Why would you want to change standard TCP to behave better when using a SPECIFIC layer 7 protocol, when it should be independent? What would happen under normal loads or when using other protocols? After all TCP is a stream/connection oriented protocol, not a "repeated confirmation of opt-in". TCP is not the place to implement that. Imagine if you had to use, say, SSH using this "delayed TCP". I push a key, it goes to the server, the server get the connection data from the database, services my request, commits the state (remember, TCP has a constantly changing state, congestion windows, receiver windows, SEQ numbers), and then does the same in order to send the answer. It would be an unuseable session.
Besides, that activity looks like a slashdotting, which has some of the properties of congestion. If you tried keeping all the connection data, you would simply en with a lot of pending connections and service to a little minority (basic networking lesson: infinite buffers do not solve congestion). It would be better to reject some sessions to lighten the load hoping that the clients will retry in a reasonable time.
TCP, UDP and IP have remained unchanged for almost 25 years, and that is not coincidence. The people who invented them knew very well how to do their jobs.
Quick question: is there some strong relation between RISC vs. CISC and load-store vs. direct memory access? RISC machines I've worked on (like Sparc) all seem to be load-store architectures, whereas CISC machines (like 386) have nutty addressing modes.
Yes. the idea behind RISC machines is that they are supposed to be simple hardwired things that run most (if not all) of the instructions in a single CPU cicle.
As such, they are not able to run such "nutty" addressing modes. For example, a CISC machine might doing and indirect+index memory access would be running some microcode inside the CPU that tells it to fetch the pointer, add the index and then fetch the value in the resulting position. That would take a lot of cicles and two memory access, it is something complex (microcode) and cannot be done in a cicle (two memory accesses).
In a RISC CPU, the idea was to make simpler instructions, and move the complexity to the compiler. If you wanted to execute the same thing on a RISC, you would have to execute multiple instructions. The idea is that a compiler might do something better than that, and that those instructions run REALLY fast.
So, the answer is "nutty" modes = complexity != RISC.
Check Andy Tanembaum's "Structured computer organization" for more info.
You missed the point entirely. The point is that the typical American has to travel a lot further to get somewhere where his native tounge is not the most common lanaguage than a lot of other people do. I'd be fluent in other langauges too if there was more of a need. For most others, learning a second language isn't just an elective thing - it's a necessary thing.
If that were true, how would you explain the fact that I can speak english fluently?
I'm Argentinian and if it were a matter of distance, I'd either have to cross the Atlantic or travel a very large part of america (the continent), to get to an english-speaking country (the Falkland islands don't count, they were only recently opened to Argentinians a few years ago).
The problem with you Americans is that you simply don't care about your education. I leaned english in an Irish school since kindergarten, and could speak english decently, before travelling to an english-speaking country.
You should get rid of that "it is not really useful, I'll never go to a xxxxx-speaking country" and start learning from elementary school. You never know what is going to happen later, and then it might be too late to learn.
No, that's not the answer. IE loads faster than Mozilla because it is preloaded by default (with the O.S.).
Setting its priority to realtime helps in issues like handling, but to get rid of the load times, you need to have it preloaded. All of the mozillas (I think) have some "quick launch" capability (preferences -> advanced) to enable this preloading.
This is something like open office's quick launch.
Please note that I do not use that capability, just know about it. Can't afford to waste the extra RAM it needs in this old machine.
It's not a matter of using blowfish or idea or whatever. If a user uses a crappy password, someone attempting to find it will find it, no matter what encryption algorithm you use.
By the way, nice choice: Blowfish is one of the fastest of the lot, and very secure.
The processor ID will not be useful in this case. The channel you use to check that ID is not secure. I could program my computer to lie about its ID and you wouldn't be able to distinguish a real answer from a fake one.
Could you prove me that your system is secure, that is that I can only register once, and only once, and that no one can be identified as anyone else? Could you prove that the information I might give you is secure (inaccessible by anyone else, unless authorized)?
I don't think it is possible. With all the cryptography in the world, there is always a point where you have some trusted data, such as a password, that will be your weak point. After all, that encrypted data must be decrypted to be used.
An attacker might attempt to subvert your initial login (say testing for common passwords used to decrypt the data). A malicious user might lie (say that he never registered to a site when he did), your audit data would have no value (IP addresses may be spoofed, same thing with all the data sent from a host attempting to login to your service).
