It seems like too many people think encryption is only about scrambling data until it looks hard to recover. This isn't just a knock against self taught programmers, but I do tend to see it slightly more often in self taught individuals (including myself; when I was a kid I thought repeatedly XORing a password with plaintext was a great idea until I figured out how to automatically recover the passphrase from the ciphertext with statistical analysis a few years later). Anyone who's looked even slightly deeper knows that cryptography is seriously hard and involves knowing advanced mathematics and learning about every advanced published attack before attempting to design a cipher. Even if you pick trusted cryptosystems, there are timing attacks, watermarking attacks, man in the middle attacks, side channel attacks, and any number of other security problems that have to be addressed in the system using the cryptographic primitives. General security is hard, but secure cryptography is arguably even harder. You might think that a general programmer won't run into problems involving cryptography very often, but how many programs or web sites need to manage users and permissions? Store passwords that aren't vulnerable to rainbow tables? Transfer data over the Internet to another trusted host or user? Securely store and process credit card numbers?
After the security researchers were able to get a rogue CA issued by RapidSSL by exploiting an MD5 collision and the predictable sequence number generation, I wish at least some of the major browsers would have revoked that compromised root CA. Despite the fact that any attacker could have gotten their own intermediate CA undetected before the exploit was published, no one bothered to remove their implicit trust of the root CA.
AND YES, PIRATING IS A FORM OF THEFT! Want to argue? Then you'd be wrong. Go steal some stocks or bonds from a company and see how they feel about it after you've devalued their company.
Generally when that happens the government bails you out because you're "too big to fail."
What part of that don't privacy advocates understand? The way to fight back against corporate and government tracking of individuals is not to try to prevent it, but completely circumvent it by turning the cameras and databases against the very ones who currently control them. Anonymous, Wikileaks, other groups are already proving that it's the most effective use of technology available to the general public. Cell phone cameras and secret document liberators (hackers in news-speak) will always have the advantage of numbers against a controlling elite, and they are recognized by governments as the powerful subversive forces that they are. It's obviously not a terrorist threat to take pictures of cops or government buildings or landmarks, but it is certainly a threat to a police state relying on its asymmetric use of monitoring technology. Documenting the wrongdoing of official government actions is the biggest threat to those corrupt governments, and it has them running scared. The ultimate win for individual freedom would be for every aspect of human life to be laid open to full examination by anyone who cares to look. Your neighbor doesn't like what you do in your bedroom? Tough; who's going to listen to him when they hear what he has to say about other people behind closed doors, or the racist decisions he makes as a manager, or more likely simply the hypocrisy he practices in his own bedroom? The only thing to fear from a fully public society is narrow minds and the vast majority of them will be exposed as hypocrites and nothing more. The rest will adapt or go form their own tiny closed societies and stop bothering everyone else.
Why not just give them each a new assignment to replace the grade for the suspect work? In cases where there is no hard evidence of cheating, I don't think it's inappropriate to consider it an accident. The entropy for well written code designed to solve a simple assignment is probably quite low, and I wouldn't be surprised to find that on occasion two people turn in exactly the same code. How many ways are there to write a straightforward K&R "Hello, World!" program in C for instance?
Technically, there are an infinite number of ways to write quicksort. Any arbitrary function can be used to choose a pivot element before partitioning the rest of the elements.
Welcome to the "joy" of statically compiled, un-managed languages. Sure, Makefiles can help but ultimately there is no way to be sure that your binaries are correct short of recompiling everything from scratch in the right order.
Difficult timing? Just wait for a delay after the initial burst of login traffic, and watch for the 5 characters to come after that as the user types "mail\r". ssh generally sends individual keystrokes as separate packets to the remote host unless they're grouped into one large write on the client side, so it would not be hard to identify sections the user is typing. Even in a completely batched protocol, just observing the packet sizes long enough would allow an attacker to make a good guess about how long the initial exchange is, what the byte offset is, and how long the first command is and whether it's always the same length.
