speaking to the first customer who is infected with this worm. Hopefully it won't spread.
so whats it do? Yes I see the code and you say its similar to fairplay but how?"
Playfair links to non-GPL code (MPL) where this is pure GPL, the only other code it uses are the.NET class libraries which are licensed under the LGPL.
Even if the developers of a competing office suite could figure out how to get their software to open an Office 2003 document, doing so would be a DMCA violation, since they'd be bypassing an anti-circumvention device.
DMCA, that's a law in the United States. It would only be violating it there.
So here's the question: Do you want your company to be tied to the fortunes of Microsoft? If you trust Microsoft to do the right thing for you and your company, then use Microsoft's proprietary tools.
There are opensource implementations of the CLI too. Mono aims to be.NET compatitable.
So one does not need to be tied to Microsoft, or use their tools.
April Fools!
on
GTK+ TTY Port
·
· Score: 2, Interesting
This was actually an April Fools some time ago, but with QT.
Slashdot Mirror
Slashdot article that reads like total gibberish? You must be new here.
He's going to need counseling when he reads the dupe!
The reg also mentions the Twin Towers are still there:
Microsoft
Google
Bullshit. The speed limits havn't changed since the 50s, cars have.
How about human reaction times?
Hear, hear. I would recommend the parent watch motor racing from 50 years ago, its totally changed.
If you have the time (and the money) try doing a lap of a racetrack in a 1955 car and a 2005 car. The difference in braking alone is astonishing.
You think thats secure? For the ultra paranoid I've encrypted it into ROT26:
Could you introduce yourself ?
I'm a security technologist. My career has been a series of generalizations. I started working in cryptography: mathematical security. Then I realized that all the cryptography in the world won't help if the computer is insecure, and all the computer security won't help if the network is insecure. Since then, I have been concentrating more on the social and economic aspects of security, realizing that all the technology in the world won't help if those aren't done right.
More on my background can be found on schneier.com
NSA licensed Certicom's EC patents for $25 million last year, and recently announced the new US government standard for key agreement and digital signatures, called Suite B. It uses Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Menezes-Qu-Vanstone (ECMQV) for key agreement, and Elliptic Curve Digital Signature Algorithm (ECDSA) for signature generation/verification. Do you think that NSA is promoting ECC based crypto because they cannot crack RSA/DSA based one ?
I do not. I believe the NSA believes that ECC is strong. I wrote about ECC here:
http://www.schneier.com/crypto-gram-9911.html#Elli pticCurvePublic-KeyCryptography
Although I wrote that in 1999, I am still skeptical about elliptic curves.
Or maybe just because they can crack RSA/DSA they prefer to protect USbusiness with ECC (supposed to be harder to crack)?
With sufficient key lengths, all of this is uncrackable. I don't believe that the NSA has any secret mathematics that they use to break RSA/DSA or ECC.
Would a quantum computer do the job ?
In theory, yes. In practice, we have no idea how to build one to do it. Maybe in fifty years. Or twenty-five.
Some time ago you co-authored a paper on software monopoly risks. What about crypto monopoly? Don't you think that having just a couple of public-key algorithms based on the same math problem could lead to a catastrophe if cracked ?
The security advantages of a common cryptographic algorithm far outweigh the disadvantages. I've written about that as well:
http://www.schneier.com/crypto-gram-9904.html#diff erent.
What would you do if you found a solution to the factorization problem?
Any cryptographer, if they found something so significant as a solution of the factorization, would publish their results. Such a discovery would likely result in profound changes in how we view number theory, and would be the mathematical discovery of the decade...and maybe even more important.
Since most crypto protocols on the internet, such as SSL or SSH, uses public-keys to build a secure channel, wouldn't a unexpected public disclosure create a chaos on the internet ?
No. Chaos is hard to create, even on the Internet.
Here's an example. Go to Amazon.com. Buy a book without using SSL. Watch the total lack of chaos.
In the security community there are various ways of thinking about vulnerabilities disclosure (public-, full-, responsible-, no-). What is the situation in the crypto community ? What type of disclosure process is there ?
Most security professionals believe in full disclosure, and cryptographers are no exception. The advancement of the science is best served by the free exchange of ideas.
