Errr. SpamAssassin is a great program, but it can be circumvented. The knowledge of which filter is being used will allow the spammers to do runs of messages specifically designed to avoid that filter...
Generally, the vulnerability to attacks that give away information about an address is a bad thing...
... at least for client-side filtering. To confirm that an email address johndoe.com.com is live, send a message to him from johndoe-com-com.spamdomain.com, then wait for the SPX request. Confirm with a custom DNS server. Unlike a web bug, it doesn't prove that he read it, but it confirms that the address is live *and* running SpamAssassin.
Of course, putting SPX in the SMTP server doesn't suffer from this problem, especially since the server can cache the SPX data for spamdomain.com.
So, how do these Transmeta chips compare to the VIA C3's, in terms of computing performance, and power/heat requirements
More interestingly, how does it compare to their new C5I/Esther processor expected out in Q1/04? The Esther core is 90nm, is supposed to run at 2GHz, 5W max or something, with 70x the RNG speed of the Nehemiah core, and integrated SHA hashing in addition to AES. Yay for SSL with 2% processor load!
The real problem with internet voting is not that people could hack it. That is an important concern (more that someone could hack voters' PCs, rather than the vote talliers), but it is not the most important. Vendor hacks/bugs could be circumvented by open source. Supervision wouldn't be much harder than it is with current voting systems.
There are a couple more important concerns. One is social engineering... most people have no intuition for computers, and this opens up an avenue of attack much worse than the whole Florida butterfly ballot scandal. Second, the possibilities of coercion, blackmail, bribery etc go WAY up if you can watch someone, or grab server logs, or use a remote desktop, or the like.
It wasn't insurance, and it wasn't a big thing. It was mentioned in Guards! Guards! when the dragon was burning the city that the firefighters' guild had been outlawed for this reason.
His name is Steve. He inherited the ship from the previous Dread Pirate Roberts, who wasn't the real Roberts either. His name was Gil. The real Roberts has retired 30 years since, and is living like a king in Patagonia.
Yeah, it's in most milk these days too... more people drink it that way... tho if you're really worried about it, you can get reduced-DHMO or even DHMO-free milk at most grocery stores, though like organic milk, it's more expensive per ounce than milk with DHMO.
"Unlimited" in this context should mean (i.e. a reasonable customer would interpret it to mean) that the user is not limited by the contract to a given monthly time or bandwidth cap.
If someone sells you an "unlimited account," and the contract doesn't say anything about 150 hours/month or even about "excessive usage," then they are not within their rights, under that contract, to cut you off or charge you more after 150 hours. If the contract does specify a limit, then the account should not be called "unlimited," because that is deceptive.
Nehemiah is the processor core, not the processor. Via's cores go by biblical books, so the next core after Nehemiah will be Esther, which isn't out yet. I might wait for that because the crypto unit will be much less useful if hashing remains a bottleneck than if all the symmetric crypto is dealt with by hardware accel. This would speed up an scp by a lot.
Huh? AFAIK, nano-ITX is supposed to be fanless, 12cmx12cm. And it'll need a power supply and an HD (plus a CD for install), but other than that it'll be great for a tiny headless fileserver... the crypto accel in the Nehemiah core would be great for ssh, although I might wait for Esther and built-in SHA (plus more speed at the same power, due to smaller process). It'd also make a great node for hyperencryption, given that it has a good hardware RNG; you could do this without even the hard drive if you boot from a memory card.
... gave me quite a turn. Also the slogan "Get Chipped!". Compare the logo in the PDF to that of Broken Saints. The logo in BS represents, among other things, another chip which is implanted in people for supposedly good purposes...
Heh. I wrote a program that does something of the opposite. It prevents the user from clearing the RAM using the standard command, thus enabling me to play games during tests.
The program runs a similar 200 Hz interrupt handler, which tests for the "Yes" item of the memory-clear dialog box in the menu stack. If it is present, the handler changes the menuitem's call address to a custom routine which fakes a memory clear. As with yours, it stays in even if you delete the program, etc.
like the approach of stegfs. It provides different security levels to provide plausible deniability. The idea is that even if someone can prove you have a stegfs partition, and they coerce you to give over data you can only give up level one, and they can't prove that any further security levels exist.
