That's all encryption is. I don't need to be a math major to figure out that if I have a car that can go 200 MPH it'll get there twice as fast as a car that can only do 100 MPH.
No, but as I pointed out in my other reply to you, you having a car that can go 200 MPH just means that I have to put your destination twice as far away.
And without fundamental math advances that haven't yet happened (at least outside of NSA-style organizations), for quite a long time it will be completely feasible to keep moving the destination further and further away as you get a faster and faster car -- without fundamentally changing the road network (which I guess is the crypto system:-)).
I didn't say that you said that AES could replace RSA: I said that your AES/DES analogy didn't support your statement that RSA is or should be deprecated. That may sound like I'm nitpicking here, but I'm really not: it's pretty fundamental to my point. And the reason is this:
Which is that every encryption algorithm, regardless of type or usage-scenario, has a shelf life.
This absolutely need not be true. RSA for instance is based in part around a hardness assumption: that given a very large number n which is the product of p and q, it is far harder to find p and q from n then it is to find n from p and q. Assume for the sake of argument that this is the only hardness assumption RSA depends on. (If the summary isn't misleading it apparently also depends on the hardness of discrete log, but I don't know how.)
If the hardness assumption holds, then RSA as such will never be insecure. Why? Suppose you say "here is a computer capable of factoring a number n with b bits." I'll say "OK, fine; I'll use 100*b bits (or something)"; because multiplying is so much easier than factoring, your computer will still be able to carry out that task but it won't be able to crack my key.
In other words, if the hardness assumption holds, RSA doesn't have a specific difficulty: it can scale with computational power. That's why you see people using 2048-bit keys now instead of 512-bit keys a couple of decades ago.
The only things that the age of the algorithm has to say about the security of it is (1) if the difficulty cannot scale with computational power (true of DES, not true of RSA) and (2) being out longer gives people more time to find flaws in its assumptions.
But here's the thing: #2 isn't necessarily bad or speak against the algorithm. It is conceivable that the assumptions just fundamentally hold. If they do, being out longer will not impact the security at all. If anything, being out longer with no one discovering anything should give a higher assurance that an algorithm is secure than a newer one would.
now that resources have increased many-fold since the original, it is no longer secure.
I don't think I've ever heard a blanket statement about RSA being insecure -- only things like certain key sizes or certain implementations or PRNGs being insecure. (Wikipedia also lists a couple of side-channel and plain-text attacks, but those are also arguably quality-of-implementation issues, and similar attacks exist for EC systems.) The intro to the Wikipedia article says nothing about RSA being insecure. "Deprecated" and "discouraged" both fail to appear on the page.
The strongest statement against RSA I've heard is just that EC is better.
I then compared it to other encryption schemes that are less resource-constrained which have been coming into wider use
Proving that P=NP doesn't make anything tractable, unless you use the ridiculous definition where tractable is the same as polynomial time.
Yes, you make some excellent points, and I should have addressed them before. I did a little bit (e.g. a close approximation to a solution may be "practical"), but you're right that I didn't go far enough.
More specifically, what I meant is a lot closer to the following. The OP was (while making the same mistake) considering crypto to be broken if P=NP. My hypothesis is that if crypto is broken because P=NP and then someone finds a good alogrithm, then many of the other very difficult problems will be solvable via whatever inspirational spark led to a good algorithm for factoring or whatever.
(One way this could fail is the following: factoring I think is in a no-mans land between P and NP, not known to be in P nor known to be NP-complete. If NP collapses into P then so must factoring, but it could be that factoring is some weird-ass O(n^23) algorithm or something while every NP-complete problem can't be done in less than, say, O(n^6000).)
He's not referring to the operating principles, only to the fact that RSA and DES are about equally dated
Adam Van Ymeren said it well. An algorithm's age doesn't necessarily speak to how secure it is. DES is considered insecure because it has a fixed key size that can be brute-forced, not because it is a fundamentally weak crypto system.
By contrast, the same objection does not apply to RSA, at least AFAIK: the key size can be scaled arbitrarily, so as computing resources grow so can the difficulty of the problem. I'm not familiar enough with the area to know how the discrete log helps RSA (integer factoring is the usual weakness I associate with that algorithm), but at least what the summary suggests is a fairly fundamental breaking of the algorithm. I didn't read TFA, but possibly key sizes would have to be scaled up prohibitively to remain secure.
