I fail to see how this scheme has any advantage whatsoever over regular symmetric encryption. Assuming everyone has access to the random bit stream, the key material is nothing more than the integer sequence you use to select bits. Whether you pick every other bit, or a "large polynomial function", you have to have agreed on a random-looking integer sequence in some secure fashion. That being the case, why don't you just use that sequence as your key to any conventional cipher?
The "really really random" bits are a red herring. Because everybody has access to the stream, they would be totally irrelevant to a cryptanalysis. The attacker wouldn't be trying to guess whether a selected bit was "1" or "0", which is useless, but rather trying to guess which of the known bits were selected.
If you instead assume that attackers don't have access to the random bit stream, you have a one time pad, with its advantages and disadvantages. In that scenario, why would you bother to select a subset of the secret, random bits? No true one-time-pad is better than any other, at least as I understand them.
Perhaps someone who knows more than myself could provide the reference to the "vernam cipher" paper, or explain it in a way that I can see its advantages?
Regarding the idea that patents and greed have prevented HDTV adoption, I couldn't agree more. Regarding the attitude of corporate entitlement that you appear to have, I couldn't agree less.
So why give the people their airwaves for free when you can sell the band and pay down the debt?
Excuse me, I'm from "the people." I'm a voting, taxpaying citizen of the United States. I'm supposed to have the right to free speech. So where can I get my share of the airwaves? I could afford a transmitter that could do a few hundred watts, more than enough to reach my local area. (I already have the ham version, after all.) What form do I fill out to claim my share of the electromagnetic spectrum?
Oh, that's right--the FCC won't license me. There are no legal broadcast outlets operated by "the people". There are no low-power broadcast licenses in TV or radio.
What we do have is a handful of media corporations that control virtually every station in the United States. You spread plenty of money around Washington DC, partly to preserve your government-approved monopoly on communication, then happily take most of that money right back since you charge those same politicians huge sums for "your" precious airtime.
So don't bullshit me that these are "my" airwaves. If they're "mine", then I say my share is for sale, since I know I can't use it. If you want to use it to make money, as you're doing right now, you damn well should pay for the priviledge. Then maybe at least some fraction of the money will be spent in some way that benefits us, "the people".
It would probably start at a random place in the sequence too, so that the keylogger's capture of up x 15 down x 27 etc. is rendered useless.
Not only that, but the alphabet on screen would have to be randomly rearranged on each invocation. If you know that the alphabet is arranged a certain way, and you have a list of keystrokes such as "up,up,up,enter,left,down,enter", it's less-than-trivial to brute force the space of possible cursor starting locations.
And hopefully you'll have a very strong "random" number generator to do it with, since the security of your key now depends entirely on the security of the pseudorandom algorithm.
Once you start going paranoid, there's no end of possibilities...
You ask if I want usage of Linux to expand beyond the minority of people who think knowing their way around their system is cool. My answer is, no. To help you understand why, let me introduce myself. My name is Mike, and I am a geek.
You say you have a life, and intend to keep it that way. I too have a life, and I choose to spend some of my free time tinkering with and occasionally contributing to open-source, free software projects. You are not required to respect or admire this lifestyle choice, any more than I am required to respect or admire yours.
But when you ask why free software is not made more user-friendly, try to consider my position. As a volunteer programmer and tester, I am going to work only on projects that appeal to me. As many have observed, writing GUI configuration tools and other such fluff is not appealing. It is tedious, repetetive, unrewarding work. I have very little to learn from implementing yet more button-and-checkbox slop; I have done quite enough of that in my everyday paying jobs.
If I am representative, geeks and consumers have very different needs, wants, goals, attitudes, and expectations. Therefore, if you want a geek to address the needs of consumers, you must give him or her some sort of external motivation.