Why is often used a money-rewarded challenge to verify a crypto algorithm?
Because it's free consulting work, and money is an attempt to add some financial incentive. Most of the time it's a sham. While there are some legitimate contests, most are just attempts to gain publicity.
Recently some papers addressing hash functions were published, and you suggested on your blog that it's time to get to work r
The bike has a 6kW (8 hp) electric motor, top speed of 50 mph (80kph), a range of 100 miles (160km). The engine is completely silent, which might not go well with many motorcycle lovers.
I'm a bike rider and it would be great to ride with a silent engine up to some traffic lights behind another bike. Then, as the lights change I overtake him almost instantly.
But.. on this bike I'd have 8hp and the other bike could have 150+. No contest.
The top arcticle on Slashdot states:
..and the one below it states:
;)
EDS: Linux is Insecure, Unscalable
Google and Their Server Farm
Google is small, they always get hacked and their search engine doesn't scale. QED.
And the final question on every /. lips is, in regard to anything, when will HURD run Linux? ;-)
It already does: l4linux.
If they claim they don't make money off region coding cartridges, why are they doing it? Sounds like bullshit to me.
They would argue that currently they are losing money from cheap imports so by region coding they are not making money, just not losing it anymore.
Thanks to the beeb, I will get free news.
He is currently working on a dbus port to help complete Fredrik Hedberg's port of Beagle to Windows.
After that is done, however, his major project will be to port Evolution to Windows.
I imagine by the time he gets to actually porting Evolution to windows Groupwise support will be out of beta.
Usually beta testing is just to find the last few serious bugs anyway. In my experience its unlikely there will be any major code changes.
THE footballers of tomorrow will have the midfield guile of Zinedine Zidane, the finishing ability of Andriy Shevchenko and the staying power of Roy Keane.
Roy Keane? Staying power? World Cup? They sent him home!
Pampered multi millionaire footballers won't even step foot on a field if other players have slightly hard shin guards, let alone legs made of titianium!
Now I'm off to eat my breakfast of spam, eggs, bacon, and spam.
Liar. We know that all you have in your kitchen is spam, spam, eggs, bacon, and spam with spam.
Wikipedia also goes on to say:
;)
"class II: the blinking reflex of the human eye will prevent eye damage"
So as long as you blink you're ok
I've been working in the Technical Support department of a major Anti-Virus company all day and I am currently speaking to the first customer who is infected with this worm. Hopefully it won't spread.
I don't know my ass from a hole in the ground, but I highly doubt Microsoft's .NET Class Libraries are licensed under the LGPL.
:)
And you are correct. However Mono's class libraries are licensed under the LGPL. Jon developed this code using the Mono runtime, Mono's C# compiler (mcs) and the Monodevelop IDE.
Oh, did I mention that Mono is really cool?
so whats it do? Yes I see the code and you say its similar to fairplay but how?"
.NET class libraries which are licensed under the LGPL.
Playfair links to non-GPL code (MPL) where this is pure GPL, the only other code it uses are the
I can easily top it, with two words! Lotus Notes.
Nike's logo is simple, unique, easy to remember and recognize.
:)
Debian's is too, I like it
With Slashdot claiming earlier today that "The FSF [are] Linux's Hit Men" do you _really_ think they are going to risk naming it the the Apteon?
Even if the developers of a competing office suite could figure out how to get their software to open an Office 2003 document, doing so would be a DMCA violation, since they'd be bypassing an anti-circumvention device.
DMCA, that's a law in the United States. It would only be violating it there.
And if you look even further you will see that some people feel it is:
Jun 11th, 2003: SourceGear and Ximian announce partnership
Mono isn't complete, but its very usable.
So here's the question: Do you want your company to be tied to the fortunes of Microsoft? If you trust Microsoft to do the right thing for you and your company, then use Microsoft's proprietary tools.
.NET compatitable.
There are opensource implementations of the CLI too. Mono aims to be
So one does not need to be tied to Microsoft, or use their tools.
This was actually an April Fools some time ago, but with QT.
Galeon was the first browser to use tabbed browsing.