DES vs AES is not the same situation at all as RSA vs EC.
Without a statement as to whether the NSA has been involved in elliptic curve stuff (though I will point out that they have nearly as much motivation to make things hard for, say, the USSR/China [depending on era] to crack as they do to make things easy for them to crack), did you read your link? It isn't really talking about elliptic curve crypto at all.
It's describing a potential flaw in a random-number generator whose algorithm is based around elliptic curve crypto. Even if every worry presented by the article is true, that means absolutely nothing about whether elliptic curve is secure against the NSA.
(Actually it almost suggests that it is, because if EC was breakable then the NSA wouldn't have as much motivation to get a known key into the RNG standard.)
Almost no one thinks that P=NP, so I wouldn't worry so much about that keeping you up at night. (The main thing I took away from a Robert Cook talk (the guy who basically invented/discovered the problem) was when he said that one of the big reasons that theorists think that P!=NP is that people seem to be really good at finding algorithms but really bad at proving complexity class differences. As a "proof" of the latter, he put forth that L any of them.:-) Obviously this was probably more intended as a humorous take on the situation, but it is slightly revealing.)
Actually in some ways it would be really really exciting and almost certainly a really good thing in the long run, because there are a lot of important, currently-intractable problems that become tractable if P=NP.
Of course, that assumes two things: (1) current approximation algorithms aren't "good enough" (which I'm not sure about), and (2) the chaos brought about by cryptography no longer working is relatively short term and we make it through it.:-)
The RSA encryption has been depreciated for years now. Hell, back in 2000 we were saying that DES was insecure, and triple-DES was just a stop-gap. Everyone's been switching to AES for awhile now. This isn't news.
Your first sentence sounds weird to me, and it isn't supported by your second. AES can't be a suitable replacement for RSA because AES is a secret-key system and RSA is a public-key one.
I'm not a crypto person, but RSA and elliptic-curve systems are the only two public-key systems I can think of. (There are others that allow secure exchange of a secret key, but that's different.)
"To create an account, type "green" in the box below."
Jeff Atwood's codinghorror.com used to have "type orange in the box", but I think he switched to an actual login thing.
The other is to realize that your blog/website/etc is not all that special, and doesn't need YouTube/Gmail/Wikipedia grade bot protection.
OK that's fine, but now what should the YouTube/Gmail/Wikipedias do?
Or take one of the more convincing examples in TFA: ticketmaster. That's a service that can't reduce the benefit, because the whole point of the site is to provide the exact service (selling tickets) that bots want to achieve (buying tickets).
Add some fields which start out as regular text fields but then hide them with Javascript.
How is this harder to break than CAPTCHAs? I mean, CAPTCHAs are (or maybe were) actually a decent research question for how to get OCR resilient enough to solve them, or you have to figure out how to hijack other people to solve them for you. By contrast, ignoring fields that are hidden by Javascript seems like... 10 minutes of engineering.
OK, I'm exaggerating a bit. But I really don't see the difficulty there, especially when you start putting in "don't change this" for people sometimes like me with JS off.
You say that bots that pay attention to that aren't common now, but bots that do a decent job at solving CAPTCHAs also seem relatively rare, and if the "hidden fields" became as popular as CAPTCHAs are now I bet you'd see a lot more of them...
[targeted bots] can be remedied if you randomize all field names
And now you've broken form autofilling, which means that real people now need to fill out a lot more fields than they do if you have a CAPTCHA.
(Obviously not every form benefits from filling out, but I bet a lot of the ones where you'd see a CAPTCHA do.)
am also not a doctor but I can say that a patient dying on the operating table was likely not the desired outcome. I can tell you this despite not knowing how to design a rocket or operate on a person.
Yep. But at least for a while, people dying on the operating table will happen, because even if people were perfect and never made any mistakes, we simply don't know how to prevent such occurrences completely.
I don't think you'll find people claiming that CAPTCHAs are a good solution to the problem, but without stating a position on the matter (I'd have to see some hard evidence) it seems to be not completely unreasonable to say that that they're better than the alternatives.
