random is just another way to say ignorant. Nothing is truly randome, but something can have so many variables that is seem random to the human brain.
The point is that PRNG's exhibit much less random properties, eventually repeat their stream bit-for-bit and known PRNG's can be used to attack.
Random data from a natural source can on the other hand gets much closer to the ideal of "truely random", should not repeat for any significant length and should not be known for any significant length.
If you would not hold an OTP system built from radioactive decay up as being a strongest or near-strongest crypto system. Then what would you trust?
Actually, how about sending the one time pad in the open and the real secret is where the encrypted message is? Steganography using a one-time pad comes to mind.
Devious, Huh!
; )
I've actually been wondering if government agencies have been capturing images from the net (and other noisy media files) and been crossing them with each other to find matching images which contain OTP's and OTP_ciphertexts. That method is dodgy, when proper OTP can work so well and easily. If I were crossing international borders with OTP's though, I certainly would want them stored steganographically to avoid detection. Any countries image peoples computers as they pass through? Who would have thought, that a big problem in electronics, noise, would actually one day provide such an effective secure communications medium!
On a different note...
You could choose to send the OTP as the "secure message" and send the OTP encrypted ciphertext through the secure channel. But that would be very much more impractical than OTP crypto already can be. It takes away from one of the best features of OTP crypto.
The OTP's are the pre-shared secret and the messages are the future information to be secured. So sending the OTP itself as the "secure message" as need be and sending the encrypted message through the secure channel as need be is impractical. Since if you need a secure channel through which you can send information securely at any time, if you have that, then you don't need the OTP at all! ; )
OTP allows a bulk pre-shared key to be sent through a limited availability secure channel, so that secure comms can later benefit from that sporadic bulk transfer, but at any arbitrary time. The One Time Pad basically tries to take full benefit from some small windows of opportunity. An agent crosses a border with a very large, very well hidden OTP, for example. It could be a large CF card in a camera, with OTP's stego embedded into innocent looking images on the card. A card which is easily removed, inserted into a PC and then used for secure comms.
The pads of One Time Pads are supposed to be moved over a secure channel. Perhaps held by a trusted agent or otherwise couriered by a trusted courier.
There is no point in distributing pads WITH OTP crypto, since the pad should never be used more than once and therefore they cannot be used to send more data that the length of pad intself (compression shouldn't work, since we should be talking about real noise, which should not compress). So if a pad had to be sent securely at one stage (to fascilitate this new communication), then sending another pad with it is just a waste of time and effort. A pad of the same size or greater was already SECURLY sent, to allow this new pad to be sent? Can't be more secure. It would be redundant. Nothing gained.
The code starts by identifying a group, could this be a use of a one time pad method of encryption
Yes. The first thing I thought when I saw "Group 617", was OTP. It could easily have been "Block 617" as a reference to noise stored in a block device.
The fact that VoIP is being used, allows a side channel in the noise which goes along with a VoIP call. Noise from the microphone which gets encoded into the signal being sent to the other end, could be replaced with OTP encrypted data.
The numbers scream "scrutinize me". The use of OTP's can be defeated if you manage to capture someone with a real yet-to-be-used OTP. If you can capture it covertly (unlikely, since agents should not be careless), you wait for the messages to come through. If you capture it by force, then you have to hope that messages get sent without any "clear to send" message from the field agent. Regardless, a big screaming "scrutinize me" increases the awareness of potential OTP's that need to be captured.
If you just left an innocent sounding message on your VoIP voice mail, it might not draw attention to the fact that the noise channel, which looks like any other noise, is actually an OTP encrypted message. So the foreign engineer you have working in your nuclear reactor, phones home and sends or receives much more than is obvious.
The best feature I see of making it so open, as in this reported case, is that it can be very hard to pinpoint who the sender and receiver are. That is kinda scary, since governments don't really hide the fact that they use crypto on a regular basis and the.gov senders often use major single transmission points, intended to be broadcast for anyone including the intended recipient to receive, so that it does not bring a focus onto the intended recipient. VoIP usage seems to reduce that benefit to me. Until of course the net community get wind of the story and flood it with access attempts.
Just how good is the RNG that was used to generate the OTP?
Important point that you said RNG and not PRNG. Because an OTP is not an OTP if the P was generated with an PRNG:
"Classically , a one-time pad is nothing more than a large nonrepeating set of truely random key letters, written on sheets of paper, and glued together in a pad", "The caveat, and this is a big one, is that the key letters have to be generated randomly. Any attacks against this scheme will be against the method used to generate the key letters. Using a pseudo-random number generator doesn't count; they always have nonrandom properties. If you use real random source -this is much harder than it might first appear-, it's secure".