Including checksums in the block does not help the case for OTPs. CRCs will be unchanged if the plaintext modification is divisible by the CRC polynomial. If the entire plaintext is known, the CRC (or any checksum or unkeyed hash function) can just be modified as well. What you would actually need to do is replace the OTP with a one time codebook encoding each possible n-bit message as an (n*2)-bit random code (and using a brand new codebook for every message) so that an attacker would have a 1/(2^n) probability of choosing a different valid ciphertext for any given message, which is the same probability as an attacker guessing the original plaintext and therefore as statistically secure as the OTP (but not provably secure; there is no way to prove that you can prevent all MITM attacks or even prevent data loss).
Modification of plaintext is easy when the attacker knows what the plaintext will be. Since OTPs generally use XOR to combine the plaintext with the key, the attacker only has to XOR the known plaintext with the modification and then XOR that with the Ciphertext:
P = plaintext
K = key
C = P ^ K = ciphertext
N = attacker's desired new text
A = P ^ N = attack string
M = C ^ A = MITM modification by attacker
The recipient decrypts M with K to get:
plaintext = M ^ K = (C ^ A) ^ K = ((P ^ K) ^ (P ^ N)) ^ K = (K ^ N) ^ K = N
The attacker has modified the ciphertext stream to inject N into the new decrypted plaintext, knowing only P.
This works on a per character basis, so the attacker just has to know where in the ciphertext stream the known plaintext is.
The way to prove it to multiple people is to construct a formal proof language, a formal model of the hardware, a proof checker that runs on that hardware, and a formal proof that a proof checker running on the formal hardware model correctly validates a formal proof of correctness for all the software you write, and then quine it so that it can prove its own correctness (with respect to the assumptions going into the hardware model and formal language). All anyone else has to do is manually verify the proof checker and hardware model and they get the rest for free once they've automatically validated the proof of the entire system by running the proof checker on their own hardware.
As opposed to a corrupt corporate sponsored party-duopoly that brutally oppresses its own citizens (see U.S. citizens in Guantanimo) and has a history of "physical-attacks" worldwide?
That's what custom duties are for. The obvious way to fix price disparities between the U.S. and countries without strong human rights or environmental protection is to tax their products at a higher rate than products from countries with laws similar the U.S. That, of course, pisses off the fair trade people even though the effect of such taxes is to force the governments of those countries to improve their laws since it's the most optimal strategy; those countries can lose potential profits as taxes to the U.S. or collect the taxes themselves and skim some off the top while improving their own standard of living.
The only reason it's more economical to produce goods in other countries is that the workers and environment there have fewer legal protections. Essentially, it allows companies to do what is illegal in the U.S. in other countries and get away with it. Until the One World Government solves that little problem, the disparity between industrial production in different countries will always exist. You may argue that small government would prevent the problem in the first place, but the result would be abolishing the minimum wage and environmental protection (like mandating your drinking water be free of PCBs and heavy metals).
Your biggest problem with a OTP is authentication. How do you know an attacker didn't guess that the first thing you run when you log in is "mail", and xored ("mail" xor "rm *") against the ciphertext stream? If you need to trust a cryptographic secure message digest for authentication, you might as well use a plain old cipher like AES for encryption.
When power is disconnected from MG1, the Prius transmission is effectively in neutral. A mechanical kill switch that could interrupt the high voltage supply to MG1 would be a nice option.
Good brake pads have very similar coefficients of static and dynamic friction. Granted, as the brakes heat up and glaze, the coefficients of friction can go down dramatically, so it's best to jam on the brake hard and get stopped quickly.
Automatic transmissions have a neutral position that works just as well as a manual's neutral.
Westmere and onward have instructions that implement the cryptographic primitives used by Rijndael (of which AES comprises three modes); MixColumns, SubBytes, and ShiftRows (and the alternative Inverse variants for decryption). Keying, encryption, and decryption will be significantly faster.
Even if there was absolute proof that there was no god, people would still be unhappy about being injured, enslaved, or killed, and would continue to call those things wrong. Morality is a human concept that exists independently of religion.
