What you quoted is NOT direct from Snowden. Hell, the opening line right before the list of those statements is attributed to someone other than Snowden.
I quoted Snowden verbatim on the very specific point that "encryptyion works," all you've done is quote journalists who are speaking in very vague terms.
But, you know what, let's take your citation at face value. The very next statement: "Strong, non-commercial encryption systems still seem to thwart the NSA's efforts." OpenSSL is a strong, non-commercial encryption system. Looks like your own citation contradicts your claim that SSL, not just certain implementations, has been compromised.
We are going back to my rules:
Really? That extraordinary claims don't require extraordinary proof? You are the one who made the claim and so far all of your "proof" amounts to is deliberate misreadings of vague statements. Snort!
if the RNG that the RSA encryption is based on is compromised, the encryption is compromised.
If you are referring to Dual EC DRBG only RSA's BSAFE toolkit defaulted to it, because it was really slow. How many SSL implementations use BSAFE? I don't know, but I bet it isn't all that many since BSAFE is closed source and costs money. Certainly OpenSSL doesn't use it.
After all, extraordinary claims of something being "outright false" require extraordinary proof.
You have that completely reversed - it is you who made the extraordinary claim. I picked one your citations at random - the zdnet one - and the only relevant part is actually a reference to your first citation at the NY Times - the line:
" Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip.
"And they went and did it anyway, without telling anyone," Mr. Kocher said. He said he understood the agency's mission but was concerned about the danger of allowing it unbridled access to private information. "
Funny thing, he also said:
"Computer security is still in such a [bad] state that you don't need to insert a back door," said Paul Kocher, a US cryptography expert. "If the front door is locked, you can just go in through a side window."
Given that more complete context, it doesn't look like he thinks SSL is compromised, just the end points.
But to further the point, it is strongly suspected that SSL is already broken by the NSA, and having certificates is no longer necessary.
That is outright false. I challenge you to provide a citation to a reasonably authoritative site saying that - basically anybody who isn't a kook. You can't.
The best you can come up with is that RSA-1024 is easy enough to brute-force with modern equipment. But moving to RSA-2048, as google has already done, still provides very strong protection.
No, the only thing that may be confirmed by my comment is that I didn't post a link to an article. A few seconds of googling "mass shooting suicide note" confirms that they do exist.
None of the recent ones have had a suicide note. Sure, out of the hundreds of "mass shootings" (any shooting of more than 2 people qualifies for that label) there have been a few suicide notes.
But none of what the public typically considers a mass-shooting - killing many people that the shooter has little to no relationship with and which ends in the shooter being killed - columbine, aurora, newtown, etc have had suicide notes. As always you are welcome to prove me wrong, bald assertions of lying, irrationality and laziness don't prove anything.
Men don't like to drive station wagons and women like to feel invulnerable. Tipping over is a lot less likely than hitting or getting hit and women as a group are paranoid that if they don't have the biggest monster on the road, they and their children will be killed by someone else driving the biggest monster on the road who hits them.
You might argue that if nobody had SUVs then nobody would want them. But that ain't the world we live in. So it is entirely true to say that "American want SUVs" no matter how we arrived at the current state.
"What Will Ubiquitous IP Laws to do to 3D Printing?"
I can hear the saliva dripping from the mouths of lawyers looking to litigate 3D printing into the ground. They'll fail, but its going to be a death-rattle 100x more destructive than what the MAFIAA has been doing for the last 20 years.
It's just another example of how people fight an overweening government's attempts to control behavoir
Not in the slightest. What it is is just another example of how people look to pay as little as they absolutely have to. It happens in pretty much all situations in which money exchanges hands.
I know it is popular to blame the phone companies here, but don't forget what the government did to Qwest. The CEO of Qwest stood up to the government and said "NO." They put him in prison for insider trading because he sold shares months before the government canceled classified contracts in retaliation.
90+% of all American shooting sprees occur in locations where conceal carry is prohibited. Another words these gunman almost certainly, with planning, picked their venue with the knowledge that his targets would not be able to shoot back.
Of course it doesn't mean that at all. It means that both society and the shooters recognized those places as being vulnerable - society thought it could protect them by banning guns there, the shooters liked it because the places were vulnerable anyway. It doesn't mean the shooters actually researched whether or not concealed carry was permitted. Since basically all mass shootings are deliberate forms of suicide, the shooters would actually do better to pick locations where concealed carry is explicitly permitted.