Let's go back to the OR table. Suppose that you have a condition that has a 90% chance of being fatal sometime in the next year. We can operate, but the operation has a 10% of fatal complications. Should you say "Operating has a 10% chance of a negative outcome. I'm not gonna do it. Figure out something better?" and wait around until we do?
? I thought you were complaining about how you could type what you want into the Win7 start menu and just hit enter, so I don't understand where the clicking comes in. The typing-things-in thing you can do in Win8 exactly the same way. If you drive the start menu with the mouse, then yes, I see why the start screen would be bad.
Every time a new version of LibreOffice comes out, I try loading a sample of.docx files we have at work. And every time, I am sorely disappointed that LibreOffice can't even get the most basic formatting features right. And I'm talking about everyday things like paragraph spacing, indentation, centering, margins, and the spacing on bulleted and numbered items. I wouldn't dare try to save a docx file, for fear of how it would look in MSWord afterward.
For a while, you could open PowerPoint, save the default, blank presentation, open it in Impress, and it wouldn't be rendered correctly.
(I don't know when that was fixed, but a PPTX "import filter" was added in OpenOffice 3.0 and it lasted through at least 3.2. Sometime between OO 3.2 [Feb 2010] and LibreOffice 4.0 [Feb 2013] was a dramatic improvement in accuracy, and at least that and another basic slide that I used to test work now. 4.0 is still missing antialiasing and dealing with some of the more "advanced" stuff, like shapes, but at least it seems to be able to render text on a colored slide reasonably accurately now.:-))
This is of questionable advantage; many people like it. (Sure, many people hate it as well. It's a very polarizing feature.) I'm probably one of the rare people you'll find who is pretty neutral on the thing. (I don't use office software much.)
You can open multiple windows. So you can see two documents at the same time.
Are you on acid? Why do you think you can't do that in MS Office? (Well, I seem to remember some weirdness with Excel in this area. Don't know if it still applies.)
I'm sure Office has some advantages, ubiquity comes to mind.
And the fact that PowerPoint is so much better than Impress that it's like if Bobby Fischer, Gary Kasparov, and Deep Blue got together to collaborate in a game of chess against me.
But every iteration that comes out seems to make the UI worse.
So without getting into ribbon bad/good, I was actually very surprised at some of the changes they made from PPT 2007 to 2010. I used 2010 in a computer lab and expected it to basically be the same thing with a different style and color scheme, but there were actually a couple of things that I was doing where certain actions took far fewer clicks.
To be fair, the difference between XP and Vista/7 wasn't that drastic..... Windows 8 is where they went off on a tangent and put a little too much tablet UI in a desktop OS.
What?
In terms of how I use the computer in day-to-day use, the Vista/7 transition had far more of an effect than Windows 8 has had. I don't really use any metro apps, but with that disclaimer I almost don't notice that metro is present. Windows Vista, however, completely changed (for the better) how I launched programs, and Windows 7 made significant changes with how I deal with managing existing windows.
Actually in terms of typical use, Windows 7 -> 8 may have had the least impact of any Windows version change I've done since 95->98.
No one is arguing that the artists deserve to be paid. That's a strawman.
The argument from copyright supporters is that if the artists make something that people want to have, they deserve to get paid by the people who have it. In other words, if you make something good, other people shouldn't be able to just torrent it.
If you disagree with that, there's an interesting discussion. But saying that artists are demanding to be paid just because they put in the work is not correct.
You know, where musicians actually make money as opposed to record deals which usually land the artists deeply in debt when they don't pan out?
This isn't necessarily the case, especially for self-published artists. For instance, Zoe Keating has published her revenue breakdown -- only 26% comes from touring. And that's revenue, not profit, and touring is expensive.
Her situation is unique as she is independent (so no label to take profits) and yet reasonably successful. However, the aggregate information based on responses to this survey puts live performance income at 28%, so her experience is right in line with that. (The survey responses are wildly spread out though -- it covers people who just don't do live performances all the way through people who only make money from live performance (6.3%). The number varies a lot by genre; e.g., in rock, the average was 44%. But that's still a long way from "where they actually make money".)
