Regarding the warranty; there is a difference between it breaking and intentionally breaking it. Buying a car 'as-is no warranty' does not mean the dealership can come in the middle of the night and snip a brake line because they don't like the selling price.
LastPass has a phone app that syncs to the cloud but can cache locally. It also has browser plugins for the machines where you are comfortable / able to install something locally.
A jury case can set precedent -- in a particular set of circumstances, the court case went a certain way. In future cases lawyers may reference this case when explaining how their side should win. See https://simple.wikipedia.org/w.... It may not be 'binding' and the details will determine how easy it is to equate future cases with this one, but it still goes into the legal record and you can be sure it'll be referenced if it is helpful to someones case.
I think the veracity of Wayback would be an issue at trial, and both sides would present their theories / subpoena the admins of Wayback, and the jury would have to decide if the content was reliable or not.
Sovereign Immunity is not a blank check. The FBI (or any other agency) cannot have the legal authority to trump the legal process by contract. That would allow them to trump discovery in any court case by constructing contracts that prevent disclosure.
"Your Honor, your order to produce the basis for the evidence against the plantiff is trumped by our contract with party X to not disclose that." Nope.
It would work if they actually don't have that information, not if they 'promised' not to disclose it.
As I understand it, chargebacks can happen if the transaction is disputed, but the vendor is not exposed to whether the customer can actually *pay*. The credit card company pays the vendor regardless of whether the customer pays their credit card bill.
Being pedantic, but there is no 'sufficiently complex' about a one-time pad. Either the pad is actually random or it is not, and either it is used properly (ie never reused), or it is not.
If it is actually random and never reused, the cipherhtext is beyond virtually unbreakable -- it absolutely unbreakable. The message can be decoded with equal probability into anything.
seed from 8 bytes to 24 bytes to be reasonably secure.
This is not a OTP, it is something else. Your seed is the input to a pseudorandom number generator which is creates the encryption key. Since it is a PRNG it does not achieve the perfect security of a true random OTP. http://crypto.stackexchange.co... describes the issue with trying to generate a OTP with a PRNG.
Given your statement about seed strength but not knowing what tool it is, I'd be very concerned that your effective key strength is significantly less than commodity GPG offers.
Beware this practice as the landlord can still come after you if they didn't get the full amount from your roomate; and the roomate can say 'nope didn't get the money'.
This attack is different then the one you describe. You are describing someone attacking an encrypted wallet file. The attack in this article is based on generating wallets that are identical to someone else's without having access to their data.
When you generate a 'standard' wallet, the computer generates a large random number and uses that as the basis for the wallet. In brainwallet, a human picks a phrase that is the basis for the wallet. Humans are monumentally poor at picking one that cannot be guessed. That is the target of this attack. If user Alice generates a brainwallet with the phrase 'i am a fish', attacker Dave can use EC2 to generate an identical wallet (and thus be able to transfer the coins elsewhere) with the base phrase 'i am a fish'.
The Bitcoin community has been aware that brainwallets are interesting-but-a-bad-idea for quite some time.
However the rental scenario is apt -- I'm unlikely to read through a car manual in the lot to check that there are no gotchas with the gas pedal / brake if they resemble what I'm already familiar with. A critical control that behaves significantly differently then all others of the same appearance is bad user design, also known as the principle of least surprise.
Sort of like replacing the function of the disk 'save' icon with a disk 'wipe' function -- yeah someone could read the entire manual but its sneaky to do that.
If it is going to behave significantly differently it should look/feel significantly differently.
The digital 'leash' is bad enough, but being responsible for actively checking something is what makes go from on-call to just 'work'. On-call should be based on some sort of active push/handoff, not actively watching for something. And making the push be every email that comes in to a distribution that is not used solely for notifications of this nature doesn't count.
I am willing to believe that yellows are shortened at camera-intersections, but a system that randomized the timings / flipped red just long enough for a picture would be quickly caught by someone on video and the local news outlets would have a field day.
