As one of those 'security guys' I would submit that it really is a matter of computing power. For example, Through mine own experiments I would have to say that a password that is encrypted using the standard 'crypt' function should be outdated every 2 weeks. It would take me a maximum of 29 days to brute force attack ANY password using that function using 24 pentium 166's. This is mathimatical to me. With a sizable cluster this would of course become much less. My point is that data should become outdated as to its efectiveness and that encryption standards should rise as the availability of computing power rises. No encryption is unbreakable. It just takes time.
My interpretation of the situation as it applies to the export restrictions and the general resistance to allowing users to have things like strong crypto is actually very simple.
Through my own experience, when I mixed security and the court system, I came to the conclusion that people (non slashdot readers) are a little afraid.
It seems that people are afraid of what they don't understand and when they do not understand they try to control as a contingency measure.
It seems that even though the situation is reasonably plain to us it may not be plain to the masses thusly not plain to legislation. I would propose that law enforcement agencies fear strong encryption as a matter of course. They cannot use the methods of gathering information that they have relied on for years (i.e. wiretapping) so as a logistic measure they wish to make it an illegal act to use encryption that they cannot break (so as to gain the warrants necessary or whatever) . I personally do not blame them as they have a reason to fear in this respect.
I do not blame any of them I simply think they are wrong. Dead wrong. The argument is very flawed in the fact technology is, for the most part, benign. Regulating gnowelege and the derivatives of such knowledge is asinine. Total regulation will probably never happen as this proves somewhat (hopefully).
The bottom line is that people fear technology. And the idea that someone being able to communicate so securely that our beloved protectors cannot listen in makes people fear.
At least those people who trust their neigbors/government/competition/wife not to listen in on private discourse.
If you measure a set of mostly random events you will end up with a bell cuve.
      it seems to me that external, modifying events are removed from scientific studies as much as possible. This act automagically skews the results at least slightly enuff to where you will find something else in nature. It would seem to me that it would be impossible to take EVERYTHING (i.e. everything) that might efect the results into account so we dont bother trying.
      If we want to predict a mostly random event we apply the bell shaped curve. But I say 'mostly random' becouse most things are not truely random.
      Just becouse we fail to predict or fully understand a problem does not mean that it is utterly random. This new curve helps to predict some things. Others might take a whole new curve. I do not believe that there will ever be a universally true curve. All that this points out (gasp) is that not all things are utterly random.
I remember that shortly after the report was published MindCraft semi-officially said something to the effect that : "if we were to run the test again....we would not make those optimizations" (e.g. the ones that slowed samba down). My question is: Why cant they do it again? Just do the tests again.... I realize it will be expensive. But someone paid for it originally and came up with flawed results. Most companies would be looking at how to do it right the second time instead of saying "Well ya know if we were to do it again we would not screw it up (But since microsoft isn't interested in a real test that isn't going to happen)" Most companies do their best to cusion bad publicity. But microsoft seems to be proving time and again that ANY publicity is good. Even if its bad.
If you interpret the conclusion that Americans produce less ocde, i.e they must be lazy. Then you should be able to say the inverse about MS based on the amount of code they produce or do not. But we all know it would be a dangerouse assumption becouse what I beleve are these two rules: #1. the code defines the application #2. well thought out code produces a well thought out application. (lazy?) And one might infere a third rule: #3. massive code could easily produce massive applications. So when i take all this info in I can only come to one conclusion. MS may not be well thought out but they are not lazy. I think I would have more pride in being lazy.
Slashdot Mirror
As one of those 'security guys' I would submit that it really is a matter of computing power.
For example, Through mine own experiments I would have to say that a password that is encrypted using the standard 'crypt' function should be outdated every 2 weeks. It would take me a maximum of 29 days to brute force attack ANY password using that function using 24 pentium 166's. This is mathimatical to me.
With a sizable cluster this would of course become much less. My point is that data should become outdated as to its efectiveness and that encryption standards should rise as the availability of computing power rises.
No encryption is unbreakable. It just takes time.
resistance to allowing users to have things like strong crypto is actually very simple.
Through my own experience, when I mixed security and the court system, I came to the
conclusion that people (non slashdot readers) are a little afraid.
It seems that people are afraid of what they don't understand and when they do not
understand they try to control as a contingency measure.
It seems that even though the situation is reasonably plain to us it may not be plain to
the masses thusly not plain to legislation. I would propose that law enforcement agencies
fear strong encryption as a matter of course. They cannot use the methods of gathering
information that they have relied on for years (i.e. wiretapping) so as a logistic measure
they wish to make it an illegal act to use encryption that they cannot break (so as to gain
the warrants necessary or whatever) . I personally do not blame them as they have a
reason to fear in this respect.
I do not blame any of them I simply think they are wrong. Dead wrong. The argument is
very flawed in the fact technology is, for the most part, benign. Regulating gnowelege and
the derivatives of such knowledge is asinine. Total regulation will probably never happen
as this proves somewhat (hopefully).
The bottom line is that people fear technology. And the idea that someone being able to
communicate so securely that our beloved protectors cannot listen in makes people fear.
At least those people who trust their neigbors/government/competition/wife not to listen
in on private discourse.
If you measure a set of mostly random events you will end up with a bell cuve.
      it seems to me that external, modifying events are removed from scientific studies as much as possible.
This act automagically skews the results at least slightly enuff to where you will find something else in nature.
It would seem to me that it would be impossible to take EVERYTHING (i.e. everything) that might efect the results into account so we dont bother trying.
      If we want to predict a mostly random event we apply the bell shaped curve. But I say 'mostly random' becouse most things are not truely random.
      Just becouse we fail to predict or fully understand a problem does not mean that it is utterly random. This new curve helps to predict some things. Others might take a whole new curve. I do not believe that there will ever be a universally true curve. All that this points out (gasp) is that not all things are utterly random.
Sounds more like vandalism then hacking. Its about time you got caught up on the term.
I remember that shortly after the report was published MindCraft semi-officially said something to the effect that : "if we were to run the test again....we would not make those optimizations" (e.g. the ones that slowed samba down).
My question is: Why cant they do it again? Just do the tests again....
I realize it will be expensive. But someone paid for it originally and came up with flawed results. Most companies would be looking at how to do it right the second time instead of saying
"Well ya know if we were to do it again we would not screw it up (But since microsoft isn't interested in a real test that isn't going to happen)"
Most companies do their best to cusion bad publicity. But microsoft seems to be proving time and again that ANY publicity is good.
Even if its bad.
If you interpret the conclusion that Americans produce less ocde, i.e they must be lazy. Then you should be able to say the inverse about MS based on the amount of code they produce or do not. But we all know it would be a dangerouse assumption becouse what I beleve are these two rules: #1. the code defines the application #2. well thought out code produces a well thought out application. (lazy?) And one might infere a third rule: #3. massive code could easily produce massive applications. So when i take all this info in I can only come to one conclusion. MS may not be well thought out but they are not lazy. I think I would have more pride in being lazy.