Even further, you *don't* have the known plaintext to break RSA because it's a random symmetric key encrypted with RSA that is used to encrypt the files by the virus. Every modern cipher since DES has been highly resistant to known plaintext attacks. That's a basic requirement for a cipher to be considered non-broken.
The why's never end. Science try to explain HOW things work. But why they work that way, it's a problem impossible to solve - we'd need a way to measure them that is superior to the things being explained. In other words, we'd need a power greater than the whole universe to explain WHY.
Why did god create the universe?
Why does god exist?
Why can't god not exist? ...
But creationists are still waiting for a single example of a mutation that adds genetic material that was not already there instead of shuffling or removing what they would say God put there to begin with
You can shuffle ATCG around quite a bit to spell anything you want with DNA. There are millions of base pairs in E. Coli, and enough of the letters were rearranged to spell out a protein for metabolizing citrate. No "addition" of genetic material was necessary; just shuffling the same old letters around. That's all that evolution needs, because once shuffled the new DNA can be replicated endlessly.
Just so you know, a proper sequence of chromosome inversions is sufficient to form any string of DNA. So long as each of the ATCG base pairs exist in the chromosome, they can be rearranged endlessly. It's already well known that chromosomes can be duplicated or added to, which makes for an endless, changing supply of base pairs in the genome.
You must have missed the part that said essentially none of the big brother security stuff was enabled on the laptops shipped with the G1G1 program. The only thing still there is the presence of a BIOS lock requiring a developer key (which you can easily get) to flash the firmware with your own image.
That's a good point, and it's why I've always thought of the "singularity" as a point past which the current intelligence can't predict anything beyond. It's a sliding point as intelligence increases. Basically, if there's no way to judge progress "off the top of the graph" so to speak, there's little practical difference between asymptotic and exponential growth beyond the time the curve leaves the graph.
The question is... why? The cable's already in place (and you generally have to buy cable TV to get Internet too, which covers the cost of the physical cable). The cable modem costs $50 at most. The switching equipment at the cable company side can't be more expensive than the switches Amazon has at their data center. At best it should be something like twice as expensive, because the cable company has to deal with two sides of the connection (cable modems and connection to their own ISP). I can imagine the cable company's ISP connection being a little more expensive than Amazon's, since Amazon can pick and choose data center locations for cheap bandwidth and the cable company has to be everywhere, but I don't think they'd pay four times as much. Maybe I'm wrong.
Kurzweil has lots of graphs. Steps are major advances, e.g. stone working to metal working, hunter/gatherer to agriculture, bronze working to steel working, animal power to machine power, abacuses to computing devices, medical advances, number of people on the earth at a given time, GNP, total energy produced/consumed by humans, number of pirates per gram of CO2, etc. Definitely exponential in general. The plateau should be reached when we're nearing 100% efficiency in thermodynamic processes and 5.4258 * 10^50 fundamental computer operations per second per kilogram of matter. We're no where near that plateau, hence the expectation of further exponential growth. It's entirely possible that during a brief singularity, we simply reach the plateau of possibilities in this universe in a very short span of time, and then continue indefinitely from there. It's also possible we'll discover things about the universe (FTL travel for instance) that allows permanent exponential growth for the life of the universe. Otherwise, we're stuck with at best geometric growth at light speed.
Kurzweil puts the singularity sometime mid 21st century, and is quite optimistic. Pessimists don't give it much more time than a few hundred years if it's going to happen at all.
If Amazon can make money charging (at most) $0.17/GB for transfer over redundant links to highly available storage, I have no idea why an ISP would need to charge almost 10 times that amount for best effort packet forwarding. Oh, that's right, they're mostly all greedy monopolies.
Because I believe I have made the case that housing is, in fact, a requirement for human life then I would say that it is indeed both a need and a right and that the two are not mutually exclusive.
Many tribes of nomads have proved that housing is not a requirement for life. Temporary shelter perhaps, but only in some climates or seasons. Ditto for land rights.
Certainly you've found a strong correllation between black poverty and black crime. Let us assume your assumption about causation is correct. The debate then suddenly changes from "Why are half of them criminals?" to "Why are most of them poor?", which is asking the same question in two different ways. The question underneath both is: why does one race show consistently problematically lower levels of cognitive ability, civility, and self-discipline?