Bruce Schneier, Applied Cryptography, 2nd ed.
One would hope that the intelligence agencies of the World are using real noise and not PRNG's for their OTP's.
From your online resume: "Serving as primary programmer for a multi-player online role-playing game. Duties include maintaining and expanding a large open-source C++ server program, designing and implementing innovative new gameplay features, resolving player disputes, SQLite database administration, and Linux server administration."
But his explanation on ssh tunneling is gibberish?
A word of warning: the resume you intentionally put up on the net with Google is not the only info about you which Google will happily dredge up about you for an employer. Telling the World that you think ssh tunneling is difficult might go against you one day.
Some things are most powerful without GUI's and "primary programmers" and "Linux admins" ought not be whining about CLI configs.
The entire point of antenna cables is to move as much of the RF energy as possible, leakage is quite undesirable from a technical standpoint.
Yes and speaking of those cables, telcos tend to use the best stuff around. I haven't worked in cell phone radio since 1991, but back then my nations dominant telco (Australia, Telecom) were using coax which essentially had solid copper shield and solid copper core. Both of which were made in a wave like fashion. Take the core out of that and you'd have some sort of funky waveguide transmission line. Not much leakage will come out of cable like that. ; ) I imaging the only leakage would be from the connector points and even then it would be miniscule.
Let me be clear, I am just putting out my experience and my opinion.
Your experience in this matter is way too small to be forming an opinion worthy of anything beyond that which you could waste your own time with.
BTW, I'm typing this from Windows XP Home, which is going through an OpenBSD firewall. If I replied to you hours earlier, I might have been writting from OSX. On any other day it could have been OpenBSD, NetBSD, FreeBSD, Solaris or shock horror, even Linux! My point is, that I'm not a zealot, although I do have a preference for spending time with OpenBSD. Regardless of my bias, however great or little, your story is hardly worth forming an opinion over and then telling the World.
I firmly believe my anecdotal experience qualifies me to offer non-sequitors with hyperbole but without embarassment.
Who are the crack addicted retards who moderated this as Troll and Flamebait? This is a rational and apt response to the OP, who has posted yet more useless crap here at/.. Sure, there's sarcasm a'plenty, but it is well deserved and I really quite enjoyed it.
When a post like this gets moderated down, it's a sign of crap/. has become. This post is Funny and Insightful.
But a 15,000 rpm SCSI drive is probably a bit of a screamer as well. What does it sound like with something like that in your computer? Is it tolerable?
My Fujitsu 15k rpm 36GB U360 drive is actually very quiet and runs pretty cool. When I first bought it, I wondered how noisy it was going to be. When I first switched it on, I thought that I had to wait a little while for it to get the start command or something, because I actually did not hear it wind up. I thought it was going to sound like a little muffled jet turbine, but in fact, I have to have the case open and put my head near the drive to hear it wind up. Same deal for random accessing when I do a "find/. >/dev/null" shortly after booting. Pretty quiet.
Although Fujitsu provide a 5 year warrantee on my drive, they show life expectancy amongst other things in a readme piece of paper which came with the drive. Ranging from 5 to 1 years with increasing temperature. A pretty clear warning to keep your drives cool.
10k and 15k rpm drives usually have much smaller disks and thus smaller head arm assemblies. So I guess in addition to this easing faster rotation and allowing smaller and faster head movement, it also allows for quieter operation. Have you seen how large the arm servo is, compared with the arms themselves in these drives? They are huge. I guess they're moving those small light arms, shorter distances with a much greater force.
Pricewatch.com is your friend.:) I turn to them for all my hardware needs. That's where my quotes are for.
Be careful searching for the cheapest drives you can find from sites like that. I tried to purchase some 18GB SCSI drives for the OpenBSD project a few years ago, so that they could keep some older gear going (like VAX's). I found good prices for some Seagate drives and went through with the purchase, including payment with my credit card. *AFTER* I had ordered and payed, it became apparent only in the confirmation email that the drive I ordered was a FACTORY REFURBISHED UNIT. Nowhere prior or during my order was there any statement that these drives were refurb units. Not at the price searching site, not at the linked to item page at the online store and not at any stage during the order. Only AFTER I ordered could the word "refurbished" be found hidden in a tome of text in the finalized order confirmation email.
Not wanting to lump the OpenBSD project with such a drive, I canceled and complained.
So take care with cheap disks!
It's a very good investment. Fast SCSI drives not only have great seek times, they also have longer lifespans, which is important for a root partition;)
Yeah, I have a Fujitsu 15k 36GB U360 drive. Gets up to 95Mbytes/sec sustained and I think it never gets lower than 75 at it's slowest point at the end. Plus really fast random access, low latency and elevator sorting with TCQ deeper than SATA. Still though, for desktop use, SATA is great.