I submit that for many open source programmers, there is no such motivation. In fact, the opposite is the case: I don't really want to encourage consumer-grade users to adopt my software. There is a communal reason for this, and a selfish one:
The communal reason is that Joe AOL is, statistically speaking, not likely to be a valuable addition to the user community. He is not going to contribute any code. He doesn't read manuals. He often expects immediate, commercial grade support and generates a great deal of noise on the mailing lists. This is not really anyone's fault; Joe AOL is simply not interested in learning how his system works or making improvements to it.
The selfish reason is this: Since I have chosen to invest the time needed to become competent with Linux, FreeBSD, et al, I and my company have a significant competetive advantage. "Improving" this software to lower the cost of entry will benefit me not at all--in fact, my competetive advantage will diminish.
No doubt somebody will point out that the majority of open source development is done by paid professionals, not hobbyist geeks. In that case, the above arguments are even more relevant. A commercial developer working on Apache might be interested in improving performance, adding features, or removing bugs. A company relying on Apache is no doubt quite comfortable with the way it is configured. So again, writing a spiffy GUI configuration tool would only make it easier for less sophisticated competitors to retire their Xitami/Windows NT web server and adopt the more robust Apache. Would you spend your money doing this, or something that actually benefits your company--something like improving performance, adding features, or removing bugs?
Although I can't get to the article right now, I do know a little about quantum computing thanks to having just finished a thesis on the subject.
Studying the actual research in the field reveals that a real quantum device does not at all resemble a superintelligent "infinitely-faster-than-my-Pentium-4" computer of the future. To understand the difference requires understanding the fundamental nature of a quantum device and how it differs from a digital device.
The atomic unit of a quantum computer is a physical system of some sort that exhibits quantum behavior, such as a single electron and its spin. Whatever the implementation, the unit is called a qubit. A single qubit contains information sometimes described as a vector of complex numbers.
A digital computer, of course, operates on bits which allow only two states, the most common implementation of which is a high or low voltage at some defined point in an electrical circuit.
Some operations are natural and easy to perform on bits; these are AND, OR, NOT, XOR, and their Boolean friends. These operations, in turn, lend themselves to an easy and natural implementation of integer math. Other operations do not have a natural representation in digital computers, such as real-number arithmetic. For the relatively few occasions that call for irrational numbers, we make do with approximations and call it "floating-point" math.
The qubit's advantage is that, thanks to quantum mechanics, some operations which are very difficult for a digital computer are easy and natural for qubits. Notably, a set of qubits can perform a Fourier transformation in near constant time--an astounding operation that is so far believed to be impossible on any kind of Turing machine.
The other side of the coin, which is rarely understood by mainstream news reporters, is that the qubit is completely unable to address most of the rest of our favorite operations, such as integer addition. To ask a qubit to count from 0 to 9 is extremely difficult, maybe physically impossible.
If that weren't bad enough, quantum algorithms have to deal with other constraints such as the prohibition against creating a copy of an unknown quantum state. Therefore, your quantum Perl is going to have to start by doing away with the assignment operator. Qubits also have a nasty tendency to occasionally do things completely unexpected and unpredictable; this requires massively redundant calculations to reduce the probability of error to something acceptably small. (Of course digital computers suffer from random bit rot as well; it is solved with similar error detection and correction algorithms.)
All these obstacles discouraged any serious interest in quantum devices for some time. However, recently (1997?) Peter Shor published the first important quantum algorithm, which factors large composite numbers in polynomial time. In case you don't know, a computer with such a capability would have staggering implications. Much of the world's data protection is based on the RSA algorithm which relies on the difficulty of factoring large numbers.
Hence, the last few years have seen no shortage of funding or interest in quantum computing. Unfortunately, the mainstream media has caught just enough of the conversation to get the false idea that quantum computers are going to blow away all of the digital technology in existence, coming soon to a Best Buy near you.
Anyway, the moral of the story is, don't start saving for that Pentium-Q just yet; not only is a quantum device completely inappropriate for the overwhelming majority of computing tasks, but the current state of the art is a machine on the order of 10 qubits or so. (A few hundred qubits will be needed before Shor's algorithm presents a threat to current encryption.)