Similar questions you might ask yourself are "Why are the biggest genocides or mass murders committed by white people?" and "Why are most serial killers white?" and "Why are the only people to use nuclear weapons on other human beings white?" All of those answers should lead you to the real culprits of society's problems, at least if you follow your own logic.
Poverty causes crime because crime is a direct result of a) poor education (which the poor have in abundance), b) poor living conditions (ditto), c) no way out (ditto, whatever you've heard about the Land of Opportunity does not apply to ghettos), d) low income, e) illegal drugs (illegal alcohol brought major organized crime to the U.S., mostly run by wholesome white people), and f) being told you and your culture are worthless and below average by otherwise seemingly intelligent people.
True enough. Luckily enough there are plenty of other countries that are nearly all black and have always been so. Guess what you'll find there?
Slavery, famine, cruelty, Apartheid, exploitation by Western supported/appointed dictators. Oh, you mean BEFORE western interference? Just about like any other tribal societies like the Goths, Britons, Vikings, and Normans before the Romans came. It was just easier for those tribes to fuck their way into the dominant culture.
An easier question to answer is: where do they succeed and prosper today? I'll tell you two places: sports teams, and the military. Both environments offer a lot of structure. And that's why I suspect that a free democracy does not offer them sufficient structure to rise to the esteem of the other races.
It also perfectly explains why most blacks belong to the democratic party, instead of some fascist party, right? They're just all confused and retarded? If that's what you're saying, the early 20th century called and wants its joke back.
Look, I love trolling as much as the next guy, but you could seriously improve your arguments by invoking phrenology, eugenics, religious beliefs about dark things being evil, and many more racial stereotypes.
Of course it's a cracker! Do you want jesus to magically appear out of nothing in the priest's hand? That would totally violate the conservation of energy and momentum. It's way simpler to just ignore the second law of thermodynamics and have the cracker turn into jesus while leaving a few accidental properties of the cracker behind. Similar argument for the wine. Physical blood tends to coagulate after a few minutes, which would make the last few sips a bit awkward in long masses, not to mention for taking it out to the sick and disabled. Jesus is pretty practical, if nothing else. If he had wanted to give carnal flesh and blood all the time, he could have just cloned himself or something. The spiritual stuff tastes better and has a longer shelf life.
Now I bet you're going to complain about souls not existing or something.
It's slightly awkward watching a pagan chew jesus up without knowing it. Some might say there's a lack of propriety in such an act. Sort of like sneaking veal into a vegan's tofu burger. Not to mention, jesus has to sit around in some unbeliever's gut for a day or two. He has better things to do. Just bring your own Spaghetti or Unicorn Flakes to mass if you want to participate.
I am pretty sure that if I reversed engineered Windows, renamed, it Bimbos, replaced all the inline commenting with "Bill Gates is Gay", and sold it, I am pretty sure Microsoft would be within its rights to prevent me from connecting to update servers, and probably suing me several ways from Tuesday. IANAL so this is all just my opinion...
ReactOS and Wine are perfectly legal. The key is that they didn't make a derivative work, it was developed independently from documentation and legal reverse engineering (literally, testing a black box to see how it behaves).
I'm guessing that you can just buy a couple relays for under $20 and do the same thing that the $100 fan center would.
Of course, you would have to worry about the home power source accidentally supplying voltage to the transformer and keeping the relays closed. It would probably be better to throw some electronics on the mains so that it would detect voltage fluctuations instead. It's no good running 400V from the power company through your home brew power source during a surge, either. One solution might be to take the guts out of a UPS and use it's electronic switching system, but just replace its relays with some rated for the amperage you'll be playing with.
We have discovered absolutely no cause to be concerned about a
possible reduction of the effective key length of AES, regardless of
whether it is 256 bits or 128 bits. Until we get some sort of
indication that perhaps this might be a possibility (we need this
thing scientists like to call ``evidence''), we can say with some
degree of confidence that AES-128 really provides 128-bit key
protection.
Once a break is found, hindsight is of no real use. Everyone said MD5 was secure up until the weakness was found. My point was simply that for a few strong cryptographic primitives, we have seen several orders of magnitude reduction in strength. Who knows what XSL and its derivatives will bring?