I recall the original story was the police returned the drone's wreckage directly to the owners without copying its data, so any data provided by the drone owners is suspect, an even then you have to bring into question the accuracy of the drones sensors.
It sounds like the judge went with the testimony of two witnesses that can be cross-examined rather than trusting unverifiable data.
The government doesn't charge $1M for the medallion; that is the private-party sale price. Its the artificial scarcity that makes them worth that much. I wonder why they weren't made non-transferable (at the time they were implemented) and implement something like a waitlist to get one.
where again, your mass storage is local, on site -- but it works like the cloud in the sense you can upload to it from anywhere.
One of the prime benefits of backing to a cloud-provider instead of a local storage appliance is that a fire that takes out most of your desktops / laptops is is not also going to take out your backup storage farm.
https://en.wikipedia.org/wiki/... describes how storage devices can remap failing sectors, which cannot be erased by normal OS means but could possibly be recovered forensically. The OS cannot erase the contents as the drive firmware opaquely performs the mapping.
Your safe deposit box is vulnerable to one person with a good drill.
Any system that hobbles wide-spread encryption tools with a backdoor key will eventually be subverted by loss / discovery of the key(s), rendering the entire system worse then useless. Multiple keys is also difficult as the NSA/FBI is going to regularly use this facility, so the keys have to be online / available. Not so much the 'break glass in case of fire' but more of 'press button to open door'.
Keys that subvert an entire countries infrastructure would be one of the worlds most sought-after secrets. Thats a lot of resources to bring to bear to defeat a small number of keys.
No encryption -- generate a random string and store it in the DB as associated with the login id. All you care is that the user with email X receives the email and can provide the random string.
Slashdot Mirror
Regarding the warranty; there is a difference between it breaking and intentionally breaking it. Buying a car 'as-is no warranty' does not mean the dealership can come in the middle of the night and snip a brake line because they don't like the selling price.
LastPass has a phone app that syncs to the cloud but can cache locally. It also has browser plugins for the machines where you are comfortable / able to install something locally.
A jury case can set precedent -- in a particular set of circumstances, the court case went a certain way. In future cases lawyers may reference this case when explaining how their side should win. See https://simple.wikipedia.org/w.... It may not be 'binding' and the details will determine how easy it is to equate future cases with this one, but it still goes into the legal record and you can be sure it'll be referenced if it is helpful to someones case.
I think the veracity of Wayback would be an issue at trial, and both sides would present their theories / subpoena the admins of Wayback, and the jury would have to decide if the content was reliable or not.
Sovereign Immunity is not a blank check. The FBI (or any other agency) cannot have the legal authority to trump the legal process by contract. That would allow them to trump discovery in any court case by constructing contracts that prevent disclosure.
"Your Honor, your order to produce the basis for the evidence against the plantiff is trumped by our contract with party X to not disclose that." Nope.
It would work if they actually don't have that information, not if they 'promised' not to disclose it.
As I understand it, chargebacks can happen if the transaction is disputed, but the vendor is not exposed to whether the customer can actually *pay*. The credit card company pays the vendor regardless of whether the customer pays their credit card bill.
The article indicates the bottom outlets are jammed, so it may not be possible without extensive repairs first.
Could they subpoena the signing key somehow?
Can you name the tool?
In any case, the system described is not a OTP.
Being pedantic, but there is no 'sufficiently complex' about a one-time pad. Either the pad is actually random or it is not, and either it is used properly (ie never reused), or it is not.
If it is actually random and never reused, the cipherhtext is beyond virtually unbreakable -- it absolutely unbreakable. The message can be decoded with equal probability into anything.
seed from 8 bytes to 24 bytes to be reasonably secure.
This is not a OTP, it is something else. Your seed is the input to a pseudorandom number generator which is creates the encryption key. Since it is a PRNG it does not achieve the perfect security of a true random OTP. http://crypto.stackexchange.co... describes the issue with trying to generate a OTP with a PRNG.