More realistically, you might expect to see one day in your lifetime a "quantum processing unit" that exists as a special-purpose extension to your digital processor--think along the lines of the 80287 floating point coprocessor. Even this kind of application is decades away at best.
In the Soviet Union, workers weren't rewarded for going beyond the call of duty. Productivity and quality both suffered, not because they were bad workers, but because there was no incentive.
Slashdot Mirror
Not worried at all, since those silly government programmers are comparing pointers to strings, which will almost certainly not work.
.. well, he'd better start looking for receipts for those "business expenses"...
Now, if they had said if(!strcmp(slashdotId, "Wolfier"))
The "really really random" bits are a red herring. Because everybody has access to the stream, they would be totally irrelevant to a cryptanalysis. The attacker wouldn't be trying to guess whether a selected bit was "1" or "0", which is useless, but rather trying to guess which of the known bits were selected.
If you instead assume that attackers don't have access to the random bit stream, you have a one time pad, with its advantages and disadvantages. In that scenario, why would you bother to select a subset of the secret, random bits? No true one-time-pad is better than any other, at least as I understand them.
Perhaps someone who knows more than myself could provide the reference to the "vernam cipher" paper, or explain it in a way that I can see its advantages?
Regarding the idea that patents and greed have prevented HDTV adoption, I couldn't agree more. Regarding the attitude of corporate entitlement that you appear to have, I couldn't agree less.
So why give the people their airwaves for free when you can sell the band and pay down the debt?
Excuse me, I'm from "the people." I'm a voting, taxpaying citizen of the United States. I'm supposed to have the right to free speech. So where can I get my share of the airwaves? I could afford a transmitter that could do a few hundred watts, more than enough to reach my local area. (I already have the ham version, after all.) What form do I fill out to claim my share of the electromagnetic spectrum?
Oh, that's right--the FCC won't license me. There are no legal broadcast outlets operated by "the people". There are no low-power broadcast licenses in TV or radio.
What we do have is a handful of media corporations that control virtually every station in the United States. You spread plenty of money around Washington DC, partly to preserve your government-approved monopoly on communication, then happily take most of that money right back since you charge those same politicians huge sums for "your" precious airtime.
So don't bullshit me that these are "my" airwaves. If they're "mine", then I say my share is for sale, since I know I can't use it. If you want to use it to make money, as you're doing right now, you damn well should pay for the priviledge. Then maybe at least some fraction of the money will be spent in some way that benefits us, "the people".
It would probably start at a random place in the sequence too, so that the keylogger's capture of up x 15 down x 27 etc. is rendered useless.
Not only that, but the alphabet on screen would have to be randomly rearranged on each invocation. If you know that the alphabet is arranged a certain way, and you have a list of keystrokes such as "up,up,up,enter,left,down,enter", it's less-than-trivial to brute force the space of possible cursor starting locations.
And hopefully you'll have a very strong "random" number generator to do it with, since the security of your key now depends entirely on the security of the pseudorandom algorithm.
Once you start going paranoid, there's no end of possibilities...
You ask if I want usage of Linux to expand beyond the minority of people who think knowing their way around their system is cool. My answer is, no. To help you understand why, let me introduce myself. My name is Mike, and I am a geek.
You say you have a life, and intend to keep it that way. I too have a life, and I choose to spend some of my free time tinkering with and occasionally contributing to open-source, free software projects. You are not required to respect or admire this lifestyle choice, any more than I am required to respect or admire yours.
But when you ask why free software is not made more user-friendly, try to consider my position. As a volunteer programmer and tester, I am going to work only on projects that appeal to me. As many have observed, writing GUI configuration tools and other such fluff is not appealing. It is tedious, repetetive, unrewarding work. I have very little to learn from implementing yet more button-and-checkbox slop; I have done quite enough of that in my everyday paying jobs.
If I am representative, geeks and consumers have very different needs, wants, goals, attitudes, and expectations. Therefore, if you want a geek to address the needs of consumers, you must give him or her some sort of external motivation.
