And, I wasn't really being sarcastic - I am truly glad that people work on these problems.
On the other hand, my favorite stream ciphers are based on very long period PRNGs like the Mersenne Twister - period of 2^19937, make your key as strong as you like.
Well... I'd say that if your password is good enough that a computer can't tell it sucks, then it's probably good enough.
I'm far more worried about 'bots trying to crack my password than actual human beings... even at internationally farmed out labor rates and super speed, a penny might buy at most a hundred human generated password guesses, while a penny worth of computer time can try millions.
By the time it costs a couple of thousand dollars to crack a password, aren't we strong enough?
I think most paid professionals could come up with a 2100 word vocabulary of words they can remember, especially if you bounce their choice when they use any of the 500 most commonly selected words - they could use the 500 most common, just that they wouldn't get credit for a common word being one of the four.
A 4 to 7 word sentence is a hell of a lot easier to remember than 7 screwy characters.
My problem with the xkcd scheme is that users are lazy and rather than pick 4 random words, they'll pick 4 words that are easy to remember in sequence: "haveityourway" "darksideofthemoon" "thesearenothtedroidsyourelookingfor", so with a phrase dictionary and some grammar rules, you still have a good chance at brute-forcing some user's passwords.
All it takes is a simple twist to "haveityourwaydave" "darksideofthegoon" "thesearenotthefloydsyourelookingfor" and the phrase-dictionary attack falls apart, just like a dictionary attack on regular words.
If the password is being stored hashed (and anybody really cares how "strong" it is) it should be checked against a decent sized rainbow table for common words and phrases before being accepted.
I'm glad that there are people who care enough to analyze the strength of things that are so strong they just don't matter.
Anything that lasts beyond 100 years cracking time on $100K worth of hardware (actual, including Moore's law growth in analysis power) is fine by me. If somebody feels they want to spend several months tying up a $100M cluster to break a secret they think I hid somewhere, I must have done something remarkably important with my life.
I would counter that people can more quickly and easily type and remember a sentence such as:
my quick brown rabbit
than they can:
!Tdg7wrth
and the entropy is roughly the same. How about instead of f-ed up requirements like special characters, upper/lower and digits with a length of 8+, we widely distribute a standard library method for computing password entropy and let people pick what kind of strong password they want to remember instead of forcing the issue to the point where everybody is writing their passwords down?
OK OK... let's call it the Home Office restricting flow of *dangerous* information to the radicals in the NorthWest, then?
Anyway, I was just intimately exposed to the foolishness of the U.S. policies on export of encryption technologies - it's amazing what they come up with... basically a codex of law so thick that it is entirely open to interpretation and mainly serves to suppress trade in the items potentially controlled just because of the morass of paper to plow through.
I want every speed limit in my city enforced as strictly as possible -- so that people will get pissed-off at the low limits and demand they be raised. (It happened in Illinois after the 1995 federal highway speed limit was repealed: the governor wanted to keep the speed limit at 55mi/h, but almost overnight, due to a torrent of angry phone calls and letters, he backed-away from that position.) Likewise with every other law, for the same reason.
Yeah, I *want* less laws too. And I really like the philosophy that this guy is spouting out, but the words "Reality Distortion Field" also apply to what he is saying.
Even if you and I and the late Steve are/were visionaries, most people who pursue a career in law enforcement, and even politics, really aren't, and won't become visionaries anytime soon.
I'm in Ireland trying to get it from Amazon.co.uk. (They don't have a.IE one.. the gobshites):/ The U.S. Dept of Commerce would have sweet F.A. to do with it.
Unless they've blocked export of the book, or made it otherwise unattractive to Amazon as a company to export it.
You should be glad that most cops don't take a black and white view of the world.
If they went all out enforcing every law on the books, A) serious crimes would be neglected, and B) lots (more) innocent people would be caught up in things that aren't their fault, or even worth wasting everyone's time over.
It is unfortunate that the police "grey" view of things means that they don't treat everyone equal, and often give their own people the widest lattitude, but I don't think that a psych screen to reduce that kind of behavior in new recruits, or training programs for the existing forces would be very fruitful - I'm sure they're trying to do it already.
Search for "Miami River Cops" for an example of what happens when you lower the normal psych profile standards.
The time I put in an application to become a U.S. patent examiner (2003), the place of employment was just outside D.C. no telecommute, the salary was ~$50K/year, and I was going to have to wait 9 months to hear back from them about a possible interview.
I'm sure they got lots of high quality candidates with those terms.
Whether this is a downside or an upside is up to you.....