You are referring to Grover's Algorithm. You have to make up
some nonexistent quantum computing device with log(n) storage
capacity. We are nowhere near actually constructing such a beast; to
date, we have only solved the most trivial problems relating to
quantum computers. Tell me about your plan to resolve quantum
decoherence (just for starters), and I will start taking your
boogeyman quantum computer attack seriously. Personally, I would
rather be holding my breath for cold fusion.
Yes, sometime within the next 50 to 100 years we have to design a quantum computer that doesn't exist yet. Personally, I'd bet almost any amount of money with you that a practical way to construct "reasonably" large quantum computers will exist within 50 to 100 years. For one thing, I'll probably be dead in 100 years, and for another inflation will have taken care of the value of any bet we make today. In practical terms, there are few secrets that need to be protected for 50 to 100 years, except perhaps nuclear secrets (which will most likely be just as dangerous in 50 years as they are now), but for the small trade off in speed between AES-128 and AES-256, is there even a reason to take a chance? Many people thought 10 rounds was too low during the initial NIST competition, given the higher number of rounds most other applicants used.
This is the only legitimate point you have brought up: marketing. Of
course, that is exactly the point I originally brought up too.
Don't flatter yourself; you said it was a meaningless marketing ploy when it's actually a legitimate response to government requirements (whether the government's requirements are reasonable is a completely different story).
Firstly, AES-256 smacks of a marketing gimmick. AES-128 is perfectly
sufficient for anything that anyone wishes to protect; nobody has ever
discovered a weakness in AES-128 that would be cause for
concern.
Two possibilities: We've seen dramatic weaknesses in md5 and sha1, and it's not impossible that something similar could be found for AES. A reduction from 128 bit security to ~96 or even ~64 bits of security would be a relative disaster; 64-bit ciphers are simply not secure anymore.
Additionally, quantum computers can theoretically break symmetric ciphers in sqrt(n) time, which means that AES-128 could be broken this century.
Assuming both a mild algorithmic reduction and quantum computing, AES-256 looks secure until the next century, if not longer.
Also, AES-256 really only takes 40% longer than AES-128 for practical purposes, since AES-128 has 10 rounds and AES-256 has 14 rounds.
Finally, AES-192 and AES-256 are authorized for TOP SECRET classification, while AES-128 is not. That's a pretty big market Fujitsu would be cutting out by only offering AES-128.
What part of "the average person" and "human terms" did you not understand? Regardless, you have flaws even in your technical portion:
The "average person" expects to be able to click on a wireless network in Windows and then start Internet Explorer without getting arrested for doing so.
Huh. My ISP handles that for me. They give me DNS servers to use, and the use is authorized by the terms of use. If their DNS server goes out and queries Google's servers, that's sort of their issue. Interestingly, there was a recent court case regarding this. Someone was investigating a company, initiated a domain transfer against the company (which the company's DNS servers allowed), and the person was found guilty of illegal computer access.
Your ISP in this case is the access point. In the court case, they did a domain transfer, not a lookup. slashdot got pretty upset about that, too, by the way. In other news, the courts have been siding with the MAFIAA and Microsoft recently, too. Might makes right?
Probably not even in the technical sense. What about when you start asking my component to route packets? Do you again imply that allowing the request implies authorization? Because using open airwaves is one thing, but using my own property or leased property is quite another.
So don't offer a default gateway to DHCP clients. THAT is how to avoid routing their packets, not to mention just not giving them an IP address to begin with. When I send a packet to a wireless router, I send it to www.google.com, NOT the access point. If the access point doesn't think it should forward packets from me, or not forward them to www.google.com, it doesn't have to.
First, we're not talking about laptop owners who open their laptops and find that they're connected. We're talking about people who intentionally connect to and use other people's internet connections.
The two groups overlap significantly. You are basically claiming that people only use wireless access points in their own home, and never go into a cafe, hotel, bar, airport, or any other public place and try to connect to a wireless network. All of those latter people might connect to an "unauthorized" access point without any knowledge they are doing so. The people who park in front of people's houses to steal their wireless access are just stupid morons, and could more easily be charged with stalking or harassment than a computer crime.
Second, I think that it's a stretch to say that a beacon shouting "I'm here!" is initiation of a connection.
