The problem here is that all the information went in, but it's very difficult to infer information from a black-body radiated spectrum (!). Steven therefore thinks that information is lost forever.
That's not entirely correct. According to Hawking et al, Blackholes conserve three quantities:
Electric charge
Angular momentum
Mass (minus gravitational binding energy)
Information is lost because when if I chuck in something in that is weakly charged or colour charged, like a proton or a neutrino, the blackhole doesn't conserve these quantities. The information disappears forever!
The problem is made even worse by Hawking radiation. Hawking radiation is made of photons. So, when a blackhole does eventually dry up by this mechanism. One has to ask where did also this information go?
Implementing security measures will make people feel safer because it will make people safer.
That assumes you have people in power who can make informed decisions on security. In my opinion they dont. It's self evident from the "security" measures they've deployed.
The weakest link in any cryptography protocol is the key, reguardless of how big it is.
That's totally incorrect. In fact, the weakest link is almost never the key size. The failure point in protocols often has nothing to do with the security of the underlying cryptographic primative. PGP's file format lead to a break in the PGP system without attacking any of the cryptographic primatives. Similarly, SSL was broken on netscape because of a faulty choice of random number generator. Wep
was broken in 802.11b devices due a series of flaws that didn't break the underlying algorithms. Cipher design is very difficult but it's only the easy part. Protocols are a nightmare.
During the cold war some soviet spy's would use an encryption scheme where a single bit of the key would decrypt a single bit of the message, after decryption the bits of the key that were used to decrypt were thrown away. The key had to be huge and it could only be used for a certain number of messages. That type of encryption is called a one time pad, it's nearly impossible to break. The common encryption schemes today like RSA or DES go for reusable keys but you still need to switch your key's every so often.
It is unbreakable but people often sing it's praises and neglect the fact you have to get this key to the other party you want to communicate with. Since the One time pad (OTP) is the *same* size as the plain-text you want to communicate then surely it's just as easy to communicate the actual message? In some cases it's useful, like where you can give someone they pad before they start their covert mission but in a modern internet setting the OTP is useless.
Generally the idea is to make the key as large as possible. There will always be a cap in how large one can go. Limitations in computing power can make the time needed to decrypt a message with a large key unacceptable. Maybe the key needs to fit onto some ealy concealable physical medium, or maybe it needs to be remembered. The idea is to acertain your upper limit and use keys that are that length
Again, another misconception. Bigger keys do not have a huge impact on performance if your using a block cipher. I could make DES use 768-bit keys if I dumped the key schedule and used independant subkeys. It wouldn't improve it's security either. Infact, differential cryptanalysis of DES and it's varient is generally done by assuming the subkeys are independant. Bigger keys do not always equal bigger security.
I stand by my original analysis. Smaller keys are better because they're easier to protect. The only need to be big enough to resist brute-force and there is no use in increasing the size further.
You can generally build a secure cipher out of any old mathematical junk provided that you take care in assembly.
The thing is, in modern crytography we simply don't need a rotor. A rotor system could be made very complicated indeed and complication is not good for security. Most ciphers use a static substitution as their non-linear step because when designing a cipher we want it to be simple to analyse.
That might sound counter-intuative but think about it. If I can prove my cipher can withstand attacks A,B & C then that's a bonus. If your cipher is too complicated to build proofs of security against attacks A, B & C we can't be sure it's secure against them.
This is why most modern ciphers are fairly simple designs but due to this simplicity, we have a huge weight of analysis behind them.
The point of cryptography is to take a big secret, like a file, and turn it into a little secret which is the key. The idea being that a small secret is easier to protect than the bigger one.
A key that's 256,000 bytes long is a key that defeats the object of cryptography. How do you intend on storing 256,000 bytes securely?
People use 128-bit keys for a reason. They're big enough to avoid brute-force but small enough so that we can remember them (usually via a passphrase). We always want the *smallest* possible key that gives us security against brute-force.
SSL is a secure channel protocol and the simplest of the standard cryptographic problems. It is monsterously complicated to code but the basic premise of how it works is fairly easy to understand..
However, Just the description of secure voting schemes is pretty monsterous.. In Applied Cryptography, Bruce takes a chapter to develop a secure voting protocol.A real world system is an order of magnitude more complicated..
I think the way to develop a secure voting system is to have an international competition much like the way AES selection process was run! Private companys can't solve this problem.. it has to be a community effort involving the world's experts.
Hrm.. i dont think the logic for another OS is very sound.. If more people used linux they'd be loads more linux viruses.