Actually OpenBSD's ath(4) driver (Atheros chipset) is a bit lacking. It only does 802.11b on my D-Link DWL-G650. FreeBSD and NetBSD both support 802.11g on it. (I have no idea about the turbo, or double-G support.)
OpenBSD typically has fantastic wireless support. There are odd cases where a NIC is better supported elsewhere, but those specific cases don't take away from the overall OpenBSD+WiFi goodness. There are also bound to be some issues due to closed vendor stances conflicting with OpenBSD ideals. But since apps and OS are the glue between the user and the computer, I prefer to choose my OS and apps as the top criteria and then hardware to go with them.
20 minutes to remove the laptop from the bag, smash the window and pound on the steering column with it? They must be using those modern, fancy-pants, lightweight laptops. In the old days we could get a car in under 5 minutes with a Mac Portable.
Pfft, amateur. You're using the wrong tool. In my day we could get any car in under 2 minutes with a Dolch luggable. You did have to take care not to accidentally smash the whole steering wheel right off the column though, if you missed.
Of course nowdays, the newer Dolch's are stillusable, but less care needs to be taken, as these will merely dent the steering wheel.
The cheap flash memory (like in my 1GB thumbdrive) has ~100,000 r/w cycles. If your internet cache was there, you'd hose that memory within hours.
The cheap flash memory in thumbdrives is not the only flash memory around. 100,000 cycles nowdays for flash would be considered bad. I'm seeing 1,000,000 refered to now for decent CF.
It would make a lot of sense to have 10% of your disk solid state, only spin up the real drive as necessary. I don't think multigigabyte memory will be affordable anytime real soon.
Multi-gigabyte memory is affordable NOW. CF cards can be used as IDE hard drives and 2GB units are cheap (even 4GB looks cheap to me). I've been using CF for firewalls (OpenBSD/pf) for more than a year now without any troubles. I just switch on soft updates and use noatime.
My Thinkpad A21p (Announce date: 25 Sep 2000) has a 15" 1600x1200 TFT. We're talking about a five year old laptop here - granted, IBM was the leader in laptop display resolution... but all laptops should have high-resolution displays.
Yes, I am pretty astounded that Apple did not go that little extra to 1920x1200 for the 17" MacBook Pro. This is Apple, the company known for being good for visual work and their top of the line notebook can't render 1:1 the full HDTV resolution of 1920x1080 on the built in screen? My VAIO can and plenty of other PC notebooks can.
I can't wait for 300dpi LCD's. OSX would be spectacular.
If you were not using a OTP, but rather some crypto which does use a smaller-than-typical-plaintext key, to make the ciphertext that the court has as evidence and the other side have not been able to decrypt it (and you safely think they won't be able to), you could just claim that you did in fact use OTP crypto to generate that ciphertext and then produce a fake OTP which decodes the courts copy of the ciphertext to anything you want, of the same size.
They would either have to believe you, or keep trying to crack the very strong crypto/key that you really did use.
Muhahahahaaaa!! I think I should move into a life of crime. Go move to switzerland, open up some bank accounts and get into some serious extortion over the net. Hmm, on second thought, maybe not, I *really* would like to keep my ass secure and tightly fortified. Prison is not my cup of tea. ; )
Using a one time pad is actually a pretty solid plan. I was going to recommend it myself, but a remembered cryptosystem and key has an important property that a one time pad does not: you can't find it when you search the agent's luggage.
Yes, it's a shame that the specific impracticalities of the OTP can be pretty bad.
But, where will his luggage be searched? Being a good spy, he naturally ejects out of an SR-71 Blackbird travelling at mach 3, 150,000 feet above the enemy. Where he will not pull his parachute until 50m from above the rooftop of exactly where he wants to be, which does of course have a single armed guard who will not hear him land or the thrust of his black anodized razor sharp knife/C4 detonator/satelite communicator. Unless of course, that guard is a hot babe with an Eastern European accent, in which case he first infiltrates her and she falls for him and decides to defect. ; )
I better get some sleep. I'm feeling sleepy drunk. Anyone else get that with very long stints at their computers? A drunk'ish silliness?
Hmm. This gets thrown about a lot, especially here and I think it is starting to lose its meaning. Obscurity can provide some security. The security gained can vary with the strength of the obscurity. The various meanings of obscurity include, "keep from being seen; conceal" and "make unclear and difficult to understand". In fact encryption obscures a message and steganography obscures the existence of a message (especially effective if they are combined where the message is in ciphertext form and hidden with stego amongst noise). "Security through obscurity" does not always have to mean "security through poorly obscured design".