Just as much as a NIC shouting "Can I associate? Can I have an IP?". The beacon is a request for associations. If the access point didn't want clients to connect, it wouldn't send beacons. Specifically, each and every beacon is directly addressed to every NIC, because beacons use the FF:FF:FF:FF:FF:FF broadcast address as the recipient. Every standards conforming NIC must accept those broadcasts, and interprets them as being addressed to itself. In effect, the access point is shouting "Hey, each and every one of you, if you want to associate with me here's my SSID and encryption parameters!" It doesn't say "Hey, 00:12:34:56:78:9a, 00:11:de:ad:be:ef, or 00:11:22:33:44:55, here's my SSID!", which would constitute explicit authorization for those MACs to associate. The actual message is explicitly saying that any and all MAC addresses should know about the existence of the access point and how to connect to it. Again, hiding the SSID or turning on encryption is enough to deny authorization to the NICs that don't know the SSID or key.
If there's going to be a law against me sending packets to an access point, there better be a law against them sending me a beacon in the first place.
Should I just ignore the beacons? Then why can't the access points just ignore the packets I send them?
The law can't have it both ways and remain consistent. Either owners of access points need to secure them to ignore unwanted traffic, or they need to stop sending beacons so they don't cause unwanted traffic on every listening NIC within range.
It's perfectly legal to walk onto someone's property and knock on their door, unless they have told a specific person not to do so or they have very prominent "no trespassing" signs.
The computer abuse laws talk about authorization and authentication. They generally state that IF there is a notice that access must be by authorized users only, THEN unauthorized access is prohibited. Much less is said about how to initiate an authorization request, and whether simply asking to be authorized must first be authorized. There's a chicken and egg problem if no one can request authorization because they have no authorization to do so. Nothing is said about how to legally access public services on public networks.
In fact, the only exception to the above is wireless access points, because the access point initiates every connection by broadcasting beacons. Your argument can be turned around by arguing that it should be illegal for wireless access points to broadcast a beacon to network cards that they are not unauthorized to transmit to. The reason both positions are foolish is because the 2.4 GHz spectrum is in the public spectrum. It is legal for an access point to broadcast an SSID, and it's legal to broadcast an association request to an access point for a specific SSID. There is no way for any given NIC to know whether a specific beacon is intended for it or some other wireless card, and every NIC within range must receive every beacon that gets transmitted in order to work properly. If the beacon does not specify encryption, hidden SSID, or an SSID containing a notice that authorization is required to connect, the only logical implication is to assume that the beacon is an invitation to any NIC to associate with the access point, since it is on public airwaves. This falls in line with every other use of the public airwaves, in which authorized users of the spectrum are assumed to have permission to transmit, including the permission to attempt to contact another authorized user with a receiver. People don't need predetermined authorization to communicate with each other on a public channel, even if they've never met before. In response to an association request, the access point can do MAC filtering or deny the connection if the SSID doesn't match the a hidden SSID broadcast, or if encryption is enabled. This is the first level that authorization can be explicitly denied, and NICs should respect the response.
Once the NIC is associated with an access point, there is an implicitly authorized layer 2 connection to the access point. A layer 2 network's purpose is to forward ethernet packets and support standard services like BOOTP, since it's a well known standard. I highly doubt that following officially published and established standards on a network that explicitly authorized a connection with an association response can be construed as unauthorized access or a hacking attempt. Here the access point or the network behind it has yet another chance to do MAC filtering, DHCP-client ID filtering, or any number of other choices to give or not give an IP address to the NIC. If the NIC is given an IP address, and more importantly the addresses of the default gateway and DNS servers, it is explicit authorization to use that IP address and the gateway and DNS servers to connect to other network devices reachable through the access point.
Not taking this common sense approach means it should be illegal to look up www.google.com on any network, because you're not specifically authorized to use the DNS server (and woe be unto those who ask for recursive queries, not knowing who or what they might be contacting for their unauthorized DNS lookups), nor specifically authorized to connect to an IP address it returns for www.google.com's A record.
At about 5 to 10 steps along this process, it's trivial for the access point or network to deny access to a NIC. Denying access is roughly equivalent to making further attempts a violation of the computer abuse laws, because it serves as a barrier to e
Slashdot Mirror
Track them down and kill them.
You should probably get the private key from them first.