Truth, science, and technology is what won out. Without the printing press, we'd be a bunch of Catholic/Orthodox fiefdoms fighting the Moors throughout an unending dark age.
I'd rather have a project whose goal is "well tested and bug free" instead of "reaching milestones." There's always time to add some feature later, but no way to get your lost time back if things break.
... Everything in mathematics is intrinsic to the rules of mathematics: the axioms. Meaning that while new equations can be discovered, they are all derived from a core theory.
We completely agree on this point. Mathematics is a theory which is completely defined by the choice of formal axioms for the theory. This means that everything expressible using only provable mathematical statements is a result of the axioms and nothing more. An algorithm is merely a formal definition of a computable function of set theory that is guaranteed to terminate. I admit that when mixing English and mathematics, it is often difficult to show that the English descriptions have rigorous mathematical definitions as well, e.g. the idea of "choosing an element" is rather ill-defined, and without a lot of formality we can't prove that every terminating finite sequence of operations is an algorithm and that it implements a computable function, but that work has already been done by Church, Turing, Godel, and others.
The act of choosing a way to select element p is in and of itself outside of mathematics. You chose the first element? Middle? Some logarithmic? OK. You still chose a way, not the math. This is precisely why software cannot be derived from mathematics. Hence, why the "math is not patentable" theory does not work when applied to software patents.
This is where you are wrong. Every distinct algorithm for quicksort including "pick the first element", "pick the middle element", or "pick a pseudo-random element" is actually a distinct algorithm, and hence a distinct function derivable from set theory. The human choice is not in how to pick an element within an algorithm for quicksort, the choice is between an infinite number of quicksort algorithms that will each pick an element in a different, completely deterministic way. Every specific quicksort algorithm is fully deterministic (the definition of an algorithm requires this), and fully derivable from the axioms. Humans merely discover one out of the infinite set of pre-existing quicksort algorithms when they sit down with a text editor and write quicksort.
Even programs implementing neural networks or heuristics are actually implemented as deterministic algorithms on real hardware, and fall under the above argument.
As an aside, it is still perfectly logical to prove the correctness of every class of quicksort algorithms that picks an element from a list in its own way. This no longer describes a single algorithm, but an entire class of algorithms, and if you accept the earlier set theory definition of a list, then "... If S(L)>1, then for all computable functions F(L) where the range of F(L) is the set of integers { 1, 2, 3,..., S(L) }, then for x=F(L), {x,{x,p}} is a member of L since 1 = x = S(L) and p is a member of the list L by the set theory definition of a list, so partition L into L1 and L2..." and so on. This is a basic hypothesis that no matter how one chooses p from L (by an arbitrary function F, which takes L as a parameter because as a deterministic function, Q has no other context that can affect the value of F), the value of the function Q(L) is always a permutation of L where it is sorted.
For consumer DVD drives, it's necessary to authenticate the software to the drive firmware before it will read encrypted sectors. You can test this by putting an encrypted DVD in a Linux box and typing 'dd if=/dev/dvd of=/dev/null' and watching the kernel message log for sector errors. The UDF directories are unencrypted so the OS can mount the disk, but the VIDEO_TS files are unreadable without authenticating the drive with a CSS key. See this quick explanation. At this point, DRM has already been broken and you're a horrible criminal, but you can still copy the entire encrypted DVD (e.g. dd if=/dev/dvd of=dvd.iso) and then you have a bit-for-bit copy of the readable portions of the DVD sectors. Not everything, because DVDs have 2054 byte sectors to include a per-sector 6 byte CSS key, but the drive firmware on consumer drives only returns the 2048 bytes of data. For all the DVDs I've ever seen, the CSS key is the same for every sector of a given file in the VIDEO_TS directory, so it doesn't really matter that the per-sector keys aren't copied. Once the encrypted copy of the DVD is made, it can still be decrypted by brute forcing the CSS key for each encrypted file at run time, which is made pretty quick by the broken cipher used for CSS. To make a long story short, you are correct that the DVD has to be decrypted before re-encoding or burning a new DVD. As others have pointed out, with consumer hardware you can't burn the per-sector keys to a DVD+/-R, which means that any re-encoded DVD will have to be burned as an unencrypted DVD.
