ECRYPT II specifically lists AES-256 as protected against analysis by quantum computer (unless Shor's algorithim applies), People should be more worried about asymmetric crypto, although even there alternatives have been developed. As a fully capable quantum computer won't spring into existence suddenly, I presume we would have a few years to switch.
"Both of the fundamental intractability assumptions on integer factoring and discrete loga- rithms break down if a (large) quantum computer could be built as demonstrated by Shor, [236]. For instance, integers N can be factored in only O(log3 N ) “steps” on such a machine. We are, however, quite far from realizing such a device. In [249], an experimental result for factoring the “toy” number N = 15 is reported with a run-time of just under one second. For symmetric cryptography, the effect would also be dramatic, though not devastating. By the generic search algorithm due to Grover, [95], key-sizes are in effect cut in half. Also this algorithm has been implemented on small toy examples, [56]. A quantum computer would also imply finding n-bit hash function collisions with complexity 2n/3 , [44]. However, in the full-cost model this attack is no faster than attacks on classical computers because the quantum computer would need to be of size 2n/3 [27]. The recommendations in this report assumes (large) quantum computers do not become a reality in the near future."
I don't think that MS made much hardware that could be considered a prelude to the XBox. It's an entirely different product from the rest of their portfolio. I don't see much of a difference with Google. And hardware or software - does it really matter?
Just a HDD recorder that is compatible with HDTV from my cable provider and an Android app. that can be used to put it on record from the other side of the world. Sale! Extra if it is a full remote and can download the guide.
And have they already told anyone what they are going to do with the waste? With their track record, they might just sell it to a garbage handler in, say, middle Africa.
There certainly isn't too much reason why Linux would not be vulnerable to various kinds of attacks. Currently applications gets loads upon loads of permissions. I always find it funny when people talk about the root password on linux systems. Just think of what you can do *without* that password. Access all of the data of the user, create network connections, use any amount of CPU, memory, disk etc. etc. ect. We need much tighter control to those resources. There are some inroads on this (SELinux and other application specific access controls) but much more is still needed. And of course it needs to be integrated and used at a much bigger level. I'm not fooled for a second when people think that Linux is inherently safer than the latest Windows versions. Windows is even ahead on some parts (e.g. use of managed code) - but of course still pretty behind on others.
Quite possible? That's not even hard to achieve, just unzip a few large files at the same time. I had huge problems with newsservers since PAR2, unrar and my own file operations (copying to the correct folder) were taking ages upon ages to complete. And that was *without* virusscanner active. The first time I unzipped a 180 MB Eclipse install on my SSD, I kept waiting for the prompt to come back to me - only to find out it was there all the time.
It's in a jar, and this seems to work at slightly under 200 signs/second:
final ECGenParameterSpec spec = new ECGenParameterSpec("secp521r1");
final KeyPairGenerator gen = KeyPairGenerator.getInstance("EC");
gen.initialize(spec);
final KeyPair pair = gen.generateKeyPair();
Signature sig = Signature.getInstance("SHA512withECDSA");
EC 521 bit security with SHA2 512 bit - that should appease securtity profs, I certainly do. Typed it in without any runtime exception, so it is bouncy castle compatible. So more performance for those able to use ECC based TLS certificates.
Note: no brainpool (European spec) ECC parameters or SHA224 support, too bad:(
Oh, and this is of course nice, although catching GeneralSecurityException might be ok as well:
Initially the performance impact will be none since the languages need to actually use the construct and then optimize it before it becomes a factor. But if I understood correctly during the Java 7 launch I visited in Utrecht, NLD, it will be a lot easier and probably quite a bit faster for the dynamic languages out there. But don't take my word for it, the slides of the launch should be easy to find and they contain a whole section on the subject.
It's been gone for a while from the JDK 7, which simply got split between 7 and 8. And with good reason, it was just taking too much time, and Java is not the language people should screw up.