Even further, you *don't* have the known plaintext to break RSA because it's a random symmetric key encrypted with RSA that is used to encrypt the files by the virus. Every modern cipher since DES has been highly resistant to known plaintext attacks. That's a basic requirement for a cipher to be considered non-broken.
The why's never end. Science try to explain HOW things work. But why they work that way, it's a problem impossible to solve - we'd need a way to measure them that is superior to the things being explained. In other words, we'd need a power greater than the whole universe to explain WHY.
...
Why did god create the universe?
Why does god exist?
Why can't god not exist?
You can see the problem with your little theory.
But creationists are still waiting for a single example of a mutation that adds genetic material that was not already there instead of shuffling or removing what they would say God put there to begin with
You can shuffle ATCG around quite a bit to spell anything you want with DNA. There are millions of base pairs in E. Coli, and enough of the letters were rearranged to spell out a protein for metabolizing citrate. No "addition" of genetic material was necessary; just shuffling the same old letters around. That's all that evolution needs, because once shuffled the new DNA can be replicated endlessly.
Just so you know, a proper sequence of chromosome inversions is sufficient to form any string of DNA. So long as each of the ATCG base pairs exist in the chromosome, they can be rearranged endlessly. It's already well known that chromosomes can be duplicated or added to, which makes for an endless, changing supply of base pairs in the genome.
Just control the thing with a Babbage Difference Engine made out of little plastic gears.
Even better if it was a milling machine and could make metal parts.
I'd like to know how he was able to turn out the cutting tools for his lathes.
You must have missed the part that said essentially none of the big brother security stuff was enabled on the laptops shipped with the G1G1 program. The only thing still there is the presence of a BIOS lock requiring a developer key (which you can easily get) to flash the firmware with your own image.
That's a good point, and it's why I've always thought of the "singularity" as a point past which the current intelligence can't predict anything beyond. It's a sliding point as intelligence increases. Basically, if there's no way to judge progress "off the top of the graph" so to speak, there's little practical difference between asymptotic and exponential growth beyond the time the curve leaves the graph.
The question is... why? The cable's already in place (and you generally have to buy cable TV to get Internet too, which covers the cost of the physical cable). The cable modem costs $50 at most. The switching equipment at the cable company side can't be more expensive than the switches Amazon has at their data center. At best it should be something like twice as expensive, because the cable company has to deal with two sides of the connection (cable modems and connection to their own ISP). I can imagine the cable company's ISP connection being a little more expensive than Amazon's, since Amazon can pick and choose data center locations for cheap bandwidth and the cable company has to be everywhere, but I don't think they'd pay four times as much. Maybe I'm wrong.
Kurzweil has lots of graphs. Steps are major advances, e.g. stone working to metal working, hunter/gatherer to agriculture, bronze working to steel working, animal power to machine power, abacuses to computing devices, medical advances, number of people on the earth at a given time, GNP, total energy produced/consumed by humans, number of pirates per gram of CO2, etc. Definitely exponential in general. The plateau should be reached when we're nearing 100% efficiency in thermodynamic processes and 5.4258 * 10^50 fundamental computer operations per second per kilogram of matter. We're no where near that plateau, hence the expectation of further exponential growth. It's entirely possible that during a brief singularity, we simply reach the plateau of possibilities in this universe in a very short span of time, and then continue indefinitely from there. It's also possible we'll discover things about the universe (FTL travel for instance) that allows permanent exponential growth for the life of the universe. Otherwise, we're stuck with at best geometric growth at light speed.
Kurzweil puts the singularity sometime mid 21st century, and is quite optimistic. Pessimists don't give it much more time than a few hundred years if it's going to happen at all.
If Amazon can make money charging (at most) $0.17/GB for transfer over redundant links to highly available storage, I have no idea why an ISP would need to charge almost 10 times that amount for best effort packet forwarding. Oh, that's right, they're mostly all greedy monopolies.
You'll probably just release a hoard of barbarians.
Because I believe I have made the case that housing is, in fact, a requirement for human life then I would say that it is indeed both a need and a right and that the two are not mutually exclusive.
Many tribes of nomads have proved that housing is not a requirement for life. Temporary shelter perhaps, but only in some climates or seasons. Ditto for land rights.
Certainly you've found a strong correllation between black poverty and black crime. Let us assume your assumption about causation is correct. The debate then suddenly changes from "Why are half of them criminals?" to "Why are most of them poor?", which is asking the same question in two different ways. The question underneath both is: why does one race show consistently problematically lower levels of cognitive ability, civility, and self-discipline?