I don't think 5 years is a long enough period for film development and recovery of costs. I do think 15-20 years, perhaps with a 10 year extension on payment of a fee would do it though.
I actually like the payment of fee idea, for every year beyond 20, pay a tax of 1% of gross revenue to the country in which the revenue was collected. Want to maintain your copyright after 50 years? No problem, hand over 30% of your gross revenue.
Implicit expiration at 120 years, unless you're feeling highly charitable.
Invention is not what needs protection. As you say, invention is the easy part.
What needs protection is development of the idea, clinical trials for drugs, safety testing for vehicles, marketing efforts that build brand value, these things are where the money goes, and will fail to go if there is no protection.
The problem with copyright term, as I see it, is that it is being rigged not to benefit corporeal beings (authors) but rather their estates, heirs, assignees and other non-persons. 5 years is too short for a person, but it might be a reasonable term for a corporation. 75+ years is just.... insane.
Actually, pharmaceutical patents would do well to disappear. Promising drugs get ditched because they can't recoup the investment. All they produce are "treatments". There is no monetary interest in finding cures even if cures were possible through medication. A patient who never heals but can survive many long years is more profitable than one who cures. Governments would save money to finance research in those areas instead of financing the purchasing of patented drugs.
So I would think that the 5 year period would be justified on this basis only.
You assume that your government wants you to live longer - most people living to 200 years old would be a major problem for government, among other things.
As a thought experiment o.k., nice for discussion.
As an actual policy shift, it's un-necessarily radical and subject to overturn as it approaches.
A better policy change would slowly ramp down IP protection time windows. I'm actually O.K. with 20 years on patents, it's the 2 lifetimes and counting on copyright that I think is insane.
Start tomorrow, no standing copyright lasts beyond 2050 (38 years), then every 2 years, reduce the term of copyright by 1 year until we reach something sane like 25 years duration.
If you want a workable implementation patent reduction thought experiment, you could do something similar, reducing term by 1 year every 2 until you reach 5 years in 2042.
Ever game a system? Then the pharma companies would start a clinical trial and drag it on for the IP protection and to thwart competitors in their space.
How about letting patent examiners determine the duration instead of keeping a fixed time for everything?
That would just lead to companies bribing patent examiners and the whole system would be corrupted.
All too easily done, patent examiners are paid less than a living wage for their location near D.C., you would need to combine two full-time patent examiner's incomes to rent a 1600 square foot apartment.
I was under the impression that open publication was just as effective for protection from post-hoc patent trolls as filing your own patent, and cheaper too.
I liked film, I still like the idea of film, I had a roll of Illford 35mm sitting next to my old SLR for about 5 years (2005-2010) until I finally realized that I was just never going to use it.
$30/roll will just continue to increase as film becomes a smaller and smaller niche, at some point (maybe 2022), high quality digital will surpass high quality film in performance/price ratio, and then what little remains of the film based industry is going to crash completely.
Can you still "send out" police film for developing, or do the agencies already have to maintain their own darkroom machines?
Still, I love some of the old spy satellite mongo-plate films - gigapixels in a single (fast) exposure.
So, when Syria blows up again in 2025, you use some stock footage from 2012, compile it up, and blend it into a recent cityscape render of wherever you want the injured little girl and her family to appear.
Saves a trip around the world, and safer than putting a professional in a war zone.
Which not only makes it not news, it makes it at best discreditable that the fighting in 2025 as you say is actually happening, at worst, its simply propaganda designed to make foreign intervention easier.
Either way, the fighting, the injured little girl, and her family do not exist.
There are reasons, especially for some important cases, that even today the FBI, and other developed nations national police forces still take out the film cameras instead of digital cameras. Because even the suspected photoshop of a digital picture is grounds to throw it out and make it inadmissible to be used as evidence.
All very true, but in another 10 years or so, discriminating between a digitally generated image and a real one is going to hinge on things like "see this building here in the background, see the style of windows? That's not actually the style of windows on the real building your honor, here's pictures of the actual building that an agent took last week, and some reference photos from a year before the incident. No, look close, see how the muntins are a little too wide in the submitted evidence? Yes, those are the PPG standard muntins, but the building actually has Andersen windows in the identical style..."
IOW - the rendering will be indistinguishable. Film grain has resolution limits, RAM does not.
And, whether credible news agencies will use rendering tools or not, un-credible ones (the majority of the market) will.
Slashdot Mirror
And, I wasn't really being sarcastic - I am truly glad that people work on these problems.
On the other hand, my favorite stream ciphers are based on very long period PRNGs like the Mersenne Twister - period of 2^19937, make your key as strong as you like.
