SHA1 has its issues too. Biham and Chen found collisions in a reduced round version of SHA-1 (40 instead of the full 80 rounds). It is unclear whether this can be extended to the full SHA1 algorithm. The NSA is in a tizzy though.
It still takes like 2^51 or 2^80 operations to brute force any of these little nuggets though.
It should be clear that ALL HASH FUNCTIONS HAVE COLLISIONS!
Unless there is a 1:1 correspondance to the key length and the bitstream length there is a chance that any 2 arbitrary bitstreams will generate the same hash. The question is whether this is easy (like CRC32) or hard (like panama, or SHA-512)
MD4, MD5, HAVAL-128, RIPMED, SHA-0, SHA-1 and many others have all been eventually found to have ways of detecting and creating arbitrary collisions (more or less). The question is, is this computationally feasible?
Most of the time: Not without a damn supercluster, no it is not.
Joux has apparently proved (though no utilities are out yet) that you can:
Create a file with a pre-determined hash, and do so in a computationally feasible way (rumor has it: using _only_ 2^40 calculations...)
That is it. This means that at compute time you can MD5 a file and get its hash, and then create a garbage binary file with the same hash. In just 2^40 steps.
Big Damn Deal.
One thing that is interesting from a performance standpoint is that MD5 is great for keys (provided you don't have a rogue admin with a lot of time on their hands and heretofore unreleased MD5 hacking utilities), but MD5 is terrible for indices. Since MD5's are absolutely random there is as much chance as an MD5 being next to another as 2^128 key spaces away.
I think the RIAA is both Venue and Victim shopping to build enough precedent so they can survive a robust defense, which has to come along someday.
Bigger concern: Is the RIAA right? And I mean legally, not morally. Does internet file sharing constitute a valid example of "fair use" or not?
In the US legislation, the fair use defense is assessed on a case by case basis, weighing the four factors outlined in 17 USC section 107: (1) purpose and character of use, (2) nature of the work, (3) amount copied, and (4) market effects. Common examples of fair use are criticism, comment, education and research.
So if I own a guitar, can I call it a slam dunk and say: "I was learning those riff's, man... educational fair use!" ? Or how about "those words Eminem rapped really spoke to me... I LEARNED something about myself after that man... a truly educational experience."
If the rumors are true, and music sales are actually up (by some measures), then #4 goes out the window. Can the Record companies post a profit and still use the defense that the market is affected? If they can't when do the shareholders bail?
Lets face it: copying 100% of the work solely for personal listening pleasure so you don't have to purchase the work to begin with (in a market where Big Record Companies are losing their shirts) is a compelling case against an individual claiming "fair use." But that is spinning the case like the RIAA does every time they take on the little guy.
How exactly would Joe Sixpack defend himself? Maybe settling for $3000 is the smart play?
I think it is more impressive when it falls down and has to get up itself. Notice how it goes through a pre-programmed "stand up" sequence. I have to wonder if that is sensor activated or just a button on the remote.
It looked like there were only a dozen or so templates. I know from experience that creating the 3D models to spin around that are also scale replica's of your product is a pain in the puck...
So even if you can change the base colors, contrast, and brightness on all of the motion elements, you will end up with some really great looking presentations, which look just like everyone else's who uses this tool.
So you end up being unique... just like everyone else.
Salon had an article awhile back on embedding messages in photos.
That appears to be the more common use of the technique of steganography, lots of synonyms in media files.
Why wouldn't Microsoft or any other mega-corporation do this with their executables? They could embed your product key in the MSOffice.exe when you "activated" your product and if it ever got out they could send the goons in black helicopters?
Get my tin foil hat.
How long before a crappy kids show comes along which derives it's sappy content EXCLUSIVELY from this one effect... like gen-locking in Blues Clues.
At least they can pay an extra scale to be whichever Tele-Tubbie doesn't show up that day.
Here is a link to part of the interview: http://www.playboy.com/magazine/interview.html
FYI: 2 time Olympian High Jumper, Amy Acuff is on the cover. Obligatory Dumb Question: How the flying F**K does a Playboy cover girl do the high jump?...Oh wait, I answered my own question...
Isn't the FCC appointed by the executive branch along with the bulk of the secretary level people at the DOJ?
So the Executive branch is asking the Excutive branch to give the Executive branch the power to tap our phones... and the Executive branch unanimously approved it's own actions...
The legislation that comes out of this will look seriously inbred... for good reason.
Oddly enough, the information a robot on Mars would gather is IDENTICAL to the information one would gather outside El Paso.
Except for the occassional cacti: the desert around El Paso is as remote and as lifeless as the surface of Mars (presumably).
But much much hotter
Slashdot Mirror
It still takes like 2^51 or 2^80 operations to brute force any of these little nuggets though.
It should be clear that ALL HASH FUNCTIONS HAVE COLLISIONS!