Someone WILL (not might, it's certain) try to crack those tickets of yours, they might provide valuable data, not only personal data, but might enable someone to create aditional tickets (hence re-registering at will).
If the data in your server is stolen, it might be possible to run a dictionary attack on those encrpyted records (after all, lots of people use crappy passwords, no matter what strong crypto is there), and that will probably yield valuable information on stealing identities from your server.
Nodody guarantees that companies will not abuse your service (after all, if they can read data from your server, they can easily copy it).
OK, you might make it difficult for these things to happen, but there is still no guarantee that it is safe as you say, crypto converts big secrets into little ones (by encrypting something, that something no longer is vulnerable, but the key now is), but if that little thing is not secure, everything falls appart.
At the roundtable, Gates, also Microsoft's chief software architect, emphasised how damaging open source software can be.
WTF is that? First: what is a software architect? I've never seen that term anywhere in the years I've been in the university.
Second: I can't believe that most people can't get it right.... Bill gates knows squat about software development, he might know about business, finance, how to illegally use a monopoly, but about software....zero, zip, nothing, nada!
It's unbelievable how many times I've told people that BG is just a successful businessman and not a computer science genius. And people calling him like that does not help.
The interesting thing about that address is that it is so widely used that whenever you need to to provide and email address (and no password) to access some "available to registered users" information (like software/driver downloads), you can just enter that address to get past the login page.
(Hell, two mod points left and I'm answering on every thread.......)
Shouldn't the cost fall upon the company that sought the illegitimate patent? And I mean real cash damages, not just lost potential revenue.
One of the selling points that the USPTO keep saying is that they earn X amount of dollars for the government in patent fees. If courts start charging costs to the USPTO, each time a patent is shot down, the USPTO cannot say that they earn the gov money (because a high court cost means negative income).
I know this is redundant, but I think that it's necessary to reinforce it, as it is a very important thing in firefox.
Whatever you do with those ideas, make sure they are modular (so that they can be removed) and (above all) DON'T BLOAT the browser (even by making a plugin system that's bloated).
I might want to run firefox on an old machine a few years from now, and those things might make it so slow that it would be useless.
As an example, I'm writing this on a six year old pentium-mmx 200, and all my traffic goes thru an eight year old pentium-120 (my other workstation). These machines WILL be here for a few years more (unless something very bad happens in the room where they are).
I'm sure lots of people think the same way I do, and wouldn't appreciate having to download hundreds of megabytes of code that will just slow things down to an unuseable state.
But you just don't see those used anymore (for good reasons), so instead we have all these form-based logins that just return web pages that say whether or not the login worked.
That's not the case.
The problem with HTTP basic authentication is that the password is sent in plaintext over the network (unless you're using SSL/TLS), and someone might capture it in transit (as said in the linked text you provided). That is the same thing that happens when you POST a form with your password (unless you're using SSL/TLS, like in the other case). Your password is vulnerable to sniffing with a form as it is with basic authentication.
However the problem was addressed with more advanced method (such as md5-digest), that are they are not useful to an attacker (at least not trivially) when intercepted.
I've read the article called "Is open source a threat to the future of intellectual property rights".
Although the article itself it pretty biased (mostly based on extreme circumstances), I wanted to comment on a paragraph where the article talks about the NSA and selinux.
The first part of the paragraph says that by open-sourcing the DoD and FAA would make a big mistake because the code would be there for anyone to examine and look for weaknesses.
It would probably not be a good idea to open source certain kinds of software, but the security of those software systems should not be compromised by the availability of the source code, like the key/lock analogy used when reviewing commercial crypto.
Another thing they are saying in that paragraph is that the NSA was forced to release their selinux code. That is complete false. The idea was that they wanted to show an example of mandatory access controls, because they think that current discretionary access control systems are not secure enough. They deliberately chose linux because its code was widely available, and because of its popularity (after all, a closed source SE-NT would be of no help because nobody would be able to use it as an example on making a MAC enabled system). There are even some BSD variants that are using ideas from selinux related papers (I think trusted BSD wanted to implement the FLASK architecture, the one used in selinux).