Given your statement about seed strength but not knowing what tool it is, I'd be very concerned that your effective key strength is significantly less than commodity GPG offers.
Beware this practice as the landlord can still come after you if they didn't get the full amount from your roomate; and the roomate can say 'nope didn't get the money'.
This attack is different then the one you describe. You are describing someone attacking an encrypted wallet file. The attack in this article is based on generating wallets that are identical to someone else's without having access to their data.
When you generate a 'standard' wallet, the computer generates a large random number and uses that as the basis for the wallet. In brainwallet, a human picks a phrase that is the basis for the wallet. Humans are monumentally poor at picking one that cannot be guessed. That is the target of this attack. If user Alice generates a brainwallet with the phrase 'i am a fish', attacker Dave can use EC2 to generate an identical wallet (and thus be able to transfer the coins elsewhere) with the base phrase 'i am a fish'.
The Bitcoin community has been aware that brainwallets are interesting-but-a-bad-idea for quite some time.
However the rental scenario is apt -- I'm unlikely to read through a car manual in the lot to check that there are no gotchas with the gas pedal / brake if they resemble what I'm already familiar with. A critical control that behaves significantly differently then all others of the same appearance is bad user design, also known as the principle of least surprise.
Sort of like replacing the function of the disk 'save' icon with a disk 'wipe' function -- yeah someone could read the entire manual but its sneaky to do that.
If it is going to behave significantly differently it should look/feel significantly differently.
Laser targeting aircraft in a non-wartime scenario is not going to go over well.
The digital 'leash' is bad enough, but being responsible for actively checking something is what makes go from on-call to just 'work'. On-call should be based on some sort of active push/handoff, not actively watching for something. And making the push be every email that comes in to a distribution that is not used solely for notifications of this nature doesn't count.
I am willing to believe that yellows are shortened at camera-intersections, but a system that randomized the timings / flipped red just long enough for a picture would be quickly caught by someone on video and the local news outlets would have a field day.
I recall the original story was the police returned the drone's wreckage directly to the owners without copying its data, so any data provided by the drone owners is suspect, an even then you have to bring into question the accuracy of the drones sensors.
It sounds like the judge went with the testimony of two witnesses that can be cross-examined rather than trusting unverifiable data.
The government doesn't charge $1M for the medallion; that is the private-party sale price. Its the artificial scarcity that makes them worth that much. I wonder why they weren't made non-transferable (at the time they were implemented) and implement something like a waitlist to get one.
where again, your mass storage is local, on site -- but it works like the cloud in the sense you can upload to it from anywhere.
One of the prime benefits of backing to a cloud-provider instead of a local storage appliance is that a fire that takes out most of your desktops / laptops is is not also going to take out your backup storage farm.
https://en.wikipedia.org/wiki/... describes how storage devices can remap failing sectors, which cannot be erased by normal OS means but could possibly be recovered forensically. The OS cannot erase the contents as the drive firmware opaquely performs the mapping.
http://hacknmod.com/hack/diy-e... would do it, and probably be highly dangerous to anything else along the beam -- such as a jetliner.
Your safe deposit box is vulnerable to one person with a good drill.
Any system that hobbles wide-spread encryption tools with a backdoor key will eventually be subverted by loss / discovery of the key(s), rendering the entire system worse then useless. Multiple keys is also difficult as the NSA/FBI is going to regularly use this facility, so the keys have to be online / available. Not so much the 'break glass in case of fire' but more of 'press button to open door'.
Keys that subvert an entire countries infrastructure would be one of the worlds most sought-after secrets. Thats a lot of resources to bring to bear to defeat a small number of keys.
That is Mailman, and is fixed in Mailman 3.
No encryption -- generate a random string and store it in the DB as associated with the login id. All you care is that the user with email X receives the email and can provide the random string.
GPS requires a receiver.