I don't think there's much in Java the language that encourages over-engineering; it's more in the community that surrounds Java.
I would suggest that it's in between, at least if you consider the contents of the java.blah package part of "Java the language". There are plenty of bits in that which are grossly overengineered... just look at how much crap you have to do in order to carry out simple tasks like file I/O or reading a line of input. It's not a ton in an absolute sense, but it's several times as much code as what "should" be required (according to me).
My personal preferences put Clojure as a clear winner over Scheme overall from a language perspective (there are things I like about Scheme better of course, but they are outweighted in other areas), though I can't compare implementations.
Slashdot Mirror
No, but as I pointed out in my other reply to you, you having a car that can go 200 MPH just means that I have to put your destination twice as far away.
And without fundamental math advances that haven't yet happened (at least outside of NSA-style organizations), for quite a long time it will be completely feasible to keep moving the destination further and further away as you get a faster and faster car -- without fundamentally changing the road network (which I guess is the crypto system :-)).
Yes, it was. My bad. :-)
I didn't say that you said that AES could replace RSA: I said that your AES/DES analogy didn't support your statement that RSA is or should be deprecated. That may sound like I'm nitpicking here, but I'm really not: it's pretty fundamental to my point. And the reason is this:
This absolutely need not be true. RSA for instance is based in part around a hardness assumption: that given a very large number n which is the product of p and q, it is far harder to find p and q from n then it is to find n from p and q. Assume for the sake of argument that this is the only hardness assumption RSA depends on. (If the summary isn't misleading it apparently also depends on the hardness of discrete log, but I don't know how.)
If the hardness assumption holds, then RSA as such will never be insecure. Why? Suppose you say "here is a computer capable of factoring a number n with b bits." I'll say "OK, fine; I'll use 100*b bits (or something)"; because multiplying is so much easier than factoring, your computer will still be able to carry out that task but it won't be able to crack my key.
In other words, if the hardness assumption holds, RSA doesn't have a specific difficulty: it can scale with computational power. That's why you see people using 2048-bit keys now instead of 512-bit keys a couple of decades ago.
The only things that the age of the algorithm has to say about the security of it is (1) if the difficulty cannot scale with computational power (true of DES, not true of RSA) and (2) being out longer gives people more time to find flaws in its assumptions.
But here's the thing: #2 isn't necessarily bad or speak against the algorithm. It is conceivable that the assumptions just fundamentally hold. If they do, being out longer will not impact the security at all. If anything, being out longer with no one discovering anything should give a higher assurance that an algorithm is secure than a newer one would.
I don't think I've ever heard a blanket statement about RSA being insecure -- only things like certain key sizes or certain implementations or PRNGs being insecure. (Wikipedia also lists a couple of side-channel and plain-text attacks, but those are also arguably quality-of-implementation issues, and similar attacks exist for EC systems.) The intro to the Wikipedia article says nothing about RSA being insecure. "Deprecated" and "discouraged" both fail to appear on the page.
The strongest statement against RSA I've heard is just that EC is better.
Except that the DES vs AES case is not even close to being the same case, as Adam Van Ymeren said in response to you, and then I elaborated on elsewhere and above.
The reason it's not even close is that DES does not scale with computational power, because it has a fixed key size.
Yes, you make some excellent points, and I should have addressed them before. I did a little bit (e.g. a close approximation to a solution may be "practical"), but you're right that I didn't go far enough.
More specifically, what I meant is a lot closer to the following. The OP was (while making the same mistake) considering crypto to be broken if P=NP. My hypothesis is that if crypto is broken because P=NP and then someone finds a good alogrithm, then many of the other very difficult problems will be solvable via whatever inspirational spark led to a good algorithm for factoring or whatever.
(One way this could fail is the following: factoring I think is in a no-mans land between P and NP, not known to be in P nor known to be NP-complete. If NP collapses into P then so must factoring, but it could be that factoring is some weird-ass O(n^23) algorithm or something while every NP-complete problem can't be done in less than, say, O(n^6000).)
Adam Van Ymeren said it well. An algorithm's age doesn't necessarily speak to how secure it is. DES is considered insecure because it has a fixed key size that can be brute-forced, not because it is a fundamentally weak crypto system.