Anyone that decided to check would be able to dismiss these two points as soon as they checked the documentation on the website (you can 'log on the NSA's website and print out the blueprints' if you want!). Check the FAQ, questions 9 and 10.
The sad thing is that most of the readers of this crap will just jump to the conclusions instead of checking the source (no pun intended).
Have you considered going to a desolate place instead of a war zone?
I don't know if there's much chance of you getting a job there (I've known a guy who got an offer, but they wanted him for engineering duties), but it might be another option. The offer was from our government (Argentinian), about US100000. And he said that was cheap. Maybe there's some IT jobs to be done there. He didn't take it, though. Didn't like the mandatory appendix extraction.
You won't get that kind of money now here, but maybe some commonwealth government (the British have an importante presence there), or the Americans could make an offer.
It's going to be hard to get, networking stuff can be usually done remotely (I'm a netadmin myself), but there might be a chance.
I second that. I'm Argentinian and although the crime rate has gone higher after the devaluation (two years ago), I would not consider Buenos Aires as an unsafe place to be. Americans are not being kidnapped/killed just for being Americans.
We do not like even a bit what you made in Iraq, but that doesn't mean that there's some sort of guerrilla here waiting to get guys like you. Just don't go everywhere boasting how you guys "liberated" Iraq, you'll get to see some angry faces if you do.
you can still get to all those sites. You just have to REMEMBER the ip instead of depending on the computer to look it up for you;). TCP/IP was designed to have not centeral point of failure and still does it's job well. DNS was not quite designed in such a way.
DNS was designed to be robust enough. Not one root server but many (ok, that's the weak point, we've all seen many DDoS against them, but it's not THAT bad). All zones are handled by their own servers, and (in theory) multiple servers for each zone. All in all, it's not a bad design.
If what happened was that someone put all the servers behind one link, it's not DNS' fault, the BOFH there screwed up (and considering it's akamai, they should not have done that).
(If that's not what happened, sorry, I couldn't RTFA, it's slashdotted or there's some sort of DNS problem there too).
switch the live and earth and you make it impossible for terrorists to climb on the tank
Jokes aside, if you switch live and ground, you would have a tank (metal) with the outer plate live, and connected to ground via the threads (conveniently made out of metal, too). And you would be trying to keep the inner plate grounded (so it would have to be touching the ground, but without touching the outer plate... difficult).
The interesting thing about britain's RSA was not the invention of the method itself. They knew it was theoretically possible to do public key encipherment early in the 1970s, but didn't know any functions that would be useful. They called this idea "Non-secret encryption". Then based on that model they discovered methods that were similar to RSA (Cocks, 1973) and Diffie-Hellman (Williamson, 1974). Apparently, even though they knew how to encrypt, they didn't realize that it could also be used as a digital signature scheme.
The list of papers are:
Basic theory: The possibility of secure non-secret digital encryption, J.H. Ellis 1970
RSA: A note on "Non-secret encryption", C. C. Cocks 1973
Diffie-Hellman: Non-secret encryption using a finite field, M. J. Williamson 1974 Thoughts on cheaper non-secret encryption, M.J. Williamson 1976
Historical: The history of non-secret encryption, J.H. Ellis 199?
Those documents are in the gchq site, or somewhere near, but it is a PITA to search there (if you do, check both "non-secret" and "non secret", but I'd recommend google instead.
I think you are demanding too much to that w98 of yours. Without REAL filesystem permissions (in the filesystem), the only way of really achieving that is using encryption.
Your situation could be seen in two ways:
1.You share your machine and wouldn't want your roommates to see your files, but they are not trying to mess with your stuff on purpose.
In that case you could just use mozilla as you've been told in the other posts. I do that here and it works, it's even better considering that you can also separate the browsing histories. Don't bother searching for a complete solution.
2.Your roommates are trying to read on purpose you mail.
In that case, your only option is encryption. Get Gnupg and WinPT and start encrypting (you can use enigmail for sending and receiving encrypted mail but I don't know of any plugin to encrypt the folders, a cheap way is to forward your sensitive mails to yourself using enigmail).
Looks like situation 1 mostly applies to you. My suggestion: get mozilla, make separate accounts and encrypt only your really sensitive stuff.