Similar questions you might ask yourself are "Why are the biggest genocides or mass murders committed by white people?" and "Why are most serial killers white?" and "Why are the only people to use nuclear weapons on other human beings white?" All of those answers should lead you to the real culprits of society's problems, at least if you follow your own logic.
Poverty causes crime because crime is a direct result of a) poor education (which the poor have in abundance), b) poor living conditions (ditto), c) no way out (ditto, whatever you've heard about the Land of Opportunity does not apply to ghettos), d) low income, e) illegal drugs (illegal alcohol brought major organized crime to the U.S., mostly run by wholesome white people), and f) being told you and your culture are worthless and below average by otherwise seemingly intelligent people.
True enough. Luckily enough there are plenty of other countries that are nearly all black and have always been so. Guess what you'll find there?
Slavery, famine, cruelty, Apartheid, exploitation by Western supported/appointed dictators. Oh, you mean BEFORE western interference? Just about like any other tribal societies like the Goths, Britons, Vikings, and Normans before the Romans came. It was just easier for those tribes to fuck their way into the dominant culture.
An easier question to answer is: where do they succeed and prosper today? I'll tell you two places: sports teams, and the military. Both environments offer a lot of structure. And that's why I suspect that a free democracy does not offer them sufficient structure to rise to the esteem of the other races.
It also perfectly explains why most blacks belong to the democratic party, instead of some fascist party, right? They're just all confused and retarded? If that's what you're saying, the early 20th century called and wants its joke back.
Look, I love trolling as much as the next guy, but you could seriously improve your arguments by invoking phrenology, eugenics, religious beliefs about dark things being evil, and many more racial stereotypes.
Of course it's a cracker! Do you want jesus to magically appear out of nothing in the priest's hand? That would totally violate the conservation of energy and momentum. It's way simpler to just ignore the second law of thermodynamics and have the cracker turn into jesus while leaving a few accidental properties of the cracker behind. Similar argument for the wine. Physical blood tends to coagulate after a few minutes, which would make the last few sips a bit awkward in long masses, not to mention for taking it out to the sick and disabled. Jesus is pretty practical, if nothing else. If he had wanted to give carnal flesh and blood all the time, he could have just cloned himself or something. The spiritual stuff tastes better and has a longer shelf life.
Now I bet you're going to complain about souls not existing or something.
select .... with no lock ?
MVCC
It's slightly awkward watching a pagan chew jesus up without knowing it. Some might say there's a lack of propriety in such an act. Sort of like sneaking veal into a vegan's tofu burger. Not to mention, jesus has to sit around in some unbeliever's gut for a day or two. He has better things to do. Just bring your own Spaghetti or Unicorn Flakes to mass if you want to participate.
I am pretty sure that if I reversed engineered Windows, renamed, it Bimbos, replaced all the inline commenting with "Bill Gates is Gay", and sold it, I am pretty sure Microsoft would be within its rights to prevent me from connecting to update servers, and probably suing me several ways from Tuesday. IANAL so this is all just my opinion...
ReactOS and Wine are perfectly legal. The key is that they didn't make a derivative work, it was developed independently from documentation and legal reverse engineering (literally, testing a black box to see how it behaves).
Just change the guard rotations, and lock the damn doors.
I'm guessing that you can just buy a couple relays for under $20 and do the same thing that the $100 fan center would.
Of course, you would have to worry about the home power source accidentally supplying voltage to the transformer and keeping the relays closed. It would probably be better to throw some electronics on the mains so that it would detect voltage fluctuations instead. It's no good running 400V from the power company through your home brew power source during a surge, either. One solution might be to take the guts out of a UPS and use it's electronic switching system, but just replace its relays with some rated for the amperage you'll be playing with.
We have discovered absolutely no cause to be concerned about a possible reduction of the effective key length of AES, regardless of whether it is 256 bits or 128 bits. Until we get some sort of indication that perhaps this might be a possibility (we need this thing scientists like to call ``evidence''), we can say with some degree of confidence that AES-128 really provides 128-bit key protection.