By contrast, the same objection does not apply to RSA, at least AFAIK: the key size can be scaled arbitrarily, so as computing resources grow so can the difficulty of the problem. I'm not familiar enough with the area to know how the discrete log helps RSA (integer factoring is the usual weakness I associate with that algorithm), but at least what the summary suggests is a fairly fundamental breaking of the algorithm. I didn't read TFA, but possibly key sizes would have to be scaled up prohibitively to remain secure.
DES vs AES is not the same situation at all as RSA vs EC.
Without a statement as to whether the NSA has been involved in elliptic curve stuff (though I will point out that they have nearly as much motivation to make things hard for, say, the USSR/China [depending on era] to crack as they do to make things easy for them to crack), did you read your link? It isn't really talking about elliptic curve crypto at all.
It's describing a potential flaw in a random-number generator whose algorithm is based around elliptic curve crypto. Even if every worry presented by the article is true, that means absolutely nothing about whether elliptic curve is secure against the NSA.
(Actually it almost suggests that it is, because if EC was breakable then the NSA wouldn't have as much motivation to get a known key into the RNG standard.)
Almost no one thinks that P=NP, so I wouldn't worry so much about that keeping you up at night. (The main thing I took away from a Robert Cook talk (the guy who basically invented/discovered the problem) was when he said that one of the big reasons that theorists think that P!=NP is that people seem to be really good at finding algorithms but really bad at proving complexity class differences. As a "proof" of the latter, he put forth that L any of them. :-) Obviously this was probably more intended as a humorous take on the situation, but it is slightly revealing.)
Actually in some ways it would be really really exciting and almost certainly a really good thing in the long run, because there are a lot of important, currently-intractable problems that become tractable if P=NP.
Of course, that assumes two things: (1) current approximation algorithms aren't "good enough" (which I'm not sure about), and (2) the chaos brought about by cryptography no longer working is relatively short term and we make it through it. :-)
Your first sentence sounds weird to me, and it isn't supported by your second. AES can't be a suitable replacement for RSA because AES is a secret-key system and RSA is a public-key one.
I'm not a crypto person, but RSA and elliptic-curve systems are the only two public-key systems I can think of. (There are others that allow secure exchange of a secret key, but that's different.)
Jeff Atwood's codinghorror.com used to have "type orange in the box", but I think he switched to an actual login thing.
OK that's fine, but now what should the YouTube/Gmail/Wikipedias do?
Or take one of the more convincing examples in TFA: ticketmaster. That's a service that can't reduce the benefit, because the whole point of the site is to provide the exact service (selling tickets) that bots want to achieve (buying tickets).
How is this harder to break than CAPTCHAs? I mean, CAPTCHAs are (or maybe were) actually a decent research question for how to get OCR resilient enough to solve them, or you have to figure out how to hijack other people to solve them for you. By contrast, ignoring fields that are hidden by Javascript seems like... 10 minutes of engineering.
OK, I'm exaggerating a bit. But I really don't see the difficulty there, especially when you start putting in "don't change this" for people sometimes like me with JS off.
You say that bots that pay attention to that aren't common now, but bots that do a decent job at solving CAPTCHAs also seem relatively rare, and if the "hidden fields" became as popular as CAPTCHAs are now I bet you'd see a lot more of them...
And now you've broken form autofilling, which means that real people now need to fill out a lot more fields than they do if you have a CAPTCHA.
(Obviously not every form benefits from filling out, but I bet a lot of the ones where you'd see a CAPTCHA do.)
Yep. But at least for a while, people dying on the operating table will happen, because even if people were perfect and never made any mistakes, we simply don't know how to prevent such occurrences completely.
I don't think you'll find people claiming that CAPTCHAs are a good solution to the problem, but without stating a position on the matter (I'd have to see some hard evidence) it seems to be not completely unreasonable to say that that they're better than the alternatives.
Let's go back to the OR table. Suppose that you have a condition that has a 90% chance of being fatal sometime in the next year. We can operate, but the operation has a 10% of fatal complications. Should you say "Operating has a 10% chance of a negative outcome. I'm not gonna do it. Figure out something better?" and wait around until we do?
How do you propose working around the following problem:
Someone named "stewsters" is spamming me. Please disable his account.