Well... I'd say that if your password is good enough that a computer can't tell it sucks, then it's probably good enough.
I'm far more worried about 'bots trying to crack my password than actual human beings... even at internationally farmed out labor rates and super speed, a penny might buy at most a hundred human generated password guesses, while a penny worth of computer time can try millions.
By the time it costs a couple of thousand dollars to crack a password, aren't we strong enough?
2140^4 ~= 80^7
I think most paid professionals could come up with a 2100 word vocabulary of words they can remember, especially if you bounce their choice when they use any of the 500 most commonly selected words - they could use the 500 most common, just that they wouldn't get credit for a common word being one of the four.
A 4 to 7 word sentence is a hell of a lot easier to remember than 7 screwy characters.
My problem with the xkcd scheme is that users are lazy and rather than pick 4 random words, they'll pick 4 words that are easy to remember in sequence: "haveityourway" "darksideofthemoon" "thesearenothtedroidsyourelookingfor", so with a phrase dictionary and some grammar rules, you still have a good chance at brute-forcing some user's passwords.
All it takes is a simple twist to "haveityourwaydave" "darksideofthegoon" "thesearenotthefloydsyourelookingfor" and the phrase-dictionary attack falls apart, just like a dictionary attack on regular words.
If the password is being stored hashed (and anybody really cares how "strong" it is) it should be checked against a decent sized rainbow table for common words and phrases before being accepted.
I'm glad that there are people who care enough to analyze the strength of things that are so strong they just don't matter.
Anything that lasts beyond 100 years cracking time on $100K worth of hardware (actual, including Moore's law growth in analysis power) is fine by me. If somebody feels they want to spend several months tying up a $100M cluster to break a secret they think I hid somewhere, I must have done something remarkably important with my life.
I would counter that people can more quickly and easily type and remember a sentence such as:
my quick brown rabbit
than they can:
!Tdg7wrth
and the entropy is roughly the same. How about instead of f-ed up requirements like special characters, upper/lower and digits with a length of 8+, we widely distribute a standard library method for computing password entropy and let people pick what kind of strong password they want to remember instead of forcing the issue to the point where everybody is writing their passwords down?
Good job printing it on the outside...
OK OK... let's call it the Home Office restricting flow of *dangerous* information to the radicals in the NorthWest, then?
Anyway, I was just intimately exposed to the foolishness of the U.S. policies on export of encryption technologies - it's amazing what they come up with... basically a codex of law so thick that it is entirely open to interpretation and mainly serves to suppress trade in the items potentially controlled just because of the morass of paper to plow through.
...
I want every speed limit in my city enforced as strictly as possible -- so that people will get pissed-off at the low limits and demand they be raised. (It happened in Illinois after the 1995 federal highway speed limit was repealed: the governor wanted to keep the speed limit at 55mi/h, but almost overnight, due to a torrent of angry phone calls and letters, he backed-away from that position.) Likewise with every other law, for the same reason.
Yeah, I *want* less laws too. And I really like the philosophy that this guy is spouting out, but the words "Reality Distortion Field" also apply to what he is saying.
Even if you and I and the late Steve are/were visionaries, most people who pursue a career in law enforcement, and even politics, really aren't, and won't become visionaries anytime soon.
I'm in Ireland trying to get it from Amazon.co.uk. (They don't have a .IE one.. the gobshites) :/
The U.S. Dept of Commerce would have sweet F.A. to do with it.
Unless they've blocked export of the book, or made it otherwise unattractive to Amazon as a company to export it.
Amazon has it, and won't ship it to Ireland for some reason.
Sounds like the US Dept of Commerce's idea, not Amazon's...
How about a book for those of us who need a post-graduate book on information security?
That's not a book, that's a self-study course.
You should be glad that most cops don't take a black and white view of the world.
If they went all out enforcing every law on the books, A) serious crimes would be neglected, and B) lots (more) innocent people would be caught up in things that aren't their fault, or even worth wasting everyone's time over.
It is unfortunate that the police "grey" view of things means that they don't treat everyone equal, and often give their own people the widest lattitude, but I don't think that a psych screen to reduce that kind of behavior in new recruits, or training programs for the existing forces would be very fruitful - I'm sure they're trying to do it already.
Search for "Miami River Cops" for an example of what happens when you lower the normal psych profile standards.
I've known an awful lot of "good" cops, but you're right, the good ones won't step up to do anything about the few "bad" ones that there are.
The time I put in an application to become a U.S. patent examiner (2003), the place of employment was just outside D.C. no telecommute, the salary was ~$50K/year, and I was going to have to wait 9 months to hear back from them about a possible interview.