Linux is not secure out the box. A home user would run a linux box as insecurely as they currently run a Windows box. The choice of operating system makes no difference - education, however, does!
Yeah.. the great thing about Spam is that it's pretty obvious what is spam to anybody..
If it was a criminal offense and went to a jury, the jury could very easily sift ham from spam making the conviction rate very high!
I believe a law of this nature would be very effective indeed, for this reason..
Darwinian Selection is the governing rule of spam.. If appending a Haiku makes a message 'fitter' it will survive the slaughter more readily and therefore make it into your inbox more often.. until some realises what's going on and combats it with a new filter.. and then the process starts all over again..:)
For this reason, I think we're going to be fighting spam for a long time to come:)
Simon.
No.. If you examine shroedingers equation you'll see that there is a term for the constraining potential, U(x,y,z).
While it is difficult to solve this equation for any complicated systems, we can see that the constraining potential is dependant on the pressure of the gas since the atoms in the fluid would be closer and that would mean the strength of the van de walls force between them would be increased.
At some critical pressure and tempreture, these forces would change the shape of the constraining potential enough to make forming a liquid energetically favourable.So, far from quantum mechanics being nullified the result is expected by it.
hehe.. Never seen that conjecture before.. It's mad actually.. It looks so simple.. you'd expect a maths graduate to be able to prove it trvially.. It's this I love about maths; some apparently simple problems that turn out to be very hard and often fundamental.
Simon.
A Smart card and password system would be much better..
Combine something you know, with something you have.. It given us (okay) security with cash machines for a long time and the bank cards are considerably cheaper:)
I think Bruce Schneier's got it right. We *need* break-in insurance for computer systems. If your premium is lower if you use smartcards, for example, then it gives a market force to improve security. Insurance would definately move the industry along.
The encryption point is simply not true.
Quantum computers can search an unordered list by checking (on average) sqrt(n)/2 of the elements in a list with n members, compared with n/2 for a conventional computer.
A brute force key search is the search of an unordered list.. So that means that on a quantum computer a 256-bit key has the same strength as a 128-bit key with respect to a conventinal computer.
Public key algorithms would be demolished. A factoring algorithm has been published that works in cubic time (the same amount of time it takes to multiply matricies or raise to the power modulo n).
Simon.
Yes but will Microsoft actually patch the holes:(
At least full disclosure of the problems keeps the heat on Microsoft.. The heat which has not evaporated..
Security by obsecurity isn't effective..
Simon.
Dont ever believe that your employees wont attack you. Some will attack you by accident (bringing infected machines into the office or something), some will even attack you out of spite.
You should only give trust to entities you have to trust in order to get the job done. You have to trust (some of) your servers or IT staff.. but you shouldn't have to trust most of the internal network.
Where possible, you should treat your network machines in the same way as you'd treat an internet machine.. Obviously, you're going to have to give your network machines more access than an internet machine.. but treat them with the same suspicion.
I didn't say it's a shame that MSN got pulled.. i'm saying it could be the first step towards a march to *banning* unmoderated chat. That is a disaster:P
I think this consitutes the first step in a slow march towards the ban of unmonitored chat rooms. Something which is absolutely bizarre considering the fact that the chance of your child being groomed by a paedophile are probably about the same as your child being struck by lightening.. In the UK we see about three to four cases of this a year.
More children get killed in car accidents.. in fact it's the biggest killer of under 12's if i recall correctly..
Unmoderated chat is about freedom of speech. The price we pay for freedom is that evil, to some extent, is free too. A world without fear and terror is a world without freedom.
Freedoms are being removed left, right and center in the post 9/11 world. The irony is that the terrorists succeeded.. The land(s) of the free are no longer as free as they used to be.. My forefathers fought for our freedom in blood.. We shouldn't give in.. Every man killed by a terrorist is a solider for freedom.. Let's not let democracy drown at the hands of a few.
Slashdot Mirror
The problem here is that all the information went in, but it's very difficult to infer information from a black-body radiated spectrum (!). Steven therefore thinks that information is lost forever.
That's not entirely correct. According to Hawking et al, Blackholes conserve three quantities:
Information is lost because when if I chuck in something in that is weakly charged or colour charged, like a proton or a neutrino, the blackhole doesn't conserve these quantities. The information disappears forever!
The problem is made even worse by Hawking radiation. Hawking radiation is made of photons. So, when a blackhole does eventually dry up by this mechanism. One has to ask where did also this information go?
Simon.
WMAP showed that the universe is flat beyond reasonable doubt.