Cryptography is one of those areas where (unlike, say, brain surgery) it's quite easy to convince yourself you have developed some new expert technique. Even the crypto experts are cautious about making such statements - flaws are found in our very best efforts sometimes decades later.
Yes, I agree. Usually, if a person thinks they know cryptography, they don't. So many times I've seen someone come up with something they think is brilliant, only to have someone answer them with something like, "oh that is a blah cipher, invented in 18xx and cracked in 19xx. A P4 3GHz can crack that at about 400Mb/s". ; )
If you're interested in it at all, may I recommend any of Bruce Schneier's writings. His book Applied Cryptography is the gold standard in the field, and he maintains a fascinating blog at www.schneier.com.
Applied Cryptography is not in my bookshelf. Reason being that it is out right now and is almost always out somewhere in the house, because it's the number one book which has me coming back and re-reading bits because it's such a great book. In my copy pages have started to come out and the book is now filthy looking. I hope he gives it a good update one day (I've got the 2nd ed). I was really excited to discover in that book that Linear Feedback Shift Registers were in there. Because years before, playing around with flip-flop shift registers made from JK's (from memory), I'd discovered that I could generate psuedo random numbers which would eventually repeat (oddly enough:). I had independently discovered LFSR's for use as PRNG's and then years later discovered with this book that I was actually onto something. That was super cool. I still have the breadboard with the IC's laid out with connecting wires.
I've been wanting to simulate in software various LFSR designs to plot their output to strange attractor images, just for the heck of it. One day I might get around to that. Pitty LFSR's are not very efficient in software.
If you can come up with a cryptosystem that can be used conveniently by hand yet is secure in the face of of computer-assisted cryptanalysis that'd be most impressive.
Well, I think here we could agree or disagree depending on what we consider to be convenient. Dating back to 1917, the One Time Pad can be used by hand and unbreakable when done properly.
Any system that can be done by hand *at all* and has that property is potentially pretty useful in a field-agent situation.
A field-agent can be provided with a small booklet of OTP, with pages which can be removed and easily destroyed. The HQ of course has the one and only copy of that OTP booklet, under the highest security lockup. If the field-agent believes he is about to be captured, he can destroy the booklet. This would prevent the enemy from sending disinformation as appearing to come from the field-agent. Seperate to that scenario, when the field-agent wants to send a secure message, he simply makes the desired message, encodes it against a page of OTP to create the ciphertext and then sends the ciphertext. He should then promptly destroy the message, OTP page used and the ciphertext. This way, everything except for his own recollection of that plaintext message is destroyed. If he is a real patriot and hears the enemy coming for him (they heard the cipher transmission), he will now eat a round from his silenced H&K Mk.23.45 semi auto. ; )
The encoding (and decoding if need be) in the field is easy to do by hand. The crypto "device" can easily be destroyed too.
Don't know about Italy, but in the U.S. he would have been compelled to cough up his key to the Feds or be held for contempt until he rotted.
So why even bother with crypto?
Use single use keys which are meant to be destroyed after use. The proper procedure for One Time Pad use for example, is to encode the plaintext with a OTP to make the ciphertext and then destroy the OTP. The recipient is also supposed to destroy his copy of the OTP, once she has used it.
So well before a court has requested the key (in this case, the OTP involved), the suspect can simply claim that the order is impossible to comply with, because the key was truely randomly generated and destroyed at the time of use as a matter of proper procedure.
However, the great thing about OTP crypto, is that you could choose to provide an alternative OTP which can be used to decode the captured ciphertext into ANY other plaintext of the same size! So all you have to do is come up with an alternative message of the same size, but one which is reasonable to believe that you would want to be kept secret, then encode that fake message with the ciphertext as if the ciphertext where the OTP, this will give you a ciphertext which you can refer to the court as being the original OTP. When they decode the real captured ciphertext (the one the court has had all along), with this new fake OTP which you claim to be the the real original OTP, they get the new fake plaintext. A non incriminating one, maybe even one which reinforces a previous alibi of yours. Like magic, the fake OTP looks like it must be real and true, because it (random looking characters) used with the original ciphertext submitted as court evidence, makes a very clean real message. Nobody can deny this plausible decryption using cryptographic methods.
So there you have perfect secrecy, along with perfect plausible deniability.
Slashdot Mirror
If you're abbreviating the year to single digits, then it also started up on 6-6-6.
Oh my god! The 6-bone peoples sense of humour and irony is not YY compliant!
random is just another way to say ignorant. Nothing is truly randome, but something can have so many variables that is seem random to the human brain.