The thing is that different systems pick up different minutiae.
Different systems prefer different minutiae, if the preferred minutiae aren't present they fall back. If they only looked at specific types of minutiae and a print happened to completely lack that type then they wouldn't register a print at all.
Care to cite any studies or article where this has happened? Otherwise it is pure conjecture on your part.
I worked on the development of the AFIS part of IAFIS for a couple of years. We used specific software from Sagem, but we had pretty much one of everything in lab to keep up to date. They all worked the way I described.
So has snail mail and we use it much less today as we have a better technology called email.
Not comparable. The cost of email is in the infrastructure which is shared across hundreds of other uses.
Whether one is scanning a fingerprint, punching a card or signing a sheet of paper I see no difference.
Authoritarians tend towards a lack of empathy, so it is no surprise you come to that conclusion.
I can't find the reference but an article I read said that better sensors detect temperature and blood flow to counter the fake fingers.
Not applicable. Fake fingers (and dead fingers) are entirely different thing than a bit of gelatin that has the same temperature and capacitance as living human skin.
I also checked the article. The tape changed the fingerprint so they could not be recognized rather than match another print. It is a different issue.
That is a deliberate mis-reading of the article. Other reports of the same event specifically spell out that the tape contained prints from other people.
Three intellectually dishonest claims from you say to me that you are more interested in a pissing-match rather than finding truth, so I'm done.
Fingerprints for this purpose are usually hashed. I.e. you are not able to reverse it back to a picture of their fingerprint.
For some definitions of "reverse." By "hashed" what you really mean is a list of minutiae - x,y coordinates of significant features like ridges, ridge splits, whorls, loops, etc. The list of minutiae isn't enough to reconstruct the entire fingerprint, but it is enough to make a fake print that will scan and pass as the original print.
So it won't stand up against a human doing a forensic examination (at least not a human who takes their job seriously) but it will pass an automated system with flying colors.
The only "civil liberty" it attacks is the ability to fraudulently sign in for someone else.
Is this sort of fraud currently a problem? If not, then why are they wasting the money on this system? If it is a problem, how do they know this system won't be easy to circumvent? Do they scan a full ten-print (really unlikely) or just the forefinger in which case how hard is it going to be for someone to wear gummy-bear copies of their buddies' prints on their other 9 fingers and fraudulently clock them in?
Bio-metrics are used for time card validation on many places and it is neither "draconian" nor "an attack on civil liberties".
Treating people like criminals should always be a last resort and if you do it, you better be prepared for the result that they start acting like criminals. Whether that qualifies under the rubric of civil liberties, I don't know, but it is a socially destructive path to take.
Linux is not GNU/Linux any more than Windows is "GNU/Windows" after you install Cygwin.
That is an intellectually dishonest comparison. The more accurate comparison is "MS/Windows to GNU/Linux" - basically all of the userland on Windows depends on MS code. Similarly pretty much all of Linux userland depends on GNU code - gcc and glibc have practically 100% coverage for Linux userland's dependency on GNU software without having to get into the nitty-gritty details of exactly what other GNU software is in a typical distribution.
I'm not particularly in favor of GNU/Linux as a term but I'm not particularly against it either. Right now, in this post, what I am against is bogus arguments either way.
Slashdot Mirror
Here it is direct from Snowden:
What you quoted is NOT direct from Snowden. Hell, the opening line right before the list of those statements is attributed to someone other than Snowden.
I quoted Snowden verbatim on the very specific point that "encryptyion works," all you've done is quote journalists who are speaking in very vague terms.
But, you know what, let's take your citation at face value. The very next statement: "Strong, non-commercial encryption systems still seem to thwart the NSA's efforts." OpenSSL is a strong, non-commercial encryption system. Looks like your own citation contradicts your claim that SSL, not just certain implementations, has been compromised.
We are going back to my rules:
Really? That extraordinary claims don't require extraordinary proof? You are the one who made the claim and so far all of your "proof" amounts to is deliberate misreadings of vague statements. Snort!
if the RNG that the RSA encryption is based on is compromised, the encryption is compromised.
If you are referring to Dual EC DRBG only RSA's BSAFE toolkit defaulted to it, because it was really slow. How many SSL implementations use BSAFE? I don't know, but I bet it isn't all that many since BSAFE is closed source and costs money. Certainly OpenSSL doesn't use it.