I'm not waiting that hard for Lambda, in my opinion it's a language feature that really requires a lot from the platform, is very strong but not very good for maintenance. I can already see it being used for interfaces and I can already see my less apt collegues making a mess of it. Heck, even I think it is a helluva step, with many weird consequences. Generics are bad enough, I can show you code that probably takes a normal programmer at least half an hour staring at before things start to dawn (ok, it is a library for sets of enums, but still).
I don't like the way the new languages are all about sparsity and strength of features. None of them are more secure or more maintainable than Java. Strangely engouh, you never hear anybody complain about their speed either (probably because the Java crowd is different from the C++ crowd in that respect). Hopefully project Lambda will get it right, and we get a strong but readable form of lambda expressions.
Be warned that the Java 7 BETA plugins are just that, I've seen it create invalid byte code, something I haven't seen for a while. I'll be filing a bug report on monday (forgot to mail it to my home). It's good enough to test the Java features though, and it even packs some Java 7 refactoring (on e.g. the multi-catch statement).
No there isn't because the government is directly or indirectly (e.g. public broadcasters using silverlight for video broadcasts) pushing us to use Windows. Word documents, Signed PDF, the list goes on. It's probably even worse with the private sector where I still get documents from collegues that are one version further along with office, so that I'm missing the last lamest feature to play the powerpoint presentation. I won't go into hardware support because that simply wants to make me cry. No hybernate or blue ray playback for me.
(posted from a Linux machine at home, here I can have some luxeries while my laptop has vista running somewhere)
There were two things I loved about DOS: the way it went out of my face after starting up a game, and the feeling I got when I created the *ultimate* DOS config that freed up a whole 600K so that each game could actually start up (and included a mouse, sound *and* CD-ROM driver). Otherwise, it was utter *utter* crap even compared with MSX BASIC.
The backslash actually makes parsing slightly more flexible. For example, dir/s is a valid command in DOS, but it would be ambiguous in Linux.
Which is why they don't use / for flags but - for short flags -- for full flags. And they do it way, way, way more consistently than DOS uses the / for sure.
Batch files are horrible but they are better than nothing. Once you know bash or *any* other shell language, you come to realize how shitty DOS or the standard Windows CMD really is. First thing to do on a development system: install cygwin, and use bash instead of cmd. It's not as compatible with windows as cmd is (because of the pathnames mostly) but OMG, what a difference in usage. And cygwin is packing the "fortune" command - which helps me through yet another day.
For teaching a shell like language, I would go for perl, as it is easy to configure on both systems, packs a huge library and lays the base of PHP as well. Even if DOS is only DOS, it will give students an idea of what a language is, how easy it is to make mistakes, and how you can automate and document repetative tasks. So well done there.
I whole-heartily agree, with the additions that without PGP support and the small little thing of "edit as new" is still missing from Gmail. Thanks for the mention of offlineimap, I'll certainly be running a backup (to my backup HDD, my SSD is filling up to fast as it is).
That said, Windows seems to boot faster in a VM inside of Windows too. This is not so strange, the virtual hardware is probably a lot easier to detect and find drivers for than the full machine. I'm pretty sure that most programs run (slightly) slower after boot.
It's slow, impractical (we're having enough problems with protocols) and may not offer the same security as simply adding more rounds or complexity to existing algorithms. It's likely to take more memory (think embedded or smart card) as well. It may not help at all against many side channel attacks. And as I said, most of the time it's not the algorithm that's the problem. It's the system that it is deployed in that's vulnerable, not the algorithm itself.
Think XML encryption. Very nicely spec'ed, but try and use it online without cryptographically safe integrity checks and you may end up with a side channel attacks that takes 128 tries on average per byte (random oracle attack), regardless of the algorithm. I won't go into detail on how many systems deploy 2048 bit RSA keys, but are not kept up to date, leaving it vulnerable to any hacker or script kiddie that comes along. That's just from the top of my head, the list is endless.
Slashdot Mirror
ECRYPT II specifically lists AES-256 as protected against analysis by quantum computer (unless Shor's algorithim applies), People should be more worried about asymmetric crypto, although even there alternatives have been developed. As a fully capable quantum computer won't spring into existence suddenly, I presume we would have a few years to switch.