While being able to plausibly deny the existence of further steg data in a system specifically designed to allow one to do so may be nice in theory, it is just about worthless in practice. It basically yells out, "I'm hiding something more here, and I want to be able to lie and say it's not there!"
A slightly better approach is to have an encrypted partition on a keydrive, and a file which XOR's with it to something mildly sensitive (porn maybe) on your hard drive. Keep the scripts for maintaining it on the encrypted keydrive. Then you can claim that the keydrive partition is a one-time-pad for your porn. This also doesn't work very well, but is slightly better.
The best option would be to have a steg tool that's well hidden (dunno how that would be), and does excellent steg, so that you can't find it in the first place, and if so, can't prove that it's steg. But there isn't one yet.
A symmetric key is twice as hard to brute-force for every bit you add. Nobody "brute-forces" asymmetric (public) keys by trying all possible keys; rather, they try to reverse the mathematical process used to construct the public key from the private one. In the case of RSA, this is multiplication, so you have to factor a number. Currently, the fastest public method to do this is the Multiple Polynomial Number Field Sieve; to make something twice as hard with this, you have to add something like 0.3 to the cube root of the number of bits.
RSA keys (and elliptic curves, and DH keys) are much more likely to be severely weakened by improvements in mathematics than say Blowfish or Rijndael keys. If someone improves the method to reduce the constant in the exponent of the NFS (which would probably be extremely difficult), the 1024-bit RSA key could fall easily; otherwise, even Moore's law gives it only a decade or so to live.
RC4 is a stream algorithm. Its state is a permutation S of 0..255, and two bytes i and j, which start as 0. The round function is i++; j+=S[i]; output S[S[i]+S[j]]; swap S[i] and S[j]. The round function when keying it with array K[i] of length k is j+=S[i]+k[i%k]; swap S[i] and S[j]; i++;
TEA is a Feistel block cipher with a 64-bit block and a 128-bit key, and should be suitable for say hashing with the appropriate iterator (whereas RC4 is not). It uses a constant d, which is the expansion of the golden ratio, d=0x9E2779B9. It has 32 double-rounds, which to encrypt long y, long z with keyarray k goes as follows: sum=0; repeat 32 times { sum+=d; y+=(z<<4)+k[0] ^ (z>>5)+k[1] ^ z+sum; z+=(y<<4)+k[2] ^ (y>>5)+k[3] ^ y+sum; }
This has some minor (theoritcal) weaknesses, so instead you might want to use an updated version, which repeats 32 times: y+=((z<<4)^(z>>5))+z ^ z+sum ^ k[sum & 3]; z+=((y<<4)^(y>>5))+y ^ y+sum ^ k[(sum>>11) &3];
... the real advantage is that if done properly, nobody can even prove you sent a message.
While this is true, in fact it is the definition of good steganography, I'm not aware of any steg that actually achieves this. For a while, there were no public methods that break Outguess, but that was broken over a year ago, and I don't think there are any stego schemes still standing. The problem is that the last bit of your WAV file or GIF isn't very random in a real picture, not nearly as random as you might guess. This makes it quite difficult to make a scheme which hides there effectively.
Vimes is in a boat, being chased by werewolves, and about to go over a waterfall.
GOOD MORNING. Vimes blinked. A tall dark robed figure was now sitting in the boat. "Are you Death?" IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. "Does this mean I'm going to die?" POSSIBLY. "Possibly? You turn up when people are possibly going to die?" OH YES. IT'S QUITE THE NEW THING. IT'S BECAUSE OF THE UNCERTAINTY PRINCIPLE. "What's that?" I'M NOT SURE.
Slashdot Mirror
Errr. SpamAssassin is a great program, but it can be circumvented. The knowledge of which filter is being used will allow the spammers to do runs of messages specifically designed to avoid that filter...
Generally, the vulnerability to attacks that give away information about an address is a bad thing...
... at least for client-side filtering. To confirm that an email address johndoe.com.com is live, send a message to him from johndoe-com-com.spamdomain.com, then wait for the SPX request. Confirm with a custom DNS server. Unlike a web bug, it doesn't prove that he read it, but it confirms that the address is live *and* running SpamAssassin.
