No, it's named after the god Mercury. From dictionary.com: Having the characteristics of eloquence, shrewdness, swiftness, and thievishness attributed to the god Mercury.
Ah! Amusingly what you wrote is AFACIT valid Perl code. I had to stop myself writing it in Python, which I've been writing a lot of recently. But surely a similar thing must be possible in PHP?
Kerberos may be hard to code against but it's conceptually relatively straightforward. I think I know the field well enough that it's a bad sign if I fall in to difficulty, but clearly you disagree, though you don't say on what basis you make that judgement.
I didn't say some of the other things you seem to imagine I said so there's not much point in replying to your replies to those.
Because I've tried to gain a detailed understanding of how it works, and found it far, far too complex. I strongly suspect that nothing that complex will succeed in delivering security.
Biometrics are only useful when you can be sure of their "liveness" - ie that the biometric you're examining belongs to the party you're currently trying to authenticate. You can violate liveness with photographs of people's irises, or by sending a stored biometric over the network. There is some progress in automatic liveness verification, but currently the only way to be really sure that a biometric is live is to have a security guard standing next to the biometric tester, verifying that it's really looking at a real person's iris/fingerprint before triggering biometric verification.
Was the story about the leak of the new Dr Who being on purpose leaked on purpose by BBC management as part of a viral advertising campaign for the series?
It's a shame the summary didn't say who the authors are. Odlyzko is a Very Good Thing - he writes intelligently about everything from cryptographic number theory to making academic papers freely available online. I've long thought that n^2 was too high - though n log(n) sounds a little low...
If you can't wait for the dust to settle, use SHA-256.
But if you can, you're best off waiting a few years. This and other recent results will spark a period of frenetic research into new ways of building fast hash functions that don't have these vulnerabilities. I'm sure some great stuff will come out of it. A front-runner may not really emerge for a good few years.
I'm in some ways even more struck by Kelsey and Schneier's recent second-preimage finding attack, which works against pretty much all modern hash functions, and suggests that the fundamental Merkle-Damgard paradigm by which we build them needs to be revisited. Our hash functions may end up looking more like Panama than like MD4.
Are you sure? My partner L has Type II but is now on an insulin regime; her doctors say that her diabetes is so severe it's a kind of "type 1.5" - ie Type II with a lot of Type I symptoms. Can you tell me more about how you came to this conclusion?
If quantum crypto really takes off, 2048-bit keylengths won't help you; we'll basically have to abandon public key cryptography. However, it seems very unlikely at the moment that it will ever be practical to build a quantum computer that can do anything faster than a classical computer.
In general, either
(a) there will be some massive, unexpected breakthrough in PK cryptanalysis, in which case your guesses about what will remain strong and what won't are just as totally worthless as mine, or
(b) there will be no such breakthrough, in which case 2048-bit ECC keylengths would be comically excessive and you're talking out of your arse.
If you don't know about a subject, please refrain from trying to educate others on it - thanks.
SHA-0 and SHA-1 may be useful for your non-cryptographic application. However, it's hard to see that there's any cryptographic purpose you'd recommend them for.
For a lot of purposes, we rely on our hash functions having basically no "interesting" properties at all. An algorithm for finding collisions faster than brute force can only exist if the hash function has "interesting" properties. This violates our assumptions about what we can do with the hash function. There aren't many cryptographic applications for which we can confidently use such a function.
SHA-1 is broken. Gut feeling says it's probably not at a stage where we're going to see real attacks based on the problems, but as the man said it's time to start strolling towards the fire exits.
Where you say "characteristic", I take it you mean "order"? These curves are usually built over a field of characteristic 2.
Wish I could get hold of the paper. I'm astonished that the NSA would approve a standard that didn't have a tight reduction to the underlying problem though.
If it is the second possibility, that journalist is doing a very bad thing. Square brackets should be used to indicate where reported speech or writing has been changed for the reader's convenience. Another example is "I think it [the final episode] is appalling" or "I think [the final episode] is appalling".