The point is that PRNG's exhibit much less random properties, eventually repeat their stream bit-for-bit and known PRNG's can be used to attack.
Random data from a natural source can on the other hand gets much closer to the ideal of "truely random", should not repeat for any significant length and should not be known for any significant length.
If you would not hold an OTP system built from radioactive decay up as being a strongest or near-strongest crypto system. Then what would you trust?
Actually, how about sending the one time pad in the open and the real secret is where the encrypted message is? Steganography using a one-time pad comes to mind.
Devious, Huh!
; )
I've actually been wondering if government agencies have been capturing images from the net (and other noisy media files) and been crossing them with each other to find matching images which contain OTP's and OTP_ciphertexts. That method is dodgy, when proper OTP can work so well and easily. If I were crossing international borders with OTP's though, I certainly would want them stored steganographically to avoid detection. Any countries image peoples computers as they pass through? Who would have thought, that a big problem in electronics, noise, would actually one day provide such an effective secure communications medium!
On a different note...
You could choose to send the OTP as the "secure message" and send the OTP encrypted ciphertext through the secure channel. But that would be very much more impractical than OTP crypto already can be. It takes away from one of the best features of OTP crypto.
The OTP's are the pre-shared secret and the messages are the future information to be secured. So sending the OTP itself as the "secure message" as need be and sending the encrypted message through the secure channel as need be is impractical. Since if you need a secure channel through which you can send information securely at any time, if you have that, then you don't need the OTP at all! ; )
OTP allows a bulk pre-shared key to be sent through a limited availability secure channel, so that secure comms can later benefit from that sporadic bulk transfer, but at any arbitrary time. The One Time Pad basically tries to take full benefit from some small windows of opportunity. An agent crosses a border with a very large, very well hidden OTP, for example. It could be a large CF card in a camera, with OTP's stego embedded into innocent looking images on the card. A card which is easily removed, inserted into a PC and then used for secure comms.
1.) Drill holes in hard drive.
Ever have trouble getting through any glass platter drives? Or did you feel the platters shatter?
I don't know if they're out yet, but you might have broken some drill bits if you tried to get through the new glass-ceramic-glass sandwich platters.
Right. I'm not saying it is a security risk. He seemed more concerned about "bloat".
Okay. I thought you might have been picking him up on the security scanning point. Nmap, etc.
That would be odd, to say the least. Since:
The code starts by identifying a group, could this be a use of a one time pad method of encryption
.gov senders often use major single transmission points, intended to be broadcast for anyone including the intended recipient to receive, so that it does not bring a focus onto the intended recipient. VoIP usage seems to reduce that benefit to me. Until of course the net community get wind of the story and flood it with access attempts.
Yes. The first thing I thought when I saw "Group 617", was OTP. It could easily have been "Block 617" as a reference to noise stored in a block device.
The fact that VoIP is being used, allows a side channel in the noise which goes along with a VoIP call. Noise from the microphone which gets encoded into the signal being sent to the other end, could be replaced with OTP encrypted data.
The numbers scream "scrutinize me". The use of OTP's can be defeated if you manage to capture someone with a real yet-to-be-used OTP. If you can capture it covertly (unlikely, since agents should not be careless), you wait for the messages to come through. If you capture it by force, then you have to hope that messages get sent without any "clear to send" message from the field agent. Regardless, a big screaming "scrutinize me" increases the awareness of potential OTP's that need to be captured.
If you just left an innocent sounding message on your VoIP voice mail, it might not draw attention to the fact that the noise channel, which looks like any other noise, is actually an OTP encrypted message. So the foreign engineer you have working in your nuclear reactor, phones home and sends or receives much more than is obvious.
The best feature I see of making it so open, as in this reported case, is that it can be very hard to pinpoint who the sender and receiver are. That is kinda scary, since governments don't really hide the fact that they use crypto on a regular basis and the
Just how good is the RNG that was used to generate the OTP?
Important point that you said RNG and not PRNG. Because an OTP is not an OTP if the P was generated with an PRNG:
"Classically , a one-time pad is nothing more than a large nonrepeating set of truely random key letters, written on sheets of paper, and glued together in a pad", "The caveat, and this is a big one, is that the key letters have to be generated randomly. Any attacks against this scheme will be against the method used to generate the key letters. Using a pseudo-random number generator doesn't count; they always have nonrandom properties. If you use real random source -this is much harder than it might first appear-, it's secure".
Bruce Schneier, Applied Cryptography, 2nd ed.
One would hope that the intelligence agencies of the World are using real noise and not PRNG's for their OTP's.
Interesting comments, considering that sendmail comes with OpenBSD by default.
In the default install of OpenBSD, sendmail only listens to lo.