"Both of the fundamental intractability assumptions on integer factoring and discrete loga-
rithms break down if a (large) quantum computer could be built as demonstrated by Shor,
[236]. For instance, integers N can be factored in only O(log3 N ) “steps” on such a machine.
We are, however, quite far from realizing such a device. In [249], an experimental result for
factoring the “toy” number N = 15 is reported with a run-time of just under one second.
For symmetric cryptography, the effect would also be dramatic, though not devastating.
By the generic search algorithm due to Grover, [95], key-sizes are in effect cut in half. Also
this algorithm has been implemented on small toy examples, [56]. A quantum computer
would also imply finding n-bit hash function collisions with complexity 2n/3 , [44]. However,
in the full-cost model this attack is no faster than attacks on classical computers because the
quantum computer would need to be of size 2n/3 [27].
The recommendations in this report assumes (large) quantum computers do not become
a reality in the near future."
I don't think that MS made much hardware that could be considered a prelude to the XBox. It's an entirely different product from the rest of their portfolio. I don't see much of a difference with Google. And hardware or software - does it really matter?
Just a HDD recorder that is compatible with HDTV from my cable provider and an Android app. that can be used to put it on record from the other side of the world. Sale! Extra if it is a full remote and can download the guide.
Indubiously, but through what?
Maybe he was including Bing in the Google market share, as Bing uses Google :)
And have they already told anyone what they are going to do with the waste? With their track record, they might just sell it to a garbage handler in, say, middle Africa.
Its going to be tricky to get that salt water pond around Kabul, that's for sure.
There certainly isn't too much reason why Linux would not be vulnerable to various kinds of attacks. Currently applications gets loads upon loads of permissions. I always find it funny when people talk about the root password on linux systems. Just think of what you can do *without* that password. Access all of the data of the user, create network connections, use any amount of CPU, memory, disk etc. etc. ect. We need much tighter control to those resources. There are some inroads on this (SELinux and other application specific access controls) but much more is still needed. And of course it needs to be integrated and used at a much bigger level. I'm not fooled for a second when people think that Linux is inherently safer than the latest Windows versions. Windows is even ahead on some parts (e.g. use of managed code) - but of course still pretty behind on others.
Yeah, I guess we'll have to wait a bit before the spiders become truly radioactive.
Quite possible? That's not even hard to achieve, just unzip a few large files at the same time. I had huge problems with newsservers since PAR2, unrar and my own file operations (copying to the correct folder) were taking ages upon ages to complete. And that was *without* virusscanner active. The first time I unzipped a 180 MB Eclipse install on my SSD, I kept waiting for the prompt to come back to me - only to find out it was there all the time.
What's with the Christmas tree next to the home button? Are they expecting to release coming December?
Yes, but only on your console.
It's in a jar, and this seems to work at slightly under 200 signs/second:
final ECGenParameterSpec spec = new ECGenParameterSpec("secp521r1");
final KeyPairGenerator gen = KeyPairGenerator.getInstance("EC");
gen.initialize(spec);
final KeyPair pair = gen.generateKeyPair();
Signature sig = Signature.getInstance("SHA512withECDSA");
EC 521 bit security with SHA2 512 bit - that should appease securtity profs, I certainly do. Typed it in without any runtime exception, so it is bouncy castle compatible. So more performance for those able to use ECC based TLS certificates.
Note: no brainpool (European spec) ECC parameters or SHA224 support, too bad :(
Oh, and this is of course nice, although catching GeneralSecurityException might be ok as well:
} catch (final NoSuchAlgorithmException | InvalidAlgorithmParameterException | InvalidKeyException e) {
} catch (final SignatureException e) {
Initially the performance impact will be none since the languages need to actually use the construct and then optimize it before it becomes a factor. But if I understood correctly during the Java 7 launch I visited in Utrecht, NLD, it will be a lot easier and probably quite a bit faster for the dynamic languages out there. But don't take my word for it, the slides of the launch should be easy to find and they contain a whole section on the subject.
It's been gone for a while from the JDK 7, which simply got split between 7 and 8. And with good reason, it was just taking too much time, and Java is not the language people should screw up.