After all, extraordinary claims of something being "outright false" require extraordinary proof.
You have that completely reversed - it is you who made the extraordinary claim. I picked one your citations at random - the zdnet one - and the only relevant part is actually a reference to your first citation at the NY Times - the line:
" Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip.
"And they went and did it anyway, without telling anyone," Mr. Kocher said. He said he understood the agency's mission but was concerned about the danger of allowing it unbridled access to private information. "
Funny thing, he also said:
"Computer security is still in such a [bad] state that you don't need to insert a back door," said Paul Kocher, a US cryptography expert. "If the front door is locked, you can just go in through a side window."
Given that more complete context, it doesn't look like he thinks SSL is compromised, just the end points.
http://www.ft.com/cms/s/0/0054adb2-1709-11e3-9ec2-00144feabdc0.html
Furthermore, if there was one person speaking publically about this stuff who would know, it would be Snowden. The man who said, "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it."
But to further the point, it is strongly suspected that SSL is already broken by the NSA, and having certificates is no longer necessary.
That is outright false. I challenge you to provide a citation to a reasonably authoritative site saying that - basically anybody who isn't a kook. You can't.
The best you can come up with is that RSA-1024 is easy enough to brute-force with modern equipment. But moving to RSA-2048, as google has already done, still provides very strong protection.
No, the only thing that may be confirmed by my comment is that I didn't post a link to an article. A few seconds of googling "mass shooting suicide note" confirms that they do exist.
None of the recent ones have had a suicide note. Sure, out of the hundreds of "mass shootings" (any shooting of more than 2 people qualifies for that label) there have been a few suicide notes.
But none of what the public typically considers a mass-shooting - killing many people that the shooter has little to no relationship with and which ends in the shooter being killed - columbine, aurora, newtown, etc have had suicide notes. As always you are welcome to prove me wrong, bald assertions of lying, irrationality and laziness don't prove anything.
Who said that they never have some sort of suicide note? You?
Nope, you did. By not linking to a new article that mentions a suicide note you've just confirmed that there aren't any.
Nobody listened to you because you've done a poor job communicating your points.
Whenever somebody says "Americans want SUVs". They're wrong.
Men don't like to drive station wagons and women like to feel invulnerable. Tipping over is a lot less likely than hitting or getting hit and women as a group are paranoid that if they don't have the biggest monster on the road, they and their children will be killed by someone else driving the biggest monster on the road who hits them.
You might argue that if nobody had SUVs then nobody would want them. But that ain't the world we live in. So it is entirely true to say that "American want SUVs" no matter how we arrived at the current state.
Makes you wonder how many other times has this been done where the crooks got away scott free and the bank just didn't want to go public about it?
The real question we should be worrying about is:
"What Will Ubiquitous IP Laws to do to 3D Printing?"
I can hear the saliva dripping from the mouths of lawyers looking to litigate 3D printing into the ground. They'll fail, but its going to be a death-rattle 100x more destructive than what the MAFIAA has been doing for the last 20 years.
They want to make a loud statement that will be plastered all over national media.
If that's the case, why don't they ever have some sort of suicide note? I'm sure you've got a pop-psy explanation for that one too, so lets hear it.
It's just another example of how people fight an overweening government's attempts to control behavoir
Not in the slightest. What it is is just another example of how people look to pay as little as they absolutely have to. It happens in pretty much all situations in which money exchanges hands.
Allow me to correct your false statement. There are both facts and reason there,
Allow me to clarify - no relevant facts and lots of poor reasoning all wrapped up in a big ball of tribal anger.
Wow, I can't believe you got modded up for that. It is just a big ball of hate, all invective, no reasoning at all.
I know it is popular to blame the phone companies here, but don't forget what the government did to Qwest. The CEO of Qwest stood up to the government and said "NO." They put him in prison for insider trading because he sold shares months before the government canceled classified contracts in retaliation.
90+% of all American shooting sprees occur in locations where conceal carry is prohibited. Another words these gunman almost certainly, with planning, picked their venue with the knowledge that his targets would not be able to shoot back.
Of course it doesn't mean that at all. It means that both society and the shooters recognized those places as being vulnerable - society thought it could protect them by banning guns there, the shooters liked it because the places were vulnerable anyway. It doesn't mean the shooters actually researched whether or not concealed carry was permitted. Since basically all mass shootings are deliberate forms of suicide, the shooters would actually do better to pick locations where concealed carry is explicitly permitted.