My Resume on Googlepages
From your online resume: "Serving as primary programmer for a multi-player online role-playing game. Duties include maintaining and expanding a large open-source C++ server program, designing and implementing innovative new gameplay features, resolving player disputes, SQLite database administration, and Linux server administration."
But his explanation on ssh tunneling is gibberish?
A word of warning: the resume you intentionally put up on the net with Google is not the only info about you which Google will happily dredge up about you for an employer. Telling the World that you think ssh tunneling is difficult might go against you one day.
Some things are most powerful without GUI's and "primary programmers" and "Linux admins" ought not be whining about CLI configs.
The entire point of antenna cables is to move as much of the RF energy as possible, leakage is quite undesirable from a technical standpoint.
Yes and speaking of those cables, telcos tend to use the best stuff around. I haven't worked in cell phone radio since 1991, but back then my nations dominant telco (Australia, Telecom) were using coax which essentially had solid copper shield and solid copper core. Both of which were made in a wave like fashion. Take the core out of that and you'd have some sort of funky waveguide transmission line. Not much leakage will come out of cable like that. ; ) I imaging the only leakage would be from the connector points and even then it would be miniscule.
Corrugated coax cable.
Let me be clear, I am just putting out my experience and my opinion.
Your experience in this matter is way too small to be forming an opinion worthy of anything beyond that which you could waste your own time with.
BTW, I'm typing this from Windows XP Home, which is going through an OpenBSD firewall. If I replied to you hours earlier, I might have been writting from OSX. On any other day it could have been OpenBSD, NetBSD, FreeBSD, Solaris or shock horror, even Linux! My point is, that I'm not a zealot, although I do have a preference for spending time with OpenBSD. Regardless of my bias, however great or little, your story is hardly worth forming an opinion over and then telling the World.
I firmly believe my anecdotal experience qualifies me to offer non-sequitors with hyperbole but without embarassment.
/.. Sure, there's sarcasm a'plenty, but it is well deserved and I really quite enjoyed it.
/. has become. This post is Funny and Insightful.
Who are the crack addicted retards who moderated this as Troll and Flamebait? This is a rational and apt response to the OP, who has posted yet more useless crap here at
When a post like this gets moderated down, it's a sign of crap
But a 15,000 rpm SCSI drive is probably a bit of a screamer as well. What does it sound like with something like that in your computer? Is it tolerable?
/. > /dev/null" shortly after booting. Pretty quiet.
My Fujitsu 15k rpm 36GB U360 drive is actually very quiet and runs pretty cool. When I first bought it, I wondered how noisy it was going to be. When I first switched it on, I thought that I had to wait a little while for it to get the start command or something, because I actually did not hear it wind up. I thought it was going to sound like a little muffled jet turbine, but in fact, I have to have the case open and put my head near the drive to hear it wind up. Same deal for random accessing when I do a "find
Although Fujitsu provide a 5 year warrantee on my drive, they show life expectancy amongst other things in a readme piece of paper which came with the drive. Ranging from 5 to 1 years with increasing temperature. A pretty clear warning to keep your drives cool.
10k and 15k rpm drives usually have much smaller disks and thus smaller head arm assemblies. So I guess in addition to this easing faster rotation and allowing smaller and faster head movement, it also allows for quieter operation. Have you seen how large the arm servo is, compared with the arms themselves in these drives? They are huge. I guess they're moving those small light arms, shorter distances with a much greater force.
Take a look at Seagate 15k, Maxtor 15k and Fujitsu 15k.
Pricewatch.com is your friend. :) I turn to them for all my hardware needs. That's where my quotes are for.
;)
Be careful searching for the cheapest drives you can find from sites like that. I tried to purchase some 18GB SCSI drives for the OpenBSD project a few years ago, so that they could keep some older gear going (like VAX's). I found good prices for some Seagate drives and went through with the purchase, including payment with my credit card. *AFTER* I had ordered and payed, it became apparent only in the confirmation email that the drive I ordered was a FACTORY REFURBISHED UNIT. Nowhere prior or during my order was there any statement that these drives were refurb units. Not at the price searching site, not at the linked to item page at the online store and not at any stage during the order. Only AFTER I ordered could the word "refurbished" be found hidden in a tome of text in the finalized order confirmation email.
Not wanting to lump the OpenBSD project with such a drive, I canceled and complained.
So take care with cheap disks!
It's a very good investment. Fast SCSI drives not only have great seek times, they also have longer lifespans, which is important for a root partition
Yeah, I have a Fujitsu 15k 36GB U360 drive. Gets up to 95Mbytes/sec sustained and I think it never gets lower than 75 at it's slowest point at the end. Plus really fast random access, low latency and elevator sorting with TCQ deeper than SATA. Still though, for desktop use, SATA is great.