Sorry, I was lazy. Just choose the first element of L to be p, if you want. Or pick the floor(S(L)/2)th element if you want. It doesn't really matter how you pick p (unless it depends directly on the relationship between the specific elements of L), Q will have O(n^2) evaluations in the worst case, which can be proved by demonstration with the list {1,2,3,4,...,n} and choosing p as the first element of the list. I'll leave that as an exercise to the reader.
If you want, here's one formal way you can define a list with set theory: define an ordered pair (x,y) as the set {x,{x,y}}, so a simple definition of a list would be the set of ordered pairs such that the first element of the pair is an index into the list, e.g. { {1,{1,a_1}}, {2,{2,a_n2}},.... {n,{n,a_n}} } would be the ordered list of n elements a_1 through a_n.
If you want to completely formalize it, then we'd have to define predicate and prepositional calculus, then define set theory with those, and add some definitions for numbers and probably some lambda calculus axioms from which to derive the fact that the application of the function Q results in a sorted permutation of the elements of the list it's applied to.
Then if you really want to get carried away, we can create a Godel numbering for our statements, arithmetic rules for applying the rules of the logic and the axioms, and finally produce a huge string of digits that represents the entire argument which you can double check with your arbitrary precision calculator in your spare time.
Nah, science just needs natural selection. The people who practiced bloodletting and mercury tonics and thought the earth was flat have died off as opposed to the ones who promoted statistical evidence based science, double-blind studies, and antibiotics. Even if they're all fundamentally wrong, they're quite a bit more fit than any other general group of humans have been in the past. If the current wrongness matters, subgroups with more right-ness will replace them in the future. This doesn't exclude religion, because it's clearly a part of human experience for a lot of people. But it probably means that religions will simply continue to shift and adapt to the changes in society as it has in the past, and attachment to any particular instance of it as a universal truth is probably a bad idea.
Slashdot Mirror
It seems like too many people think encryption is only about scrambling data until it looks hard to recover. This isn't just a knock against self taught programmers, but I do tend to see it slightly more often in self taught individuals (including myself; when I was a kid I thought repeatedly XORing a password with plaintext was a great idea until I figured out how to automatically recover the passphrase from the ciphertext with statistical analysis a few years later). Anyone who's looked even slightly deeper knows that cryptography is seriously hard and involves knowing advanced mathematics and learning about every advanced published attack before attempting to design a cipher. Even if you pick trusted cryptosystems, there are timing attacks, watermarking attacks, man in the middle attacks, side channel attacks, and any number of other security problems that have to be addressed in the system using the cryptographic primitives. General security is hard, but secure cryptography is arguably even harder. You might think that a general programmer won't run into problems involving cryptography very often, but how many programs or web sites need to manage users and permissions? Store passwords that aren't vulnerable to rainbow tables? Transfer data over the Internet to another trusted host or user? Securely store and process credit card numbers?
After the security researchers were able to get a rogue CA issued by RapidSSL by exploiting an MD5 collision and the predictable sequence number generation, I wish at least some of the major browsers would have revoked that compromised root CA. Despite the fact that any attacker could have gotten their own intermediate CA undetected before the exploit was published, no one bothered to remove their implicit trust of the root CA.
AND YES, PIRATING IS A FORM OF THEFT! Want to argue? Then you'd be wrong. Go steal some stocks or bonds from a company and see how they feel about it after you've devalued their company.
Generally when that happens the government bails you out because you're "too big to fail."