I submit that for many open source programmers, there is no such motivation. In fact, the opposite is the case: I don't really want to encourage consumer-grade users to adopt my software. There is a communal reason for this, and a selfish one:
No doubt somebody will point out that the majority of open source development is done by paid professionals, not hobbyist geeks. In that case, the above arguments are even more relevant. A commercial developer working on Apache might be interested in improving performance, adding features, or removing bugs. A company relying on Apache is no doubt quite comfortable with the way it is configured. So again, writing a spiffy GUI configuration tool would only make it easier for less sophisticated competitors to retire their Xitami/Windows NT web server and adopt the more robust Apache. Would you spend your money doing this, or something that actually benefits your company--something like improving performance, adding features, or removing bugs?
Although I can't get to the article right now, I do know a little about quantum computing thanks to having just finished a thesis on the subject.
Studying the actual research in the field reveals that a real quantum device does not at all resemble a superintelligent "infinitely-faster-than-my-Pentium-4" computer of the future. To understand the difference requires understanding the fundamental nature of a quantum device and how it differs from a digital device.
The atomic unit of a quantum computer is a physical system of some sort that exhibits quantum behavior, such as a single electron and its spin. Whatever the implementation, the unit is called a qubit. A single qubit contains information sometimes described as a vector of complex numbers.
A digital computer, of course, operates on bits which allow only two states, the most common implementation of which is a high or low voltage at some defined point in an electrical circuit.
Some operations are natural and easy to perform on bits; these are AND, OR, NOT, XOR, and their Boolean friends. These operations, in turn, lend themselves to an easy and natural implementation of integer math. Other operations do not have a natural representation in digital computers, such as real-number arithmetic. For the relatively few occasions that call for irrational numbers, we make do with approximations and call it "floating-point" math.
The qubit's advantage is that, thanks to quantum mechanics, some operations which are very difficult for a digital computer are easy and natural for qubits. Notably, a set of qubits can perform a Fourier transformation in near constant time--an astounding operation that is so far believed to be impossible on any kind of Turing machine.
The other side of the coin, which is rarely understood by mainstream news reporters, is that the qubit is completely unable to address most of the rest of our favorite operations, such as integer addition. To ask a qubit to count from 0 to 9 is extremely difficult, maybe physically impossible.
If that weren't bad enough, quantum algorithms have to deal with other constraints such as the prohibition against creating a copy of an unknown quantum state. Therefore, your quantum Perl is going to have to start by doing away with the assignment operator. Qubits also have a nasty tendency to occasionally do things completely unexpected and unpredictable; this requires massively redundant calculations to reduce the probability of error to something acceptably small. (Of course digital computers suffer from random bit rot as well; it is solved with similar error detection and correction algorithms.)
All these obstacles discouraged any serious interest in quantum devices for some time. However, recently (1997?) Peter Shor published the first important quantum algorithm, which factors large composite numbers in polynomial time. In case you don't know, a computer with such a capability would have staggering implications. Much of the world's data protection is based on the RSA algorithm which relies on the difficulty of factoring large numbers.
Hence, the last few years have seen no shortage of funding or interest in quantum computing. Unfortunately, the mainstream media has caught just enough of the conversation to get the false idea that quantum computers are going to blow away all of the digital technology in existence, coming soon to a Best Buy near you.
Anyway, the moral of the story is, don't start saving for that Pentium-Q just yet; not only is a quantum device completely inappropriate for the overwhelming majority of computing tasks, but the current state of the art is a machine on the order of 10 qubits or so. (A few hundred qubits will be needed before Shor's algorithm presents a threat to current encryption.)
More realistically, you might expect to see one day in your lifetime a "quantum processing unit" that exists as a special-purpose extension to your digital processor--think along the lines of the 80287 floating point coprocessor. Even this kind of application is decades away at best.
In the Soviet Union, workers weren't rewarded for going beyond the call of duty. Productivity and quality both suffered, not because they were bad workers, but because there was no incentive.
And this is different from the United States how?