I don't understand your point about "true movement". If the distance between two objects changes as a function of time they are said to be moving.
Simon
Implementing security measures will make people feel safer because it will make people safer.
That assumes you have people in power who can make informed decisions on security. In my opinion they dont. It's self evident from the "security" measures they've deployed.
Simon.
The weakest link in any cryptography protocol is the key, reguardless of how big it is.
That's totally incorrect. In fact, the weakest link is almost never the key size. The failure point in protocols often has nothing to do with the security of the underlying cryptographic primative. PGP's file format lead to a break in the PGP system without attacking any of the cryptographic primatives. Similarly, SSL was broken on netscape because of a faulty choice of random number generator. Wep was broken in 802.11b devices due a series of flaws that didn't break the underlying algorithms. Cipher design is very difficult but it's only the easy part. Protocols are a nightmare.
During the cold war some soviet spy's would use an encryption scheme where a single bit of the key would decrypt a single bit of the message, after decryption the bits of the key that were used to decrypt were thrown away. The key had to be huge and it could only be used for a certain number of messages. That type of encryption is called a one time pad, it's nearly impossible to break. The common encryption schemes today like RSA or DES go for reusable keys but you still need to switch your key's every so often.
It is unbreakable but people often sing it's praises and neglect the fact you have to get this key to the other party you want to communicate with. Since the One time pad (OTP) is the *same* size as the plain-text you want to communicate then surely it's just as easy to communicate the actual message? In some cases it's useful, like where you can give someone they pad before they start their covert mission but in a modern internet setting the OTP is useless.
Generally the idea is to make the key as large as possible. There will always be a cap in how large one can go. Limitations in computing power can make the time needed to decrypt a message with a large key unacceptable. Maybe the key needs to fit onto some ealy concealable physical medium, or maybe it needs to be remembered. The idea is to acertain your upper limit and use keys that are that length
Again, another misconception. Bigger keys do not have a huge impact on performance if your using a block cipher. I could make DES use 768-bit keys if I dumped the key schedule and used independant subkeys. It wouldn't improve it's security either. Infact, differential cryptanalysis of DES and it's varient is generally done by assuming the subkeys are independant. Bigger keys do not always equal bigger security.
I stand by my original analysis. Smaller keys are better because they're easier to protect. The only need to be big enough to resist brute-force and there is no use in increasing the size further.
You can generally build a secure cipher out of any old mathematical junk provided that you take care in assembly.
The thing is, in modern crytography we simply don't need a rotor. A rotor system could be made very complicated indeed and complication is not good for security. Most ciphers use a static substitution as their non-linear step because when designing a cipher we want it to be simple to analyse.
That might sound counter-intuative but think about it. If I can prove my cipher can withstand attacks A,B & C then that's a bonus. If your cipher is too complicated to build proofs of security against attacks A, B & C we can't be sure it's secure against them.
This is why most modern ciphers are fairly simple designs but due to this simplicity, we have a huge weight of analysis behind them.
Simon.
Longer keys are not better.
The point of cryptography is to take a big secret, like a file, and turn it into a little secret which is the key. The idea being that a small secret is easier to protect than the bigger one.
A key that's 256,000 bytes long is a key that defeats the object of cryptography. How do you intend on storing 256,000 bytes securely?
People use 128-bit keys for a reason. They're big enough to avoid brute-force but small enough so that we can remember them (usually via a passphrase). We always want the *smallest* possible key that gives us security against brute-force.
Simon.
I must say.. i thought when people gave Mozilla such a good rep that it must just be OSS zelots over hyping :P
;)
How *WRONG* was I? Mozilla totally wastes IE in pretty much every department!
I only use IE for crap sites that require it. For everything else i use Mozilla
Simon.
that'd be funny only British Telecom claim to have a patent on the hyperlink :?
Simon.
I have PGP to encrypt the zip files.. This software has recieved a lot attention and we know that it's probably okay!
The new standard these guys may agree will have recieved little public analysis when it is fielded.. Not something to trust at all!
Simon.
SSL is a secure channel protocol and the simplest of the standard cryptographic problems. It is monsterously complicated to code but the basic premise of how it works is fairly easy to understand..
However, Just the description of secure voting schemes is pretty monsterous.. In Applied Cryptography, Bruce takes a chapter to develop a secure voting protocol.A real world system is an order of magnitude more complicated..
I think the way to develop a secure voting system is to have an international competition much like the way AES selection process was run! Private companys can't solve this problem.. it has to be a community effort involving the world's experts.
