i've already switched to Triple-Rjindeal scheme, eg 3AES256 with a keying analogous to 3DES keying option 1
You're doing it wrong: a) There's no proof that this will increase the strength, it might weaken it. b) You'd be better off adding whitening (ie. AESX, analogous to DESX) c) Much better to just increase the number of rounds in standard AES.
Doesn't matter: Do the math with a single electron transition per key and you still need to capture the entire energy output of the Sun to brute force a 128-bit key in a useful time. Not going to happen.
Given Moores law a crypto attack will get double the speed about every 2 years so it was known from the start that AES had a limited time to be secure. It was just a matter of time until the crypte lenght become too short given the CPU power you can add to break it.
I don't think you quite grasp the scale of the numbers here. It's easy to say "just use a million PCs" but setting up that many PCs, powering them all and just plain keeping them all running is way harder than you think. Numbers in the tens of thousands is probably more realistic (even for the NSA).
Quoting Moore's Law doesn't work either: A better way to think of it is to figure out how much energy you'd need to brute force a 128-bit crypto key. Assuming the lowest power unit possible to check a key, ie. one electron transition, you'll still need about 10^20 joules of energy to crack the key. Where are you going to get that much energy from?
Clue: Its close to what the entire Sun puts out, ie. the heat generated by your PC farm would be enough to melt the Earth.
(And in reality there's NO WAY you could check an AES key with so little energy, you'll need many orders of magnitude more...)
All this attack shows is that AES should have had a couple more rounds built into it, ie. the number of rounds wasn't sufficient to remove all trace of the key. You can recover 2 or 3 key bits with less work than a brute force search.
I'm not sure how they chose the number of rounds for AES but it doesn't seem like there was much of a safety margin (only ten loops with a 128 bit key??)
Short version: The algorithm is still secure, we just need to increase the loop count a bit.
It does require you to get the resource in a special block
Not really automatic then, is it?
That was an intentional language decision.
I know that...Java left out many features to try to prevent bad programmers from using them. The result was that Java became less useful to good programmers and the bad programmers just found more creative ways to write bad code.
Luckily for me I built some counters into the objects which increment/decrement when they get constructed/destructed and made it beep at me if I quit the program when one of the counters isn't zero.
The fact that I don't remember the last time it beeped disproves your theory...
What about code delivery? If your code is to be used by the general public then your managed environments are going to make program support very costly.
I can't think of a job that C++ would be useless for, I can think of plenty of jobs that Lua/Python/etc would be completely useless for (you mentioned some yourself).
Is C++ the best choice for everything? No... but overall it's definitely the best language. You'll never run into something it can't do.
Garbage collectors have some problems which can't be fixed:
a) Garbage collection only works for RAM, it doesn't release resources like files, network connections, etc. in a timely fashion.
b) When RAM is low and you start swapping to disk a garbage collector which scans/compacts the entire heap every few seconds will cause massive disk thrashing.
Given that freeing resources is mostly a non-issue in C++, why would anybody want a garbage collector?
Because it doesn't provide full automatic memory management (smart pointers don't handle cycles), and because you have to write reams and reams of angle brackets to use them.
If you're creating cycles then you didn't understand RAII. The objects in your cycle don't 'own' each other.
If you're typing lots of angle brackets then maybe you need to learn about typedef.
It's better to close your files and connections, but they'll be garbage-collected for you if you don't.
You seem to be saying that after I save a file I have to wait for the garbage collector to run before I can open the file in another application or move it somewhere else on the disk. How will I know when the garbage collector has run (assuming it runs at all...)? Am I supposed to quit your application to force it to close the file before I can safely email it to somebody?
I doubt I've spent 10 minutes in the past 2 or 3 years actually debugging memory problems in C++.
For a laugh I just searched for the word 'delete' in my current C++ project. There was a grand total of nine of them in 250,000 lines of code (and they were to define some new container classes).
There's no manual memory management anywhere in the rest of the code. Memory management in C++ is a myth perpetuated by C hackers who can't be bothered to educate themselves.