I'm sure they got lots of high quality candidates with those terms.
Whether this is a downside or an upside is up to you.....
I don't think 5 years is a long enough period for film development and recovery of costs. I do think 15-20 years, perhaps with a 10 year extension on payment of a fee would do it though.
I actually like the payment of fee idea, for every year beyond 20, pay a tax of 1% of gross revenue to the country in which the revenue was collected. Want to maintain your copyright after 50 years? No problem, hand over 30% of your gross revenue.
Implicit expiration at 120 years, unless you're feeling highly charitable.
Invention is not what needs protection. As you say, invention is the easy part.
What needs protection is development of the idea, clinical trials for drugs, safety testing for vehicles, marketing efforts that build brand value, these things are where the money goes, and will fail to go if there is no protection.
The problem with copyright term, as I see it, is that it is being rigged not to benefit corporeal beings (authors) but rather their estates, heirs, assignees and other non-persons. 5 years is too short for a person, but it might be a reasonable term for a corporation. 75+ years is just.... insane.
Actually, pharmaceutical patents would do well to disappear. Promising drugs get ditched because they can't recoup the investment. All they produce are "treatments". There is no monetary interest in finding cures even if cures were possible through medication. A patient who never heals but can survive many long years is more profitable than one who cures. Governments would save money to finance research in those areas instead of financing the purchasing of patented drugs.
So I would think that the 5 year period would be justified on this basis only.
You assume that your government wants you to live longer - most people living to 200 years old would be a major problem for government, among other things.
As a thought experiment o.k., nice for discussion.
As an actual policy shift, it's un-necessarily radical and subject to overturn as it approaches.
A better policy change would slowly ramp down IP protection time windows. I'm actually O.K. with 20 years on patents, it's the 2 lifetimes and counting on copyright that I think is insane.
Start tomorrow, no standing copyright lasts beyond 2050 (38 years), then every 2 years, reduce the term of copyright by 1 year until we reach something sane like 25 years duration.
If you want a workable implementation patent reduction thought experiment, you could do something similar, reducing term by 1 year every 2 until you reach 5 years in 2042.
Then how about 5 years from clinical approval?
Ever game a system? Then the pharma companies would start a clinical trial and drag it on for the IP protection and to thwart competitors in their space.
How about letting patent examiners determine the duration instead of keeping a fixed time for everything?
That would just lead to companies bribing patent examiners and the whole system would be corrupted.
All too easily done, patent examiners are paid less than a living wage for their location near D.C., you would need to combine two full-time patent examiner's incomes to rent a 1600 square foot apartment.
I was under the impression that open publication was just as effective for protection from post-hoc patent trolls as filing your own patent, and cheaper too.
I liked film, I still like the idea of film, I had a roll of Illford 35mm sitting next to my old SLR for about 5 years (2005-2010) until I finally realized that I was just never going to use it.
$30/roll will just continue to increase as film becomes a smaller and smaller niche, at some point (maybe 2022), high quality digital will surpass high quality film in performance/price ratio, and then what little remains of the film based industry is going to crash completely.
Can you still "send out" police film for developing, or do the agencies already have to maintain their own darkroom machines?
Still, I love some of the old spy satellite mongo-plate films - gigapixels in a single (fast) exposure.
So, when Syria blows up again in 2025, you use some stock footage from 2012, compile it up, and blend it into a recent cityscape render of wherever you want the injured little girl and her family to appear.
Saves a trip around the world, and safer than putting a professional in a war zone.
Which not only makes it not news, it makes it at best discreditable that the fighting in 2025 as you say is actually happening, at worst, its simply propaganda designed to make foreign intervention easier.
Either way, the fighting, the injured little girl, and her family do not exist.
There are reasons, especially for some important cases, that even today the FBI, and other developed nations national police forces still take out the film cameras instead of digital cameras. Because even the suspected photoshop of a digital picture is grounds to throw it out and make it inadmissible to be used as evidence.
All very true, but in another 10 years or so, discriminating between a digitally generated image and a real one is going to hinge on things like "see this building here in the background, see the style of windows? That's not actually the style of windows on the real building your honor, here's pictures of the actual building that an agent took last week, and some reference photos from a year before the incident. No, look close, see how the muntins are a little too wide in the submitted evidence? Yes, those are the PPG standard muntins, but the building actually has Andersen windows in the identical style..."
IOW - the rendering will be indistinguishable. Film grain has resolution limits, RAM does not.
And, whether credible news agencies will use rendering tools or not, un-credible ones (the majority of the market) will.