Simon
It's even easier than that.. With the space shuttle and other rockets air resitance bleeds away precious energy.. No such problems on the moon :)
Simon.
Hrm.. i dont think the logic for another OS is very sound.. If more people used linux they'd be loads more linux viruses.
Linux is not secure out the box. A home user would run a linux box as insecurely as they currently run a Windows box. The choice of operating system makes no difference - education, however, does!
Simon.
Yeah.. the great thing about Spam is that it's pretty obvious what is spam to anybody..
If it was a criminal offense and went to a jury, the jury could very easily sift ham from spam making the conviction rate very high!
I believe a law of this nature would be very effective indeed, for this reason..
Simon
Darwinian Selection is the governing rule of spam.. If appending a Haiku makes a message 'fitter' it will survive the slaughter more readily and therefore make it into your inbox more often.. until some realises what's going on and combats it with a new filter.. and then the process starts all over again.. :)
For this reason, I think we're going to be fighting spam for a long time to come :)
Simon.
While it is difficult to solve this equation for any complicated systems, we can see that the constraining potential is dependant on the pressure of the gas since the atoms in the fluid would be closer and that would mean the strength of the van de walls force between them would be increased.
At some critical pressure and tempreture, these forces would change the shape of the constraining potential enough to make forming a liquid energetically favourable.So, far from quantum mechanics being nullified the result is expected by it.
Simon.
hehe.. Never seen that conjecture before.. It's mad actually.. It looks so simple.. you'd expect a maths graduate to be able to prove it trvially.. It's this I love about maths; some apparently simple problems that turn out to be very hard and often fundamental. Simon.
A Smart card and password system would be much better..
:)
Combine something you know, with something you have.. It given us (okay) security with cash machines for a long time and the bank cards are considerably cheaper
I think Bruce Schneier's got it right. We *need* break-in insurance for computer systems. If your premium is lower if you use smartcards, for example, then it gives a market force to improve security. Insurance would definately move the industry along.
Simon.
The encryption point is simply not true. Quantum computers can search an unordered list by checking (on average) sqrt(n)/2 of the elements in a list with n members, compared with n/2 for a conventional computer. A brute force key search is the search of an unordered list.. So that means that on a quantum computer a 256-bit key has the same strength as a 128-bit key with respect to a conventinal computer. Public key algorithms would be demolished. A factoring algorithm has been published that works in cubic time (the same amount of time it takes to multiply matricies or raise to the power modulo n). Simon.
Yes but will Microsoft actually patch the holes :(
At least full disclosure of the problems keeps the heat on Microsoft.. The heat which has not evaporated..
Security by obsecurity isn't effective..
Simon.
Dark matter doesn't exist. There is a small handful of galaxies that are eliptical that doesn't display the dark matter property.
The simple existance of these galaxies rules out dark matter..
Simon.
You can trust your employees?
Dont ever believe that your employees wont attack you. Some will attack you by accident (bringing infected machines into the office or something), some will even attack you out of spite.
You should only give trust to entities you have to trust in order to get the job done. You have to trust (some of) your servers or IT staff.. but you shouldn't have to trust most of the internal network.
Where possible, you should treat your network machines in the same way as you'd treat an internet machine.. Obviously, you're going to have to give your network machines more access than an internet machine.. but treat them with the same suspicion.
Simon
I didn't say it's a shame that MSN got pulled.. i'm saying it could be the first step towards a march to *banning* unmoderated chat. That is a disaster :P
I think this consitutes the first step in a slow march towards the ban of unmonitored chat rooms. Something which is absolutely bizarre considering the fact that the chance of your child being groomed by a paedophile are probably about the same as your child being struck by lightening.. In the UK we see about three to four cases of this a year.
More children get killed in car accidents.. in fact it's the biggest killer of under 12's if i recall correctly..
Unmoderated chat is about freedom of speech. The price we pay for freedom is that evil, to some extent, is free too. A world without fear and terror is a world without freedom.
Freedoms are being removed left, right and center in the post 9/11 world. The irony is that the terrorists succeeded.. The land(s) of the free are no longer as free as they used to be.. My forefathers fought for our freedom in blood.. We shouldn't give in.. Every man killed by a terrorist is a solider for freedom.. Let's not let democracy drown at the hands of a few.
Simon
Bo Jangles, out of the green mile.. hehehe..
I seriously can't remember what i used to do on computers before the internet :P
It scares me :(
I dunno.. reading the internet out of a book seems a bit strange.. PLEASE DON'T MAKE ME UNPLUG.... ARGHHHHHHH
Simon