I'm not waiting that hard for Lambda, in my opinion it's a language feature that really requires a lot from the platform, is very strong but not very good for maintenance. I can already see it being used for interfaces and I can already see my less apt collegues making a mess of it. Heck, even I think it is a helluva step, with many weird consequences. Generics are bad enough, I can show you code that probably takes a normal programmer at least half an hour staring at before things start to dawn (ok, it is a library for sets of enums, but still).
I don't like the way the new languages are all about sparsity and strength of features. None of them are more secure or more maintainable than Java. Strangely engouh, you never hear anybody complain about their speed either (probably because the Java crowd is different from the C++ crowd in that respect). Hopefully project Lambda will get it right, and we get a strong but readable form of lambda expressions.
Be warned that the Java 7 BETA plugins are just that, I've seen it create invalid byte code, something I haven't seen for a while. I'll be filing a bug report on monday (forgot to mail it to my home). It's good enough to test the Java features though, and it even packs some Java 7 refactoring (on e.g. the multi-catch statement).
No there isn't because the government is directly or indirectly (e.g. public broadcasters using silverlight for video broadcasts) pushing us to use Windows. Word documents, Signed PDF, the list goes on. It's probably even worse with the private sector where I still get documents from collegues that are one version further along with office, so that I'm missing the last lamest feature to play the powerpoint presentation. I won't go into hardware support because that simply wants to make me cry. No hybernate or blue ray playback for me.
(posted from a Linux machine at home, here I can have some luxeries while my laptop has vista running somewhere)
There were two things I loved about DOS: the way it went out of my face after starting up a game, and the feeling I got when I created the *ultimate* DOS config that freed up a whole 600K so that each game could actually start up (and included a mouse, sound *and* CD-ROM driver). Otherwise, it was utter *utter* crap even compared with MSX BASIC.
The backslash actually makes parsing slightly more flexible. For example, dir/s is a valid command in DOS, but it would be ambiguous in Linux.
Which is why they don't use / for flags but - for short flags -- for full flags. And they do it way, way, way more consistently than DOS uses the / for sure.
Batch files are horrible but they are better than nothing. Once you know bash or *any* other shell language, you come to realize how shitty DOS or the standard Windows CMD really is. First thing to do on a development system: install cygwin, and use bash instead of cmd. It's not as compatible with windows as cmd is (because of the pathnames mostly) but OMG, what a difference in usage. And cygwin is packing the "fortune" command - which helps me through yet another day.
For teaching a shell like language, I would go for perl, as it is easy to configure on both systems, packs a huge library and lays the base of PHP as well. Even if DOS is only DOS, it will give students an idea of what a language is, how easy it is to make mistakes, and how you can automate and document repetative tasks. So well done there.
Ah, now we can finally see directly if a battery is full or not.
Consumer driven? What do you suppose we use, a treadmill or do we simply burn them and fire up a steam engine?
I whole-heartily agree, with the additions that without PGP support and the small little thing of "edit as new" is still missing from Gmail. Thanks for the mention of offlineimap, I'll certainly be running a backup (to my backup HDD, my SSD is filling up to fast as it is).
That said, Windows seems to boot faster in a VM inside of Windows too. This is not so strange, the virtual hardware is probably a lot easier to detect and find drivers for than the full machine. I'm pretty sure that most programs run (slightly) slower after boot.
It's slow, impractical (we're having enough problems with protocols) and may not offer the same security as simply adding more rounds or complexity to existing algorithms. It's likely to take more memory (think embedded or smart card) as well. It may not help at all against many side channel attacks. And as I said, most of the time it's not the algorithm that's the problem. It's the system that it is deployed in that's vulnerable, not the algorithm itself.
Think XML encryption. Very nicely spec'ed, but try and use it online without cryptographically safe integrity checks and you may end up with a side channel attacks that takes 128 tries on average per byte (random oracle attack), regardless of the algorithm. I won't go into detail on how many systems deploy 2048 bit RSA keys, but are not kept up to date, leaving it vulnerable to any hacker or script kiddie that comes along. That's just from the top of my head, the list is endless.