Of course, putting SPX in the SMTP server doesn't suffer from this problem, especially since the server can cache the SPX data for spamdomain.com.
Not everyone who uses a computer is a geek, you know.
Yes, but everyone who programs for Microsoft is a geek. Their security people should understand this, and make a resistant system.
So, how do these Transmeta chips compare to the VIA C3's, in terms of computing performance, and power/heat requirements
More interestingly, how does it compare to their new C5I/Esther processor expected out in Q1/04? The Esther core is 90nm, is supposed to run at 2GHz, 5W max or something, with 70x the RNG speed of the Nehemiah core, and integrated SHA hashing in addition to AES. Yay for SSL with 2% processor load!
After all, if we're looking at future chips...
The real problem with internet voting is not that people could hack it. That is an important concern (more that someone could hack voters' PCs, rather than the vote talliers), but it is not the most important. Vendor hacks/bugs could be circumvented by open source. Supervision wouldn't be much harder than it is with current voting systems.
There are a couple more important concerns. One is social engineering... most people have no intuition for computers, and this opens up an avenue of attack much worse than the whole Florida butterfly ballot scandal. Second, the possibilities of coercion, blackmail, bribery etc go WAY up if you can watch someone, or grab server logs, or use a remote desktop, or the like.
Problems with voting are clear and simple proof that fascist dictatorships are the only way to go.
We knew that before. Haven't you heard of Arrow's theorem?
It wasn't insurance, and it wasn't a big thing. It was mentioned in Guards! Guards! when the dragon was burning the city that the firefighters' guild had been outlawed for this reason.
Then you should be able to answer the obvious questions that people on these forums have posed: what's the efficiency, and will it drive pets insane?
His name is Steve. He inherited the ship from the previous Dread Pirate Roberts, who wasn't the real Roberts either. His name was Gil. The real Roberts has retired 30 years since, and is living like a king in Patagonia.
Yeah, it's in most milk these days too... more people drink it that way... tho if you're really worried about it, you can get reduced-DHMO or even DHMO-free milk at most grocery stores, though like organic milk, it's more expensive per ounce than milk with DHMO.
Well, I don't know about these contracts, but my family's specifies nothing about hours/week, but it does specify how much storage you get.
"Unlimited" in this context should mean (i.e. a reasonable customer would interpret it to mean) that the user is not limited by the contract to a given monthly time or bandwidth cap.
If someone sells you an "unlimited account," and the contract doesn't say anything about 150 hours/month or even about "excessive usage," then they are not within their rights, under that contract, to cut you off or charge you more after 150 hours. If the contract does specify a limit, then the account should not be called "unlimited," because that is deceptive.
Nehemiah is the processor core, not the processor. Via's cores go by biblical books, so the next core after Nehemiah will be Esther, which isn't out yet. I might wait for that because the crypto unit will be much less useful if hashing remains a bottleneck than if all the symmetric crypto is dealt with by hardware accel. This would speed up an scp by a lot.
Completely pointless. The heat would kill it.
Huh? AFAIK, nano-ITX is supposed to be fanless, 12cmx12cm. And it'll need a power supply and an HD (plus a CD for install), but other than that it'll be great for a tiny headless fileserver... the crypto accel in the Nehemiah core would be great for ssh, although I might wait for Esther and built-in SHA (plus more speed at the same power, due to smaller process). It'd also make a great node for hyperencryption, given that it has a good hardware RNG; you could do this without even the hard drive if you boot from a memory card.
Waiting for that nano-ITX board, for even-smaller-form-factor...
... gave me quite a turn. Also the slogan "Get Chipped!". Compare the logo in the PDF to that of Broken Saints. The logo in BS represents, among other things, another chip which is implanted in people for supposedly good purposes...
Heh. I wrote a program that does something of the opposite. It prevents the user from clearing the RAM using the standard command, thus enabling me to play games during tests.
The program runs a similar 200 Hz interrupt handler, which tests for the "Yes" item of the memory-clear dialog box in the menu stack. If it is present, the handler changes the menuitem's call address to a custom routine which fakes a memory clear. As with yours, it stays in even if you delete the program, etc.
like the approach of stegfs. It provides different security levels to provide plausible deniability. The idea is that even if someone can prove you have a stegfs partition, and they coerce you to give over data you can only give up level one, and they can't prove that any further security levels exist.