Once a break is found, hindsight is of no real use. Everyone said MD5 was secure up until the weakness was found. My point was simply that for a few strong cryptographic primitives, we have seen several orders of magnitude reduction in strength. Who knows what XSL and its derivatives will bring?
You are referring to Grover's Algorithm. You have to make up some nonexistent quantum computing device with log(n) storage capacity. We are nowhere near actually constructing such a beast; to date, we have only solved the most trivial problems relating to quantum computers. Tell me about your plan to resolve quantum decoherence (just for starters), and I will start taking your boogeyman quantum computer attack seriously. Personally, I would rather be holding my breath for cold fusion.
Yes, sometime within the next 50 to 100 years we have to design a quantum computer that doesn't exist yet. Personally, I'd bet almost any amount of money with you that a practical way to construct "reasonably" large quantum computers will exist within 50 to 100 years. For one thing, I'll probably be dead in 100 years, and for another inflation will have taken care of the value of any bet we make today. In practical terms, there are few secrets that need to be protected for 50 to 100 years, except perhaps nuclear secrets (which will most likely be just as dangerous in 50 years as they are now), but for the small trade off in speed between AES-128 and AES-256, is there even a reason to take a chance? Many people thought 10 rounds was too low during the initial NIST competition, given the higher number of rounds most other applicants used.
This is the only legitimate point you have brought up: marketing. Of course, that is exactly the point I originally brought up too.
Don't flatter yourself; you said it was a meaningless marketing ploy when it's actually a legitimate response to government requirements (whether the government's requirements are reasonable is a completely different story).
Firstly, AES-256 smacks of a marketing gimmick. AES-128 is perfectly sufficient for anything that anyone wishes to protect; nobody has ever discovered a weakness in AES-128 that would be cause for concern.
Two possibilities: We've seen dramatic weaknesses in md5 and sha1, and it's not impossible that something similar could be found for AES. A reduction from 128 bit security to ~96 or even ~64 bits of security would be a relative disaster; 64-bit ciphers are simply not secure anymore.
Additionally, quantum computers can theoretically break symmetric ciphers in sqrt(n) time, which means that AES-128 could be broken this century. Assuming both a mild algorithmic reduction and quantum computing, AES-256 looks secure until the next century, if not longer.
Also, AES-256 really only takes 40% longer than AES-128 for practical purposes, since AES-128 has 10 rounds and AES-256 has 14 rounds.
Finally, AES-192 and AES-256 are authorized for TOP SECRET classification, while AES-128 is not. That's a pretty big market Fujitsu would be cutting out by only offering AES-128.
What part of "the average person" and "human terms" did you not understand? Regardless, you have flaws even in your technical portion:
The "average person" expects to be able to click on a wireless network in Windows and then start Internet Explorer without getting arrested for doing so.
Huh. My ISP handles that for me. They give me DNS servers to use, and the use is authorized by the terms of use. If their DNS server goes out and queries Google's servers, that's sort of their issue. Interestingly, there was a recent court case regarding this. Someone was investigating a company, initiated a domain transfer against the company (which the company's DNS servers allowed), and the person was found guilty of illegal computer access.
Your ISP in this case is the access point. In the court case, they did a domain transfer, not a lookup. slashdot got pretty upset about that, too, by the way. In other news, the courts have been siding with the MAFIAA and Microsoft recently, too. Might makes right?
Probably not even in the technical sense. What about when you start asking my component to route packets? Do you again imply that allowing the request implies authorization? Because using open airwaves is one thing, but using my own property or leased property is quite another.
So don't offer a default gateway to DHCP clients. THAT is how to avoid routing their packets, not to mention just not giving them an IP address to begin with. When I send a packet to a wireless router, I send it to www.google.com, NOT the access point. If the access point doesn't think it should forward packets from me, or not forward them to www.google.com, it doesn't have to.
First, we're not talking about laptop owners who open their laptops and find that they're connected. We're talking about people who intentionally connect to and use other people's internet connections.
The two groups overlap significantly. You are basically claiming that people only use wireless access points in their own home, and never go into a cafe, hotel, bar, airport, or any other public place and try to connect to a wireless network. All of those latter people might connect to an "unauthorized" access point without any knowledge they are doing so. The people who park in front of people's houses to steal their wireless access are just stupid morons, and could more easily be charged with stalking or harassment than a computer crime.