So I guess, if you knew the characteristics well enough, you could record the sound of the capacitors and say 'Hey, this guy is running GnuPG' on it. I don't see a concievable way to figure out the keys and this article doesn't suggest one.
I don't either, but looking at those two areas that correspond to the generation of the primes p and q you could say "This guy is using GPG with xxx bit keys".
Even worse, if those lines happened to be very dissimilar, you could probably assume that the key is weak (because one of the primes would be too small, and easy to factor out of n). I don't think the GPG guys would fall for that, but maybe somone other would.
What amazes me is that the catalog is more "sincere" that modern ones.
Look at the footnotes, most of them are trademark acknowledgements (like "CP/M is trademark of the Digital Research Corporation"). Basically you get what you see.
Computers these days are really sold as black boxes, without specifications anywhere and with all kinds of hidden "features" (as in DRMed CDs).
Today, the footnotes would say something like "This device is not sold, it is licensed. Requires windows. Interface is proprietary and protected by DMCA. You agree to give us your soul by using the Product" in 1pt font in a hidden corner.
Encrypted port knocking is pointless. Here's why: Port knocking only makes sense if the protected system reacts to the individual knocks as if there was no port knocking system. Only when the knock sequence has been completed it opens the port. This means that you can't do any handshaking. All communication is one-way until it's "too late".
The idea in the grandparent post wasn't a challenge-response in the traditional way. It was some authentication data along with the knocking. The knock won't be encrypted, but it will have some data that is characteristic of the source (the source IP) that can't be spoofed (because of the password and the one way hash).
An example of this would be:
1.Real owner takes his IP (public info) 2.Real owner takes his secret password (known only to him) 3.Using IP and password he computes the hash and sends it in the knocking packets (let's say it's in the IP id) 4.The receiving system captures the knocking packets and takes IP source and the hash 5.It reads the secret password (from config file) 6.It calculates the hash with the source IP and password
If the hash sent and the hash calculated match, the system "accepts" that part of the port knocking. If not, discards the packet.
An intruder might only spoof the whole packet (including IP source) and might open the firewall only for that IP. If he tries to use the hash to open it for HIS ip, the calculated hash won't match the hash sent. He cannot calculate the hash he would need because he does not know the password, and the hash is one way.
In this protocol the target system does not need to respond with a challenge, it just discards packets that are "spoofed" (that have a non matching hash).
I use tcpdump for quick analyses and for capturing data and ethereal for in-depth analysis.
If I want totals and percentages, I feed the pcap files into ntop (a web based network statistics display).
Being all of them libpcap based is a big advantage, you can easily capture data with one and analyse it with any other compatible sniffers.
You could even code your own single purpose program that reads pcap files if you ever need some special information from the pcap dumps (I've done it once, it's relatively easy if you know precisely what you want).
Slashdot Mirror
Why would you want to change standard TCP to behave better when using a SPECIFIC layer 7 protocol, when it should be independent? What would happen under normal loads or when using other protocols? After all TCP is a stream/connection oriented protocol, not a "repeated confirmation of opt-in". TCP is not the place to implement that. Imagine if you had to use, say, SSH using this "delayed TCP". I push a key, it goes to the server, the server get the connection data from the database, services my request, commits the state (remember, TCP has a constantly changing state, congestion windows, receiver windows, SEQ numbers), and then does the same in order to send the answer. It would be an unuseable session.
Besides, that activity looks like a slashdotting, which has some of the properties of congestion. If you tried keeping all the connection data, you would simply en with a lot of pending connections and service to a little minority (basic networking lesson: infinite buffers do not solve congestion).
It would be better to reject some sessions to lighten the load hoping that the clients will retry in a reasonable time.
TCP, UDP and IP have remained unchanged for almost 25 years, and that is not coincidence. The people who invented them knew very well how to do their jobs.
Yes. the idea behind RISC machines is that they are supposed to be simple hardwired things that run most (if not all) of the instructions in a single CPU cicle.
As such, they are not able to run such "nutty" addressing modes. For example, a CISC machine might doing and indirect+index memory access would be running some microcode inside the CPU that tells it to fetch the pointer, add the index and then fetch the value in the resulting position. That would take a lot of cicles and two memory access, it is something complex (microcode) and cannot be done in a cicle (two memory accesses).
