Both bills would flatly ban the possession, sale, or use of technologies that "conceal from a communication service provider... the existence or place of origin or destination of any communication".
A home user is likely NOT modifying the hardware address on the cable modem. Thus, the origin of the communication is always known to the ISP, even if the source IP is spoofed.
The destination IP must be known to the ISP, or else how can the communication be routed? Even if said destination is, say, some privacy-protecting proxy server, then that is the destination of the communication as far as the ISP is concerned.
I mean, how far up the OSI model does the article's author think this bill can reach? What if my unencrypted e-mail said, simply, "Please give this message to 'you-know-who'?" Am I concealing the destination of the communication? Hardly.
I suppose a liberal interpretation of the bills might allow for prosecution for people using NATs, but unless your agreement with your ISP prohibits it, you are clearly not doing any "unauthorized reception."
Well... yes and no... From MS' security bulletin:
The RPC endpoint mapper allows RPC clients to determine the port number currently assigned to a particular RPC service.
So if you block it, RPC clients will likely stop working.
But, really, who cares? How many RPC services are running exposed to untrusted environments? If you have such a box connected to the Internet NOT behind a firewall, you've been begging to be DOS-ed all along.
Not correct. What you are not taking into account is that every possible plaintext is just as likely to be the correct one. A quantum computer may be able to give you a thousand different decryptions for a given ciphertext, all of which turn out to be completely valid messages according to whatever criteria you are using, but it won't be able to tell you which one is the true decryption.
Here here!
Although, the time factor should be mentioned. We must assume (and good cryptographers do) that any cryptosystem can be broken given enough time and/or enough effort. So one must consider two things:
1) How valuable is this secret? This translates into how much computing power (read: money) a cracker is willing to invest in its decryption.
2) How long does this need to remain a secret? What is infeasible to crack now will not (I say WILL NOT) be infeasble to crack in some number of years.
The secrets encrypted by the Enigma, for the quintessential example, were extremely valuable. They did not have much computing power then, but they were willing to invest a lot of effort to crack these messages. Now they can be cracked quite easily on a PC.
Why do I mention this? Sure, there may be an attack against AES that works better than brute force, but that is probably not a reason to stop using it now. It would appear that it would still require an large amount or resources to crack an AES message. Even so, assuming your keys are exchanged using asymmetric crytpgraphy, only one message gets cracked. If you want your secret to remain secret forever, you shouldn't be using an open channel to begin with.
Chicago's DePaul University has had one for about a year. Here's the info page. Their only security seems to be that you need a username and password to download their 128-bit WEP key. But there are some areas that do not have any security.
Slashdot Mirror
Jeez! If you keep trying to innovate, you're gonna fail quite a few times. We can learn SO MUCH from our mistakes.
Allow me to rip this article a new one...
Both bills would flatly ban the possession, sale, or use of technologies that "conceal from a communication service provider ... the existence or place of origin or destination of any communication".
I mean, how far up the OSI model does the article's author think this bill can reach? What if my unencrypted e-mail said, simply, "Please give this message to 'you-know-who'?" Am I concealing the destination of the communication? Hardly.
I suppose a liberal interpretation of the bills might allow for prosecution for people using NATs, but unless your agreement with your ISP prohibits it, you are clearly not doing any "unauthorized reception."
MSF out.
Well... yes and no... From MS' security bulletin: The RPC endpoint mapper allows RPC clients to determine the port number currently assigned to a particular RPC service. So if you block it, RPC clients will likely stop working. But, really, who cares? How many RPC services are running exposed to untrusted environments? If you have such a box connected to the Internet NOT behind a firewall, you've been begging to be DOS-ed all along.
Not correct. What you are not taking into account is that every possible plaintext is just as likely to be the correct one. A quantum computer may be able to give you a thousand different decryptions for a given ciphertext, all of which turn out to be completely valid messages according to whatever criteria you are using, but it won't be able to tell you which one is the true decryption.
Here here!
Although, the time factor should be mentioned. We must assume (and good cryptographers do) that any cryptosystem can be broken given enough time and/or enough effort. So one must consider two things:
1) How valuable is this secret? This translates into how much computing power (read: money) a cracker is willing to invest in its decryption.
2) How long does this need to remain a secret? What is infeasible to crack now will not (I say WILL NOT) be infeasble to crack in some number of years.
The secrets encrypted by the Enigma, for the quintessential example, were extremely valuable. They did not have much computing power then, but they were willing to invest a lot of effort to crack these messages. Now they can be cracked quite easily on a PC.
Why do I mention this? Sure, there may be an attack against AES that works better than brute force, but that is probably not a reason to stop using it now. It would appear that it would still require an large amount or resources to crack an AES message. Even so, assuming your keys are exchanged using asymmetric crytpgraphy, only one message gets cracked. If you want your secret to remain secret forever, you shouldn't be using an open channel to begin with.
Chicago's DePaul University has had one for about a year. Here's the info page. Their only security seems to be that you need a username and password to download their 128-bit WEP key. But there are some areas that do not have any security.