Actually OpenBSD's ath(4) driver (Atheros chipset) is a bit lacking. It only does 802.11b on my D-Link DWL-G650. FreeBSD and NetBSD both support 802.11g on it. (I have no idea about the turbo, or double-G support.)
OpenBSD typically has fantastic wireless support. There are odd cases where a NIC is better supported elsewhere, but those specific cases don't take away from the overall OpenBSD+WiFi goodness. There are also bound to be some issues due to closed vendor stances conflicting with OpenBSD ideals. But since apps and OS are the glue between the user and the computer, I prefer to choose my OS and apps as the top criteria and then hardware to go with them.
20 minutes to remove the laptop from the bag, smash the window and pound on the steering column with it? They must be using those modern, fancy-pants, lightweight laptops. In the old days we could get a car in under 5 minutes with a Mac Portable.
Pfft, amateur. You're using the wrong tool. In my day we could get any car in under 2 minutes with a Dolch luggable. You did have to take care not to accidentally smash the whole steering wheel right off the column though, if you missed.
Of course nowdays, the newer Dolch's are still usable, but less care needs to be taken, as these will merely dent the steering wheel.
The cheap flash memory (like in my 1GB thumbdrive) has ~100,000 r/w cycles. If your internet cache was there, you'd hose that memory within hours.
The cheap flash memory in thumbdrives is not the only flash memory around. 100,000 cycles nowdays for flash would be considered bad. I'm seeing 1,000,000 refered to now for decent CF.
It would make a lot of sense to have 10% of your disk solid state, only spin up the real drive as necessary. I don't think multigigabyte memory will be affordable anytime real soon.
Multi-gigabyte memory is affordable NOW. CF cards can be used as IDE hard drives and 2GB units are cheap (even 4GB looks cheap to me). I've been using CF for firewalls (OpenBSD/pf) for more than a year now without any troubles. I just switch on soft updates and use noatime.
My Thinkpad A21p (Announce date: 25 Sep 2000) has a 15" 1600x1200 TFT. We're talking about a five year old laptop here - granted, IBM was the leader in laptop display resolution... but all laptops should have high-resolution displays.
Yes, I am pretty astounded that Apple did not go that little extra to 1920x1200 for the 17" MacBook Pro. This is Apple, the company known for being good for visual work and their top of the line notebook can't render 1:1 the full HDTV resolution of 1920x1080 on the built in screen? My VAIO can and plenty of other PC notebooks can.
I can't wait for 300dpi LCD's. OSX would be spectacular.
You, sir, are a diabolically clever genious!
Worse still, I realised after I typed that...
If you were not using a OTP, but rather some crypto which does use a smaller-than-typical-plaintext key, to make the ciphertext that the court has as evidence and the other side have not been able to decrypt it (and you safely think they won't be able to), you could just claim that you did in fact use OTP crypto to generate that ciphertext and then produce a fake OTP which decodes the courts copy of the ciphertext to anything you want, of the same size.
They would either have to believe you, or keep trying to crack the very strong crypto/key that you really did use.
Muhahahahaaaa!! I think I should move into a life of crime. Go move to switzerland, open up some bank accounts and get into some serious extortion over the net. Hmm, on second thought, maybe not, I *really* would like to keep my ass secure and tightly fortified. Prison is not my cup of tea. ; )
Using a one time pad is actually a pretty solid plan. I was going to recommend it myself, but a remembered cryptosystem and key has an important property that a one time pad does not: you can't find it when you search the agent's luggage.
Yes, it's a shame that the specific impracticalities of the OTP can be pretty bad.
But, where will his luggage be searched? Being a good spy, he naturally ejects out of an SR-71 Blackbird travelling at mach 3, 150,000 feet above the enemy. Where he will not pull his parachute until 50m from above the rooftop of exactly where he wants to be, which does of course have a single armed guard who will not hear him land or the thrust of his black anodized razor sharp knife/C4 detonator/satelite communicator. Unless of course, that guard is a hot babe with an Eastern European accent, in which case he first infiltrates her and she falls for him and decides to defect. ; )
I better get some sleep. I'm feeling sleepy drunk. Anyone else get that with very long stints at their computers? A drunk'ish silliness?
Security through obscurity is no security at all.
Hmm. This gets thrown about a lot, especially here and I think it is starting to lose its meaning. Obscurity can provide some security. The security gained can vary with the strength of the obscurity. The various meanings of obscurity include, "keep from being seen; conceal" and "make unclear and difficult to understand". In fact encryption obscures a message and steganography obscures the existence of a message (especially effective if they are combined where the message is in ciphertext form and hidden with stego amongst noise). "Security through obscurity" does not always have to mean "security through poorly obscured design".