In a RISC CPU, the idea was to make simpler instructions, and move the complexity to the compiler. If you wanted to execute the same thing on a RISC, you would have to execute multiple instructions. The idea is that a compiler might do something better than that, and that those instructions run REALLY fast.
So, the answer is "nutty" modes = complexity != RISC.
Check Andy Tanembaum's "Structured computer organization" for more info.
If that were true, how would you explain the fact that I can speak english fluently?
I'm Argentinian and if it were a matter of distance, I'd either have to cross the Atlantic or travel a very large part of america (the continent), to get to an english-speaking country (the Falkland islands don't count, they were only recently opened to Argentinians a few years ago).
The problem with you Americans is that you simply don't care about your education. I leaned english in an Irish school since kindergarten, and could speak english decently, before travelling to an english-speaking country.
You should get rid of that "it is not really useful, I'll never go to a xxxxx-speaking country" and start learning from elementary school. You never know what is going to happen later, and then it might be too late to learn.
No, that's not the answer.
IE loads faster than Mozilla because it is preloaded by default (with the O.S.).
Setting its priority to realtime helps in issues like handling, but to get rid of the load times, you need to have it preloaded. All of the mozillas (I think) have some "quick launch" capability (preferences -> advanced) to enable this preloading.
This is something like open office's quick launch.
Please note that I do not use that capability, just know about it. Can't afford to waste the extra RAM it needs in this old machine.
It's not a matter of using blowfish or idea or whatever. If a user uses a crappy password, someone attempting to find it will find it, no matter what encryption algorithm you use.
By the way, nice choice: Blowfish is one of the fastest of the lot, and very secure.
The processor ID will not be useful in this case.
The channel you use to check that ID is not secure. I could program my computer to lie about its ID and you wouldn't be able to distinguish a real answer from a fake one.
Could you prove me that your system is secure, that is that I can only register once, and only once, and that no one can be identified as anyone else? Could you prove that the information I might give you is secure (inaccessible by anyone else, unless authorized)?
I don't think it is possible. With all the cryptography in the world, there is always a point where you have some trusted data, such as a password, that will be your weak point. After all, that encrypted data must be decrypted to be used.
An attacker might attempt to subvert your initial login (say testing for common passwords used to decrypt the data). A malicious user might lie (say that he never registered to a site when he did), your audit data would have no value (IP addresses may be spoofed, same thing with all the data sent from a host attempting to login to your service).
Someone WILL (not might, it's certain) try to crack those tickets of yours, they might provide valuable data, not only personal data, but might enable someone to create aditional tickets (hence re-registering at will).
If the data in your server is stolen, it might be possible to run a dictionary attack on those encrpyted records (after all, lots of people use crappy passwords, no matter what strong crypto is there), and that will probably yield valuable information on stealing identities from your server.
Nodody guarantees that companies will not abuse your service (after all, if they can read data from your server, they can easily copy it).
OK, you might make it difficult for these things to happen, but there is still no guarantee that it is safe as you say, crypto converts big secrets into little ones (by encrypting something, that something no longer is vulnerable, but the key now is), but if that little thing is not secure, everything falls appart.
WTF is that?
First: what is a software architect? I've never seen that term anywhere in the years I've been in the university.
Second: I can't believe that most people can't get it right.... Bill gates knows squat about software development, he might know about business, finance, how to illegally use a monopoly, but about software....zero, zip, nothing, nada!
It's unbelievable how many times I've told people that BG is just a successful businessman and not a computer science genius. And people calling him like that does not help.
Doesn't this thing happens to you all the time?
(Sorry about the rant, I needed to vent that)
The interesting thing about that address is that it is so widely used that whenever you need to to provide and email address (and no password) to access some "available to registered users" information (like software/driver downloads), you can just enter that address to get past the login page.
(Hell, two mod points left and I'm answering on every thread.......)
One of the selling points that the USPTO keep saying is that they earn X amount of dollars for the government in patent fees. If courts start charging costs to the USPTO, each time a patent is shot down, the USPTO cannot say that they earn the gov money (because a high court cost means negative income).
I know this is redundant, but I think that it's necessary to reinforce it, as it is a very important thing in firefox.
Whatever you do with those ideas, make sure they are modular (so that they can be removed) and (above all) DON'T BLOAT the browser (even by making a plugin system that's bloated).