Yep, I don't recall having memory management issues with C++ in the last ten years or so. Smart pointers take care of freeing RAM and the std::vector I use has bounds checking and extensive iterator checking turned on by default (even on operator[]).
Done properly C++ is as safe as Java, i.e. the only memory error is null pointer.
Java, OTOH has no stack unwinding for timely release of resources. Garbage collection is useless for anything other than RAM. Want a file or a network connection closed? You have to wrap it in a try...finally block and close it manually. Every single time, no way to automate it.
Then there's Java's brain-dead inheritance model. Get ready to do multiple inheritance manually by copying/pasting code from all the base classes. Cross your fingers that the interface never changes and you have to go and hunt down every last copy of it.
In the 1800's plenty of people had proven that manned flight was impossible.
What about all those pesky 1700's hot air balloons people were flying around in?
FTL within the bounds of Newtonian physics is impossible. We have pretty much proven that with quantum physics there are a lot more things about the universe than Newton would have ever expected.
I think you're confusing Newton with Einstein, not exactly a good start to a science argument.
But the correlation is only useful if some attribute of twitter can be shown to lead the market.
And only if you can eliminate all random events from the world. eg. What if there's an earthquake tomorrow? The CEO is discovered having an affair? Some granny goes on TV saying her car accelerated suddenly...?
In other news: Werdent Capital, a new hedge fund that makes trades and investments based on Facebook sentiment didn't beat the market or make any headlines.
i've already switched to Triple-Rjindeal scheme, eg 3AES256
with a keying analogous to 3DES keying option 1
You're doing it wrong:
a) There's no proof that this will increase the strength, it might weaken it.
b) You'd be better off adding whitening (ie. AESX, analogous to DESX)
c) Much better to just increase the number of rounds in standard AES.
(Yeah, I know you were being facetious, but...)
Doesn't matter: Do the math with a single electron transition per key and you still need to capture the entire energy output of the Sun to brute force a 128-bit key in a useful time. Not going to happen.
Given Moores law a crypto attack will get double the speed about every 2 years so it was known from the start
that AES had a limited time to be secure. It was just a matter of time until the crypte lenght become too short given the CPU power you can add to break it.
I don't think you quite grasp the scale of the numbers here. It's easy to say "just use a million PCs" but setting up that many PCs, powering them all and just plain keeping them all running is way harder than you think. Numbers in the tens of thousands is probably more realistic (even for the NSA).
Quoting Moore's Law doesn't work either: A better way to think of it is to figure out how much energy you'd need to brute force a 128-bit crypto key. Assuming the lowest power unit possible to check a key, ie. one electron transition, you'll still need about 10^20 joules of energy to crack the key. Where are you going to get that much energy from?
Clue: Its close to what the entire Sun puts out, ie. the heat generated by your PC farm would be enough to melt the Earth.
(And in reality there's NO WAY you could check an AES key with so little energy, you'll need many orders of magnitude more...)
All this attack shows is that AES should have had a couple more rounds built into it, ie. the number of rounds wasn't sufficient to remove all trace of the key. You can recover 2 or 3 key bits with less work than a brute force search.
I'm not sure how they chose the number of rounds for AES but it doesn't seem like there was much of a safety margin (only ten loops with a 128 bit key??)
Short version: The algorithm is still secure, we just need to increase the loop count a bit.
Nothing is "prohibitively expensive" when you've got taxpayer money to spend.
I created an example for you:
void testMemory() {
std::string* s = new std::string();
s->append("sample");
}
LOL! I hope you're only trolling. Seriously. If not you should try another profession.
Then you are doing boost, not C++.
Nope, I don't use boost...
It does require you to get the resource in a special block
Not really automatic then, is it?
That was an intentional language decision.
I know that...Java left out many features to try to prevent bad programmers from using them. The result was that Java became less useful to good programmers and the bad programmers just found more creative ways to write bad code.
Yeah, that's probably worst-case for C++...
But if you don't want to care about it then you don't have to - you can leave it to the garbage collector and it'll take care of it.
...this is the level of programmer who thinks he's able to criticize another programming language?
If you have cycles of pointers which are claiming "ownership" of each other then maybe you need to revisit your design, re-read the chapter on RAII.