Unless there is a 1:1 correspondance to the key length and the bitstream length there is a chance that any 2 arbitrary bitstreams will generate the same hash. The question is whether this is easy (like CRC32) or hard (like panama, or SHA-512)
MD4, MD5, HAVAL-128, RIPMED, SHA-0, SHA-1 and many others have all been eventually found to have ways of detecting and creating arbitrary collisions (more or less). The question is, is this computationally feasible?
Most of the time: Not without a damn supercluster, no it is not.
Joux has apparently proved (though no utilities are out yet) that you can:
Create a file with a pre-determined hash, and do so in a computationally feasible way (rumor has it: using _only_ 2^40 calculations...)
That is it. This means that at compute time you can MD5 a file and get its hash, and then create a garbage binary file with the same hash. In just 2^40 steps.
Big Damn Deal.
One thing that is interesting from a performance standpoint is that MD5 is great for keys (provided you don't have a rogue admin with a lot of time on their hands and heretofore unreleased MD5 hacking utilities), but MD5 is terrible for indices. Since MD5's are absolutely random there is as much chance as an MD5 being next to another as 2^128 key spaces away.
I thought security by obscurity was the weakest form of digital protection... now I know one worse: Security by Obesity.
Anyone want to rename some 2 year old DVD-SVCD code to the "fen-fen" algorithm?
To be completely confusing, Autumn in New Zeland is our Spring, so whose Autum are we talking about here?
And to add insanity to confusion... Their November starts, in some cases, 20-24 hours earlier than November in the States.
Oh yeah, and the speed of light is constant in all distinct frames of referrence. So there.
I think the RIAA is both Venue and Victim shopping to build enough precedent so they can survive a robust defense, which has to come along someday.
Bigger concern: Is the RIAA right? And I mean legally, not morally. Does internet file sharing constitute a valid example of "fair use" or not?
In the US legislation, the fair use defense is assessed on a case by case basis, weighing the four factors outlined in 17 USC section 107: (1) purpose and character of use, (2) nature of the work, (3) amount copied, and (4) market effects. Common examples of fair use are criticism, comment, education and research.
So if I own a guitar, can I call it a slam dunk and say: "I was learning those riff's, man... educational fair use!" ? Or how about "those words Eminem rapped really spoke to me... I LEARNED something about myself after that man... a truly educational experience."
If the rumors are true, and music sales are actually up (by some measures), then #4 goes out the window. Can the Record companies post a profit and still use the defense that the market is affected? If they can't when do the shareholders bail?
Lets face it: copying 100% of the work solely for personal listening pleasure so you don't have to purchase the work to begin with (in a market where Big Record Companies are losing their shirts) is a compelling case against an individual claiming "fair use." But that is spinning the case like the RIAA does every time they take on the little guy.
How exactly would Joe Sixpack defend himself? Maybe settling for $3000 is the smart play?
But it is "autonomous" which they define as being able to follow a pre-programmed flight path.
If the Pixelito's controls were computer controlled, then that would probably meet the standard too.
My question is this why bother with the onboard computing power when you can put a linux supercluster on top of the joystick?
I think it is more impressive when it falls down and has to get up itself. Notice how it goes through a pre-programmed "stand up" sequence.
I have to wonder if that is sensor activated or just a button on the remote.
It looked like there were only a dozen or so templates. I know from experience that creating the 3D models to spin around that are also scale replica's of your product is a pain in the puck...
So even if you can change the base colors, contrast, and brightness on all of the motion elements, you will end up with some really great looking presentations, which look just like everyone else's who uses this tool.
So you end up being unique... just like everyone else.
Salon had an article awhile back on embedding messages in photos.
That appears to be the more common use of the technique of steganography, lots of synonyms in media files.
Why wouldn't Microsoft or any other mega-corporation do this with their executables? They could embed your product key in the MSOffice.exe when you "activated" your product and if it ever got out they could send the goons in black helicopters?
Get my tin foil hat.
How long before a crappy kids show comes along which derives it's sappy content EXCLUSIVELY from this one effect... like gen-locking in Blues Clues.
At least they can pay an extra scale to be whichever Tele-Tubbie doesn't show up that day.
Yeeesh.
Here is a link to part of the interview: ...Oh wait, I answered my own question...
http://www.playboy.com/magazine/interview.html
FYI: 2 time Olympian High Jumper, Amy Acuff is on the cover.
Obligatory Dumb Question: How the flying F**K does a Playboy cover girl do the high jump?
Isn't the FCC appointed by the executive branch along with the bulk of the secretary level people at the DOJ? So the Executive branch is asking the Excutive branch to give the Executive branch the power to tap our phones... and the Executive branch unanimously approved it's own actions... The legislation that comes out of this will look seriously inbred... for good reason.
Oddly enough, the information a robot on Mars would gather is IDENTICAL to the information one would gather outside El Paso. Except for the occassional cacti: the desert around El Paso is as remote and as lifeless as the surface of Mars (presumably). But much much hotter