I might want to run firefox on an old machine a few years from now, and those things might make it so slow that it would be useless.
As an example, I'm writing this on a six year old pentium-mmx 200, and all my traffic goes thru an eight year old pentium-120 (my other workstation). These machines WILL be here for a few years more (unless something very bad happens in the room where they are).
I'm sure lots of people think the same way I do, and wouldn't appreciate having to download hundreds of megabytes of code that will just slow things down to an unuseable state.
Make sure it doesn't get bloated, please.
That's not the case.
The problem with HTTP basic authentication is that the password is sent in plaintext over the network (unless you're using SSL/TLS), and someone might capture it in transit (as said in the linked text you provided). That is the same thing that happens when you POST a form with your password (unless you're using SSL/TLS, like in the other case).
Your password is vulnerable to sniffing with a form as it is with basic authentication.
However the problem was addressed with more advanced method (such as md5-digest), that are they are not useful to an attacker (at least not trivially) when intercepted.
I've read the article called "Is open source a threat to the future of intellectual property rights".
Although the article itself it pretty biased (mostly based on extreme circumstances), I wanted to comment on a paragraph where the article talks about the NSA and selinux.
The first part of the paragraph says that by open-sourcing the DoD and FAA would make a big mistake because the code would be there for anyone to examine and look for weaknesses.
It would probably not be a good idea to open source certain kinds of software, but the security of those software systems should not be compromised by the availability of the source code, like the key/lock analogy used when reviewing commercial crypto.
Another thing they are saying in that paragraph is that the NSA was forced to release their selinux code. That is complete false. The idea was that they wanted to show an example of mandatory access controls, because they think that current discretionary access control systems are not secure enough. They deliberately chose linux because its code was widely available, and because of its popularity (after all, a closed source SE-NT would be of no help because nobody would be able to use it as an example on making a MAC enabled system). There are even some BSD variants that are using ideas from selinux related papers (I think trusted BSD wanted to implement the FLASK architecture, the one used in selinux).
Anyone that decided to check would be able to dismiss these two points as soon as they checked the documentation on the website (you can 'log on the NSA's website and print out the blueprints' if you want!). Check the FAQ, questions 9 and 10.
The sad thing is that most of the readers of this crap will just jump to the conclusions instead of checking the source (no pun intended).
Have you considered going to a desolate place instead of a war zone?
I don't know if there's much chance of you getting a job there (I've known a guy who got an offer, but they wanted him for engineering duties), but it might be another option. The offer was from our government (Argentinian), about US100000. And he said that was cheap. Maybe there's some IT jobs to be done there. He didn't take it, though. Didn't like the mandatory appendix extraction.
You won't get that kind of money now here, but maybe some commonwealth government (the British have an importante presence there), or the Americans could make an offer.
It's going to be hard to get, networking stuff can be usually done remotely (I'm a netadmin myself), but there might be a chance.
I second that.
I'm Argentinian and although the crime rate has gone higher after the devaluation (two years ago), I would not consider Buenos Aires as an unsafe place to be. Americans are not being kidnapped/killed just for being Americans.
We do not like even a bit what you made in Iraq, but that doesn't mean that there's some sort of guerrilla here waiting to get guys like you. Just don't go everywhere boasting how you guys "liberated" Iraq, you'll get to see some angry faces if you do.
DNS was designed to be robust enough. Not one root server but many (ok, that's the weak point, we've all seen many DDoS against them, but it's not THAT bad). All zones are handled by their own servers, and (in theory) multiple servers for each zone. All in all, it's not a bad design.
If what happened was that someone put all the servers behind one link, it's not DNS' fault, the BOFH there screwed up (and considering it's akamai, they should not have done that).
(If that's not what happened, sorry, I couldn't RTFA, it's slashdotted or there's some sort of DNS problem there too).
Jokes aside, if you switch live and ground, you would have a tank (metal) with the outer plate live, and connected to ground via the threads (conveniently made out of metal, too). And you would be trying to keep the inner plate grounded (so it would have to be touching the ground, but without touching the outer plate... difficult).
Might work on wheeled vehicles though.