Luckily for me I built some counters into the objects which increment/decrement when they get constructed/destructed and made it beep at me if I quit the program when one of the counters isn't zero.
The fact that I don't remember the last time it beeped disproves your theory...
What about code delivery? If your code is to be used by the general public then your managed environments are going to make program support very costly.
There is no best language in general
I can't think of a job that C++ would be useless for, I can think of plenty of jobs that Lua/Python/etc would be completely useless for (you mentioned some yourself).
Is C++ the best choice for everything? No ... but overall it's definitely the best language. You'll never run into something it can't do.
Garbage collectors have some problems which can't be fixed:
a) Garbage collection only works for RAM, it doesn't release resources like files, network connections, etc. in a timely fashion.
b) When RAM is low and you start swapping to disk a garbage collector which scans/compacts the entire heap every few seconds will cause massive disk thrashing.
Given that freeing resources is mostly a non-issue in C++, why would anybody want a garbage collector?
Because it doesn't provide full automatic memory management (smart pointers don't handle cycles), and because you have to write reams and reams of angle brackets to use them.
If you're creating cycles then you didn't understand RAII. The objects in your cycle don't 'own' each other.
If you're typing lots of angle brackets then maybe you need to learn about typedef.
It's better to close your files and connections, but they'll be garbage-collected for you if you don't.
You seem to be saying that after I save a file I have to wait for the garbage collector to run before I can open the file in another application or move it somewhere else on the disk. How will I know when the garbage collector has run (assuming it runs at all...)? Am I supposed to quit your application to force it to close the file before I can safely email it to somebody?
I doubt I've spent 10 minutes in the past 2 or 3 years actually debugging memory problems in C++.
For a laugh I just searched for the word 'delete' in my current C++ project. There was a grand total of nine of them in 250,000 lines of code (and they were to define some new container classes).
There's no manual memory management anywhere in the rest of the code. Memory management in C++ is a myth perpetuated by C hackers who can't be bothered to educate themselves.
Yep, I don't recall having memory management issues with C++ in the last ten years or so. Smart pointers take care of freeing RAM and the std::vector I use has bounds checking and extensive iterator checking turned on by default (even on operator[]).
Done properly C++ is as safe as Java, i.e. the only memory error is null pointer.
Java, OTOH has no stack unwinding for timely release of resources. Garbage collection is useless for anything other than RAM. Want a file or a network connection closed? You have to wrap it in a try...finally block and close it manually. Every single time, no way to automate it.
Then there's Java's brain-dead inheritance model. Get ready to do multiple inheritance manually by copying/pasting code from all the base classes. Cross your fingers that the interface never changes and you have to go and hunt down every last copy of it.
Want some "drudge"? Use Java.
Can't they just buy a bunch of old science fiction books and read them? It'll be a lot cheaper...
In the 1800's plenty of people had proven that manned flight was impossible.
What about all those pesky 1700's hot air balloons people were flying around in?
FTL within the bounds of Newtonian physics is impossible. We have pretty much proven that with quantum physics there are a lot more things about the universe than Newton would have ever expected.
I think you're confusing Newton with Einstein, not exactly a good start to a science argument.
But the correlation is only useful if some attribute of twitter can be shown to lead the market.
And only if you can eliminate all random events from the world. eg. What if there's an earthquake tomorrow? The CEO is discovered having an affair? Some granny goes on TV saying her car accelerated suddenly...?
In other news: Werdent Capital, a new hedge fund that makes trades and investments based on Facebook sentiment didn't beat the market or make any headlines.
If only there was a way to distribute a non-reusable token to every voter before the election.
There's plenty of research papers been published on "secure online voting". Try google.
In theory it can be much more secure than paper.
(Though in practice it's likely they'll sub-contract it to a bunch of idiots who don't know how to google those research papers...)
_You_ can't...
Sure you can. We're designing a whole new voting system so you just build in that ability.
counting paper ballots with rigged software or downright lying
Or swapping ballot boxes on the way to the counting office, or...
A digital system has the potential to be far more secure than a paper-based one.