Second, I think that it's a stretch to say that a beacon shouting "I'm here!" is initiation of a connection.
Just as much as a NIC shouting "Can I associate? Can I have an IP?". The beacon is a request for associations. If the access point didn't want clients to connect, it wouldn't send beacons. Specifically, each and every beacon is directly addressed to every NIC, because beacons use the FF:FF:FF:FF:FF:FF broadcast address as the recipient. Every standards conforming NIC must accept those broadcasts, and interprets them as being addressed to itself. In effect, the access point is shouting "Hey, each and every one of you, if you want to associate with me here's my SSID and encryption parameters!" It doesn't say "Hey, 00:12:34:56:78:9a, 00:11:de:ad:be:ef, or 00:11:22:33:44:55, here's my SSID!", which would constitute explicit authorization for those MACs to associate. The actual message is explicitly saying that any and all MAC addresses should know about the existence of the access point and how to connect to it. Again, hiding the SSID or turning on encryption is enough to deny authorization to the NICs that don't know the SSID or key.
If there's going to be a law against me sending packets to an access point, there better be a law against them sending me a beacon in the first place.
Should I just ignore the beacons? Then why can't the access points just ignore the packets I send them?
The law can't have it both ways and remain consistent. Either owners of access points need to secure them to ignore unwanted traffic, or they need to stop sending beacons so they don't cause unwanted traffic on every listening NIC within range.
It's perfectly legal to walk onto someone's property and knock on their door, unless they have told a specific person not to do so or they have very prominent "no trespassing" signs.
The computer abuse laws talk about authorization and authentication. They generally state that IF there is a notice that access must be by authorized users only, THEN unauthorized access is prohibited. Much less is said about how to initiate an authorization request, and whether simply asking to be authorized must first be authorized. There's a chicken and egg problem if no one can request authorization because they have no authorization to do so. Nothing is said about how to legally access public services on public networks.
In fact, the only exception to the above is wireless access points, because the access point initiates every connection by broadcasting beacons. Your argument can be turned around by arguing that it should be illegal for wireless access points to broadcast a beacon to network cards that they are not unauthorized to transmit to. The reason both positions are foolish is because the 2.4 GHz spectrum is in the public spectrum. It is legal for an access point to broadcast an SSID, and it's legal to broadcast an association request to an access point for a specific SSID. There is no way for any given NIC to know whether a specific beacon is intended for it or some other wireless card, and every NIC within range must receive every beacon that gets transmitted in order to work properly. If the beacon does not specify encryption, hidden SSID, or an SSID containing a notice that authorization is required to connect, the only logical implication is to assume that the beacon is an invitation to any NIC to associate with the access point, since it is on public airwaves. This falls in line with every other use of the public airwaves, in which authorized users of the spectrum are assumed to have permission to transmit, including the permission to attempt to contact another authorized user with a receiver. People don't need predetermined authorization to communicate with each other on a public channel, even if they've never met before. In response to an association request, the access point can do MAC filtering or deny the connection if the SSID doesn't match the a hidden SSID broadcast, or if encryption is enabled. This is the first level that authorization can be explicitly denied, and NICs should respect the response.
Once the NIC is associated with an access point, there is an implicitly authorized layer 2 connection to the access point. A layer 2 network's purpose is to forward ethernet packets and support standard services like BOOTP, since it's a well known standard. I highly doubt that following officially published and established standards on a network that explicitly authorized a connection with an association response can be construed as unauthorized access or a hacking attempt. Here the access point or the network behind it has yet another chance to do MAC filtering, DHCP-client ID filtering, or any number of other choices to give or not give an IP address to the NIC. If the NIC is given an IP address, and more importantly the addresses of the default gateway and DNS servers, it is explicit authorization to use that IP address and the gateway and DNS servers to connect to other network devices reachable through the access point.
Not taking this common sense approach means it should be illegal to look up www.google.com on any network, because you're not specifically authorized to use the DNS server (and woe be unto those who ask for recursive queries, not knowing who or what they might be contacting for their unauthorized DNS lookups), nor specifically authorized to connect to an IP address it returns for www.google.com's A record.
At about 5 to 10 steps along this process, it's trivial for the access point or network to deny access to a NIC. Denying access is roughly equivalent to making further attempts a violation of the computer abuse laws, because it serves as a barrier to e