What part of that don't privacy advocates understand? The way to fight back against corporate and government tracking of individuals is not to try to prevent it, but completely circumvent it by turning the cameras and databases against the very ones who currently control them. Anonymous, Wikileaks, other groups are already proving that it's the most effective use of technology available to the general public. Cell phone cameras and secret document liberators (hackers in news-speak) will always have the advantage of numbers against a controlling elite, and they are recognized by governments as the powerful subversive forces that they are. It's obviously not a terrorist threat to take pictures of cops or government buildings or landmarks, but it is certainly a threat to a police state relying on its asymmetric use of monitoring technology. Documenting the wrongdoing of official government actions is the biggest threat to those corrupt governments, and it has them running scared. The ultimate win for individual freedom would be for every aspect of human life to be laid open to full examination by anyone who cares to look. Your neighbor doesn't like what you do in your bedroom? Tough; who's going to listen to him when they hear what he has to say about other people behind closed doors, or the racist decisions he makes as a manager, or more likely simply the hypocrisy he practices in his own bedroom? The only thing to fear from a fully public society is narrow minds and the vast majority of them will be exposed as hypocrites and nothing more. The rest will adapt or go form their own tiny closed societies and stop bothering everyone else.
Why not just give them each a new assignment to replace the grade for the suspect work? In cases where there is no hard evidence of cheating, I don't think it's inappropriate to consider it an accident. The entropy for well written code designed to solve a simple assignment is probably quite low, and I wouldn't be surprised to find that on occasion two people turn in exactly the same code. How many ways are there to write a straightforward K&R "Hello, World!" program in C for instance?
Technically, there are an infinite number of ways to write quicksort. Any arbitrary function can be used to choose a pivot element before partitioning the rest of the elements.
Welcome to the "joy" of statically compiled, un-managed languages. Sure, Makefiles can help but ultimately there is no way to be sure that your binaries are correct short of recompiling everything from scratch in the right order.
The only accurate way to estimate it, I'd say.
Difficult timing? Just wait for a delay after the initial burst of login traffic, and watch for the 5 characters to come after that as the user types "mail\r". ssh generally sends individual keystrokes as separate packets to the remote host unless they're grouped into one large write on the client side, so it would not be hard to identify sections the user is typing. Even in a completely batched protocol, just observing the packet sizes long enough would allow an attacker to make a good guess about how long the initial exchange is, what the byte offset is, and how long the first command is and whether it's always the same length.
Including checksums in the block does not help the case for OTPs. CRCs will be unchanged if the plaintext modification is divisible by the CRC polynomial. If the entire plaintext is known, the CRC (or any checksum or unkeyed hash function) can just be modified as well. What you would actually need to do is replace the OTP with a one time codebook encoding each possible n-bit message as an (n*2)-bit random code (and using a brand new codebook for every message) so that an attacker would have a 1/(2^n) probability of choosing a different valid ciphertext for any given message, which is the same probability as an attacker guessing the original plaintext and therefore as statistically secure as the OTP (but not provably secure; there is no way to prove that you can prevent all MITM attacks or even prevent data loss).
Modification of plaintext is easy when the attacker knows what the plaintext will be. Since OTPs generally use XOR to combine the plaintext with the key, the attacker only has to XOR the known plaintext with the modification and then XOR that with the Ciphertext:
P = plaintext
K = key
C = P ^ K = ciphertext
N = attacker's desired new text
A = P ^ N = attack string
M = C ^ A = MITM modification by attacker
The recipient decrypts M with K to get: plaintext = M ^ K = (C ^ A) ^ K = ((P ^ K) ^ (P ^ N)) ^ K = (K ^ N) ^ K = N
The attacker has modified the ciphertext stream to inject N into the new decrypted plaintext, knowing only P.
This works on a per character basis, so the attacker just has to know where in the ciphertext stream the known plaintext is.
The way to prove it to multiple people is to construct a formal proof language, a formal model of the hardware, a proof checker that runs on that hardware, and a formal proof that a proof checker running on the formal hardware model correctly validates a formal proof of correctness for all the software you write, and then quine it so that it can prove its own correctness (with respect to the assumptions going into the hardware model and formal language). All anyone else has to do is manually verify the proof checker and hardware model and they get the rest for free once they've automatically validated the proof of the entire system by running the proof checker on their own hardware.
As opposed to a corrupt corporate sponsored party-duopoly that brutally oppresses its own citizens (see U.S. citizens in Guantanimo) and has a history of "physical-attacks" worldwide?