The NRA is their own worst enemy nowadays.
Since you have not done the printing process and tried it on different systems I still call conjecture.
LOL. As if the entirety of all your posts on this topic is anything more than conjecture.
The thing is that different systems pick up different minutiae.
Different systems prefer different minutiae, if the preferred minutiae aren't present they fall back. If they only looked at specific types of minutiae and a print happened to completely lack that type then they wouldn't register a print at all.
Care to cite any studies or article where this has happened? Otherwise it is pure conjecture on your part.
I worked on the development of the AFIS part of IAFIS for a couple of years. We used specific software from Sagem, but we had pretty much one of everything in lab to keep up to date. They all worked the way I described.
So has snail mail and we use it much less today as we have a better technology called email.
Not comparable. The cost of email is in the infrastructure which is shared across hundreds of other uses.
Whether one is scanning a fingerprint, punching a card or signing a sheet of paper I see no difference.
Authoritarians tend towards a lack of empathy, so it is no surprise you come to that conclusion.
I can't find the reference but an article I read said that better sensors detect temperature and blood flow to counter the fake fingers.
Not applicable. Fake fingers (and dead fingers) are entirely different thing than a bit of gelatin that has the same temperature and capacitance as living human skin.
I also checked the article. The tape changed the fingerprint so they could not be recognized rather than match another print. It is a different issue.
That is a deliberate mis-reading of the article. Other reports of the same event specifically spell out that the tape contained prints from other people.
Three intellectually dishonest claims from you say to me that you are more interested in a pissing-match rather than finding truth, so I'm done.
Fraud is only one issue. Costs are another.
Is there evidence that costs are an issue here? Punch-clocks have been good enough for about a century.
Then why have any time sheets at all?
Because a basic level of record keeping is necessary for hourly workers. The problems come when you ratchet up the requirements without good cause.
By the way, the "gummy bear copy" paper as written eleven years ago. There may have been some advancements that make that study a bit outdated.
Do you have evidence that such attacks have been mitigated? Seems that at least as recently as 2010 it was still a viable method.
Fingerprints for this purpose are usually hashed. I.e. you are not able to reverse it back to a picture of their fingerprint.
For some definitions of "reverse." By "hashed" what you really mean is a list of minutiae - x,y coordinates of significant features like ridges, ridge splits, whorls, loops, etc. The list of minutiae isn't enough to reconstruct the entire fingerprint, but it is enough to make a fake print that will scan and pass as the original print.
So it won't stand up against a human doing a forensic examination (at least not a human who takes their job seriously) but it will pass an automated system with flying colors.
The only "civil liberty" it attacks is the ability to fraudulently sign in for someone else.
Is this sort of fraud currently a problem? If not, then why are they wasting the money on this system? If it is a problem, how do they know this system won't be easy to circumvent? Do they scan a full ten-print (really unlikely) or just the forefinger in which case how hard is it going to be for someone to wear gummy-bear copies of their buddies' prints on their other 9 fingers and fraudulently clock them in?
Bio-metrics are used for time card validation on many places and it is neither "draconian" nor "an attack on civil liberties".
Treating people like criminals should always be a last resort and if you do it, you better be prepared for the result that they start acting like criminals. Whether that qualifies under the rubric of civil liberties, I don't know, but it is a socially destructive path to take.
The bridge serves a real purpose for the NSA,
And what purpose is that other than to satisfy the delusions of grandeur of the people running the place and the people holding the purse strings?
even if it didn't, there's plenty of data centers that have fancy-looking NOCs that are only there to look fancy for the big wigs
That might be tolerable in a corporate environment, but not a government one. This is pure, unadulterated waste. "Selling" isn't part of the mission.
Linux is not GNU/Linux any more than Windows is "GNU/Windows" after you install Cygwin.
That is an intellectually dishonest comparison. The more accurate comparison is "MS/Windows to GNU/Linux" - basically all of the userland on Windows depends on MS code. Similarly pretty much all of Linux userland depends on GNU code - gcc and glibc have practically 100% coverage for Linux userland's dependency on GNU software without having to get into the nitty-gritty details of exactly what other GNU software is in a typical distribution.
I'm not particularly in favor of GNU/Linux as a term but I'm not particularly against it either. Right now, in this post, what I am against is bogus arguments either way.