While being able to plausibly deny the existence of further steg data in a system specifically designed to allow one to do so may be nice in theory, it is just about worthless in practice. It basically yells out, "I'm hiding something more here, and I want to be able to lie and say it's not there!"
A slightly better approach is to have an encrypted partition on a keydrive, and a file which XOR's with it to something mildly sensitive (porn maybe) on your hard drive. Keep the scripts for maintaining it on the encrypted keydrive. Then you can claim that the keydrive partition is a one-time-pad for your porn. This also doesn't work very well, but is slightly better.
The best option would be to have a steg tool that's well hidden (dunno how that would be), and does excellent steg, so that you can't find it in the first place, and if so, can't prove that it's steg. But there isn't one yet.
[nt]
A symmetric key is twice as hard to brute-force for every bit you add. Nobody "brute-forces" asymmetric (public) keys by trying all possible keys; rather, they try to reverse the mathematical process used to construct the public key from the private one. In the case of RSA, this is multiplication, so you have to factor a number. Currently, the fastest public method to do this is the Multiple Polynomial Number Field Sieve; to make something twice as hard with this, you have to add something like 0.3 to the cube root of the number of bits.
RSA keys (and elliptic curves, and DH keys) are much more likely to be severely weakened by improvements in mathematics than say Blowfish or Rijndael keys. If someone improves the method to reduce the constant in the exponent of the NFS (which would probably be extremely difficult), the 1024-bit RSA key could fall easily; otherwise, even Moore's law gives it only a decade or so to live.
"Having said that, should (when) the revolution comes it will not be televised, it will be stegged so I'm keeping those skills."
/www.simonshepherd.supanet.com/tea.htm
To those concerned with security during the revolution, RC4 and TEA are pretty good skills. Both are fast and easy to memorize.
http://ciphersaber.gurus.com/
http:/
RC4 is a stream algorithm. Its state is a permutation S of 0..255, and two bytes i and j, which start as 0. The round function is i++; j+=S[i]; output S[S[i]+S[j]]; swap S[i] and S[j]. The round function when keying it with array K[i] of length k is j+=S[i]+k[i%k]; swap S[i] and S[j]; i++;
TEA is a Feistel block cipher with a 64-bit block and a 128-bit key, and should be suitable for say hashing with the appropriate iterator (whereas RC4 is not). It uses a constant d, which is the expansion of the golden ratio, d=0x9E2779B9. It has 32 double-rounds, which to encrypt long y, long z with keyarray k goes as follows:
sum=0;
repeat 32 times {
sum+=d;
y+=(z<<4)+k[0] ^ (z>>5)+k[1] ^ z+sum;
z+=(y<<4)+k[2] ^ (y>>5)+k[3] ^ y+sum;
}
This has some minor (theoritcal) weaknesses, so instead you might want to use an updated version, which repeats 32 times:
y+=((z<<4)^(z>>5))+z ^ z+sum ^ k[sum & 3];
z+=((y<<4)^(y>>5))+y ^ y+sum ^ k[(sum>>11) &3];
... the real advantage is that if done properly, nobody can even prove you sent a message.
While this is true, in fact it is the definition of good steganography, I'm not aware of any steg that actually achieves this. For a while, there were no public methods that break Outguess, but that was broken over a year ago, and I don't think there are any stego schemes still standing. The problem is that the last bit of your WAV file or GIF isn't very random in a real picture, not nearly as random as you might guess. This makes it quite difficult to make a scheme which hides there effectively.
Vimes is in a boat, being chased by werewolves, and about to go over a waterfall.
GOOD MORNING.
Vimes blinked. A tall dark robed figure was now sitting in the boat.
"Are you Death?"
IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
"Does this mean I'm going to die?"
POSSIBLY.
"Possibly? You turn up when people are possibly going to die?"
OH YES. IT'S QUITE THE NEW THING. IT'S BECAUSE OF THE UNCERTAINTY PRINCIPLE.
"What's that?"
I'M NOT SURE.