? I thought you were complaining about how you could type what you want into the Win7 start menu and just hit enter, so I don't understand where the clicking comes in. The typing-things-in thing you can do in Win8 exactly the same way. If you drive the start menu with the mouse, then yes, I see why the start screen would be bad.
For a while, you could open PowerPoint, save the default, blank presentation, open it in Impress, and it wouldn't be rendered correctly.
(I don't know when that was fixed, but a PPTX "import filter" was added in OpenOffice 3.0 and it lasted through at least 3.2. Sometime between OO 3.2 [Feb 2010] and LibreOffice 4.0 [Feb 2013] was a dramatic improvement in accuracy, and at least that and another basic slide that I used to test work now. 4.0 is still missing antialiasing and dealing with some of the more "advanced" stuff, like shapes, but at least it seems to be able to render text on a colored slide reasonably accurately now. :-))
You can still do that in 8, there's just no affordance for it that appears until you start doing it.
This is of questionable advantage; many people like it. (Sure, many people hate it as well. It's a very polarizing feature.) I'm probably one of the rare people you'll find who is pretty neutral on the thing. (I don't use office software much.)
Are you on acid? Why do you think you can't do that in MS Office? (Well, I seem to remember some weirdness with Excel in this area. Don't know if it still applies.)
And the fact that PowerPoint is so much better than Impress that it's like if Bobby Fischer, Gary Kasparov, and Deep Blue got together to collaborate in a game of chess against me.
So without getting into ribbon bad/good, I was actually very surprised at some of the changes they made from PPT 2007 to 2010. I used 2010 in a computer lab and expected it to basically be the same thing with a different style and color scheme, but there were actually a couple of things that I was doing where certain actions took far fewer clicks.
I don't know what 2013 has done.
What?
In terms of how I use the computer in day-to-day use, the Vista/7 transition had far more of an effect than Windows 8 has had. I don't really use any metro apps, but with that disclaimer I almost don't notice that metro is present. Windows Vista, however, completely changed (for the better) how I launched programs, and Windows 7 made significant changes with how I deal with managing existing windows.
Actually in terms of typical use, Windows 7 -> 8 may have had the least impact of any Windows version change I've done since 95->98.
No one is arguing that the artists deserve to be paid. That's a strawman.
The argument from copyright supporters is that if the artists make something that people want to have, they deserve to get paid by the people who have it. In other words, if you make something good, other people shouldn't be able to just torrent it.
If you disagree with that, there's an interesting discussion. But saying that artists are demanding to be paid just because they put in the work is not correct.
This isn't necessarily the case, especially for self-published artists. For instance, Zoe Keating has published her revenue breakdown -- only 26% comes from touring. And that's revenue, not profit, and touring is expensive.
Her situation is unique as she is independent (so no label to take profits) and yet reasonably successful. However, the aggregate information based on responses to this survey puts live performance income at 28%, so her experience is right in line with that. (The survey responses are wildly spread out though -- it covers people who just don't do live performances all the way through people who only make money from live performance (6.3%). The number varies a lot by genre; e.g., in rock, the average was 44%. But that's still a long way from "where they actually make money".)
I wish I still had my mod points from a few days ago, because this post deserves some.
Haha, that's pretty funny. I hadn't seen that before.
Doubt it was their motivation, but it's funny regardless.
You don't need to have done something better to be able to determine whether something is good or bad.
Now that said, the NT kernel itself is pretty solid.
I would suggest that it's in between, at least if you consider the contents of the java.blah package part of "Java the language". There are plenty of bits in that which are grossly overengineered... just look at how much crap you have to do in order to carry out simple tasks like file I/O or reading a line of input. It's not a ton in an absolute sense, but it's several times as much code as what "should" be required (according to me).
There's also a CLR (.Net) version of Clojure.
My personal preferences put Clojure as a clear winner over Scheme overall from a language perspective (there are things I like about Scheme better of course, but they are outweighted in other areas), though I can't compare implementations.
I actually really like C# as a language, but if you want to accuse a language of just copying other people's stuff, well, glass houses and all....
(LINQ is pretty cool though. I'm unaware of anything like it before, not to say there isn't one.)