The interesting thing about britain's RSA was not the invention of the method itself. They knew it was theoretically possible to do public key encipherment early in the 1970s, but didn't know any functions that would be useful. They called this idea "Non-secret encryption".
Then based on that model they discovered methods that were similar to RSA (Cocks, 1973) and Diffie-Hellman (Williamson, 1974).
Apparently, even though they knew how to encrypt, they didn't realize that it could also be used as a digital signature scheme.
The list of papers are:
Basic theory:
The possibility of secure non-secret digital encryption, J.H. Ellis 1970
RSA:
A note on "Non-secret encryption", C. C. Cocks 1973
Diffie-Hellman:
Non-secret encryption using a finite field, M. J. Williamson 1974
Thoughts on cheaper non-secret encryption, M.J. Williamson 1976
Historical:
The history of non-secret encryption, J.H. Ellis 199?
Those documents are in the gchq site, or somewhere near, but it is a PITA to search there (if you do, check both "non-secret" and "non secret", but I'd recommend google instead.
When I said "separate accounts", I meant "separate profiles" (as in "mozilla profile manager")
My mistake, sorry.
I think you are demanding too much to that w98 of yours. Without REAL filesystem permissions (in the filesystem), the only way of really achieving that is using encryption.
Your situation could be seen in two ways:
1.You share your machine and wouldn't want your roommates to see your files, but they are not trying to mess with your stuff on purpose.
In that case you could just use mozilla as you've been told in the other posts. I do that here and it works, it's even better considering that you can also separate the browsing histories. Don't bother searching for a complete solution.
2.Your roommates are trying to read on purpose you mail.
In that case, your only option is encryption. Get Gnupg and WinPT and start encrypting (you can use enigmail for sending and receiving encrypted mail but I don't know of any plugin to encrypt the folders, a cheap way is to forward your sensitive mails to yourself using enigmail).
Looks like situation 1 mostly applies to you. My suggestion: get mozilla, make separate accounts and encrypt only your really sensitive stuff.
I don't either, but looking at those two areas that correspond to the generation of the primes p and q you could say "This guy is using GPG with xxx bit keys".
Even worse, if those lines happened to be very dissimilar, you could probably assume that the key is weak (because one of the primes would be too small, and easy to factor out of n). I don't think the GPG guys would fall for that, but maybe somone other would.
What amazes me is that the catalog is more "sincere" that modern ones.
Look at the footnotes, most of them are trademark acknowledgements (like "CP/M is trademark of the Digital Research Corporation"). Basically you get what you see.
Computers these days are really sold as black boxes, without specifications anywhere and with all kinds of hidden "features" (as in DRMed CDs).
Today, the footnotes would say something like "This device is not sold, it is licensed. Requires windows. Interface is proprietary and protected by DMCA. You agree to give us your soul by using the Product" in 1pt font in a hidden corner.
The idea in the grandparent post wasn't a challenge-response in the traditional way. It was some authentication data along with the knocking.
The knock won't be encrypted, but it will have some data that is characteristic of the source (the source IP) that can't be spoofed (because of the password and the one way hash).
An example of this would be:
1.Real owner takes his IP (public info)
2.Real owner takes his secret password (known only to him)
3.Using IP and password he computes the hash and sends it in the knocking packets (let's say it's in the IP id)
4.The receiving system captures the knocking packets and takes IP source and the hash
5.It reads the secret password (from config file)
6.It calculates the hash with the source IP and password
If the hash sent and the hash calculated match, the system "accepts" that part of the port knocking. If not, discards the packet.
An intruder might only spoof the whole packet (including IP source) and might open the firewall only for that IP. If he tries to use the hash to open it for HIS ip, the calculated hash won't match the hash sent. He cannot calculate the hash he would need because he does not know the password, and the hash is one way.
In this protocol the target system does not need to respond with a challenge, it just discards packets that are "spoofed" (that have a non matching hash).
I use tcpdump for quick analyses and for capturing data and ethereal for in-depth analysis.
If I want totals and percentages, I feed the pcap files into ntop (a web based network statistics display).
Being all of them libpcap based is a big advantage, you can easily capture data with one and analyse it with any other compatible sniffers.
You could even code your own single purpose program that reads pcap files if you ever need some special information from the pcap dumps (I've done it once, it's relatively easy if you know precisely what you want).