Cryptography is one of those areas where (unlike, say, brain surgery) it's quite easy to convince yourself you have developed some new expert technique. Even the crypto experts are cautious about making such statements - flaws are found in our very best efforts sometimes decades later.
Yes, I agree. Usually, if a person thinks they know cryptography, they don't. So many times I've seen someone come up with something they think is brilliant, only to have someone answer them with something like, "oh that is a blah cipher, invented in 18xx and cracked in 19xx. A P4 3GHz can crack that at about 400Mb/s". ; )
If you're interested in it at all, may I recommend any of Bruce Schneier's writings. His book Applied Cryptography is the gold standard in the field, and he maintains a fascinating blog at www.schneier.com.
Applied Cryptography is not in my bookshelf. Reason being that it is out right now and is almost always out somewhere in the house, because it's the number one book which has me coming back and re-reading bits because it's such a great book. In my copy pages have started to come out and the book is now filthy looking. I hope he gives it a good update one day (I've got the 2nd ed). I was really excited to discover in that book that Linear Feedback Shift Registers were in there. Because years before, playing around with flip-flop shift registers made from JK's (from memory), I'd discovered that I could generate psuedo random numbers which would eventually repeat (oddly enough:). I had independently discovered LFSR's for use as PRNG's and then years later discovered with this book that I was actually onto something. That was super cool. I still have the breadboard with the IC's laid out with connecting wires.
I've been wanting to simulate in software various LFSR designs to plot their output to strange attractor images, just for the heck of it. One day I might get around to that. Pitty LFSR's are not very efficient in software.
If you can come up with a cryptosystem that can be used conveniently by hand yet is secure in the face of of computer-assisted cryptanalysis that'd be most impressive.
.45 semi auto. ; )
Well, I think here we could agree or disagree depending on what we consider to be convenient. Dating back to 1917, the One Time Pad can be used by hand and unbreakable when done properly.
Any system that can be done by hand *at all* and has that property is potentially pretty useful in a field-agent situation.
A field-agent can be provided with a small booklet of OTP, with pages which can be removed and easily destroyed. The HQ of course has the one and only copy of that OTP booklet, under the highest security lockup. If the field-agent believes he is about to be captured, he can destroy the booklet. This would prevent the enemy from sending disinformation as appearing to come from the field-agent. Seperate to that scenario, when the field-agent wants to send a secure message, he simply makes the desired message, encodes it against a page of OTP to create the ciphertext and then sends the ciphertext. He should then promptly destroy the message, OTP page used and the ciphertext. This way, everything except for his own recollection of that plaintext message is destroyed. If he is a real patriot and hears the enemy coming for him (they heard the cipher transmission), he will now eat a round from his silenced H&K Mk.23
The encoding (and decoding if need be) in the field is easy to do by hand. The crypto "device" can easily be destroyed too.
Don't know about Italy, but in the U.S. he would have been compelled to cough up his key to the Feds or be held for contempt until he rotted.
So why even bother with crypto?
Use single use keys which are meant to be destroyed after use. The proper procedure for One Time Pad use for example, is to encode the plaintext with a OTP to make the ciphertext and then destroy the OTP. The recipient is also supposed to destroy his copy of the OTP, once she has used it.
So well before a court has requested the key (in this case, the OTP involved), the suspect can simply claim that the order is impossible to comply with, because the key was truely randomly generated and destroyed at the time of use as a matter of proper procedure.
However, the great thing about OTP crypto, is that you could choose to provide an alternative OTP which can be used to decode the captured ciphertext into ANY other plaintext of the same size! So all you have to do is come up with an alternative message of the same size, but one which is reasonable to believe that you would want to be kept secret, then encode that fake message with the ciphertext as if the ciphertext where the OTP, this will give you a ciphertext which you can refer to the court as being the original OTP. When they decode the real captured ciphertext (the one the court has had all along), with this new fake OTP which you claim to be the the real original OTP, they get the new fake plaintext. A non incriminating one, maybe even one which reinforces a previous alibi of yours. Like magic, the fake OTP looks like it must be real and true, because it (random looking characters) used with the original ciphertext submitted as court evidence, makes a very clean real message. Nobody can deny this plausible decryption using cryptographic methods.
So there you have perfect secrecy, along with perfect plausible deniability.
not true --- security by obfuscation is not security at all. that's one of the founding principles of modern cryptography.
Please provide links or quotes and names of prominent authorities on cryptography please. I am very interested because encryption IS obfuscation.
Also realise that the data on those USB thumbdrives may have employed both encryption and steganography.