That's what custom duties are for. The obvious way to fix price disparities between the U.S. and countries without strong human rights or environmental protection is to tax their products at a higher rate than products from countries with laws similar the U.S. That, of course, pisses off the fair trade people even though the effect of such taxes is to force the governments of those countries to improve their laws since it's the most optimal strategy; those countries can lose potential profits as taxes to the U.S. or collect the taxes themselves and skim some off the top while improving their own standard of living.
The only reason it's more economical to produce goods in other countries is that the workers and environment there have fewer legal protections. Essentially, it allows companies to do what is illegal in the U.S. in other countries and get away with it. Until the One World Government solves that little problem, the disparity between industrial production in different countries will always exist. You may argue that small government would prevent the problem in the first place, but the result would be abolishing the minimum wage and environmental protection (like mandating your drinking water be free of PCBs and heavy metals).
Your biggest problem with a OTP is authentication. How do you know an attacker didn't guess that the first thing you run when you log in is "mail", and xored ("mail" xor "rm *") against the ciphertext stream? If you need to trust a cryptographic secure message digest for authentication, you might as well use a plain old cipher like AES for encryption.
When power is disconnected from MG1, the Prius transmission is effectively in neutral. A mechanical kill switch that could interrupt the high voltage supply to MG1 would be a nice option.
Good brake pads have very similar coefficients of static and dynamic friction. Granted, as the brakes heat up and glaze, the coefficients of friction can go down dramatically, so it's best to jam on the brake hard and get stopped quickly. Automatic transmissions have a neutral position that works just as well as a manual's neutral.
Westmere and onward have instructions that implement the cryptographic primitives used by Rijndael (of which AES comprises three modes); MixColumns, SubBytes, and ShiftRows (and the alternative Inverse variants for decryption). Keying, encryption, and decryption will be significantly faster.
Even if there was absolute proof that there was no god, people would still be unhappy about being injured, enslaved, or killed, and would continue to call those things wrong. Morality is a human concept that exists independently of religion.
Truth, science, and technology is what won out. Without the printing press, we'd be a bunch of Catholic/Orthodox fiefdoms fighting the Moors throughout an unending dark age.
I'd rather have a project whose goal is "well tested and bug free" instead of "reaching milestones." There's always time to add some feature later, but no way to get your lost time back if things break.
... Everything in mathematics is intrinsic to the rules of mathematics: the axioms. Meaning that while new equations can be discovered, they are all derived from a core theory.
..., S(L) }, then for x=F(L), {x,{x,p}} is a member of L since 1 = x = S(L) and p is a member of the list L by the set theory definition of a list, so partition L into L1 and L2..." and so on. This is a basic hypothesis that no matter how one chooses p from L (by an arbitrary function F, which takes L as a parameter because as a deterministic function, Q has no other context that can affect the value of F), the value of the function Q(L) is always a permutation of L where it is sorted.
We completely agree on this point. Mathematics is a theory which is completely defined by the choice of formal axioms for the theory. This means that everything expressible using only provable mathematical statements is a result of the axioms and nothing more. An algorithm is merely a formal definition of a computable function of set theory that is guaranteed to terminate. I admit that when mixing English and mathematics, it is often difficult to show that the English descriptions have rigorous mathematical definitions as well, e.g. the idea of "choosing an element" is rather ill-defined, and without a lot of formality we can't prove that every terminating finite sequence of operations is an algorithm and that it implements a computable function, but that work has already been done by Church, Turing, Godel, and others.
The act of choosing a way to select element p is in and of itself outside of mathematics. You chose the first element? Middle? Some logarithmic? OK. You still chose a way, not the math. This is precisely why software cannot be derived from mathematics. Hence, why the "math is not patentable" theory does not work when applied to software patents.
This is where you are wrong. Every distinct algorithm for quicksort including "pick the first element", "pick the middle element", or "pick a pseudo-random element" is actually a distinct algorithm, and hence a distinct function derivable from set theory. The human choice is not in how to pick an element within an algorithm for quicksort, the choice is between an infinite number of quicksort algorithms that will each pick an element in a different, completely deterministic way. Every specific quicksort algorithm is fully deterministic (the definition of an algorithm requires this), and fully derivable from the axioms. Humans merely discover one out of the infinite set of pre-existing quicksort algorithms when they sit down with a text editor and write quicksort.
Even programs implementing neural networks or heuristics are actually implemented as deterministic algorithms on real hardware, and fall under the above argument.
As an aside, it is still perfectly logical to prove the correctness of every class of quicksort algorithms that picks an element from a list in its own way. This no longer describes a single algorithm, but an entire class of algorithms, and if you accept the earlier set theory definition of a list, then "... If S(L)>1, then for all computable functions F(L) where the range of F(L) is the set of integers { 1, 2, 3,
For consumer DVD drives, it's necessary to authenticate the software to the drive firmware before it will read encrypted sectors. You can test this by putting an encrypted DVD in a Linux box and typing 'dd if=/dev/dvd of=/dev/null' and watching the kernel message log for sector errors. The UDF directories are unencrypted so the OS can mount the disk, but the VIDEO_TS files are unreadable without authenticating the drive with a CSS key. See this quick explanation. At this point, DRM has already been broken and you're a horrible criminal, but you can still copy the entire encrypted DVD (e.g. dd if=/dev/dvd of=dvd.iso) and then you have a bit-for-bit copy of the readable portions of the DVD sectors. Not everything, because DVDs have 2054 byte sectors to include a per-sector 6 byte CSS key, but the drive firmware on consumer drives only returns the 2048 bytes of data. For all the DVDs I've ever seen, the CSS key is the same for every sector of a given file in the VIDEO_TS directory, so it doesn't really matter that the per-sector keys aren't copied. Once the encrypted copy of the DVD is made, it can still be decrypted by brute forcing the CSS key for each encrypted file at run time, which is made pretty quick by the broken cipher used for CSS. To make a long story short, you are correct that the DVD has to be decrypted before re-encoding or burning a new DVD. As others have pointed out, with consumer hardware you can't burn the per-sector keys to a DVD+/-R, which means that any re-encoded DVD will have to be burned as an unencrypted DVD.
Sorry, I was lazy. Just choose the first element of L to be p, if you want. Or pick the floor(S(L)/2)th element if you want. It doesn't really matter how you pick p (unless it depends directly on the relationship between the specific elements of L), Q will have O(n^2) evaluations in the worst case, which can be proved by demonstration with the list {1,2,3,4, ...,n} and choosing p as the first element of the list. I'll leave that as an exercise to the reader.
.... {n,{n,a_n}} } would be the ordered list of n elements a_1 through a_n.
If you want, here's one formal way you can define a list with set theory: define an ordered pair (x,y) as the set {x,{x,y}}, so a simple definition of a list would be the set of ordered pairs such that the first element of the pair is an index into the list, e.g. { {1,{1,a_1}}, {2,{2,a_n2}},
If you want to completely formalize it, then we'd have to define predicate and prepositional calculus, then define set theory with those, and add some definitions for numbers and probably some lambda calculus axioms from which to derive the fact that the application of the function Q results in a sorted permutation of the elements of the list it's applied to.
Then if you really want to get carried away, we can create a Godel numbering for our statements, arithmetic rules for applying the rules of the logic and the axioms, and finally produce a huge string of digits that represents the entire argument which you can double check with your arbitrary precision calculator in your spare time.
Nah, science just needs natural selection. The people who practiced bloodletting and mercury tonics and thought the earth was flat have died off as opposed to the ones who promoted statistical evidence based science, double-blind studies, and antibiotics. Even if they're all fundamentally wrong, they're quite a bit more fit than any other general group of humans have been in the past. If the current wrongness matters, subgroups with more right-ness will replace them in the future. This doesn't exclude religion, because it's clearly a part of human experience for a lot of people. But it probably means that religions will simply continue to shift and adapt to the changes in society as it has in the past, and attachment to any particular instance of it as a universal truth is probably a bad idea.