Hold up there - where's the bit where you say "oh yes, you're quite right, I'm talking bollocks about the Parliament Act, aren't I? Sorry."
I can now be fined/put in prison if I take my dogs for a walk and they chase a fox
Entirely false - it is not illegal unless there is intent for hunt. That's two for two - does it bother you that you seem to be believing everything the CA tells you?
"A lot of people" is a clear minority of the British population. When the CA tried to take out adverts suggesting that a majority were against hunting, they were censured by the Advertising Standards Authority.
I don't know why people keep saying this, it's so obviously bollocks. The Parliament Act takes years to invoke; it is no good for emergencies. The Lords are supposed to be an amending house, not one that takes decisions; the Parliament Act is there for when it starts acting like no more than the voice of the British upper classes against the will of the people.
The purpose of the Parliament Act has always been to ensure that the Lords cannot frustrate the will of the Commons altogether when they have really set their heart on something, and that's exactly what it was used for.
Slashdot Mirror
How did you find out?
No, it's named after the god Mercury. From dictionary.com: Having the characteristics of eloquence, shrewdness, swiftness, and thievishness attributed to the god Mercury.
Now that's a much better distro name!
Ah! Amusingly what you wrote is AFACIT valid Perl code. I had to stop myself writing it in Python, which I've been writing a lot of recently. But surely a similar thing must be possible in PHP?
A cynic might observe that had you been using a less powerful editor, you would have been forced to write something like (will contain bugs):
$entry = join("", map {cleanAttr("comp_$_",
$totCompany_list[$i][$_]} qw(phone fax email));
which would have been the right thing to write.
In Perl, you should almost never be writing repetitive code. Sadly, you sometimes have to write repetitive Java - eg defining a bean.
Kerberos may be hard to code against but it's conceptually relatively straightforward. I think I know the field well enough that it's a bad sign if I fall in to difficulty, but clearly you disagree, though you don't say on what basis you make that judgement.
I didn't say some of the other things you seem to imagine I said so there's not much point in replying to your replies to those.
Because I've tried to gain a detailed understanding of how it works, and found it far, far too complex. I strongly suspect that nothing that complex will succeed in delivering security.
Biometrics are only useful when you can be sure of their "liveness" - ie that the biometric you're examining belongs to the party you're currently trying to authenticate. You can violate liveness with photographs of people's irises, or by sending a stored biometric over the network. There is some progress in automatic liveness verification, but currently the only way to be really sure that a biometric is live is to have a security guard standing next to the biometric tester, verifying that it's really looking at a real person's iris/fingerprint before triggering biometric verification.
The *real* question is:
Was the story about the leak of the new Dr Who being on purpose leaked on purpose by BBC management as part of a viral advertising campaign for the series?
Thanks for the good news! I'll edit my profile etc when I get time...
It's a shame the summary didn't say who the authors are. Odlyzko is a Very Good Thing - he writes intelligently about everything from cryptographic number theory to making academic papers freely available online. I've long thought that n^2 was too high - though n log(n) sounds a little low...
*grin* nice one!
Actually Panama hashing is broken, but the underlying idea is nevertheless worthwhile and will hopefully see more attention.
If you can't wait for the dust to settle, use SHA-256.
But if you can, you're best off waiting a few years. This and other recent results will spark a period of frenetic research into new ways of building fast hash functions that don't have these vulnerabilities. I'm sure some great stuff will come out of it. A front-runner may not really emerge for a good few years.
I'm in some ways even more struck by Kelsey and Schneier's recent second-preimage finding attack, which works against pretty much all modern hash functions, and suggests that the fundamental Merkle-Damgard paradigm by which we build them needs to be revisited. Our hash functions may end up looking more like Panama than like MD4.
Whois lookup
Domain Name: COM-SUCKS.COM
Registrar: BULKREGISTER, LLC.
Whois Server: whois.bulkregister.com
Referral URL: http://www.bulkregister.com
Name Server: XS1.XSTRINGS.COM
Name Server: XS2.XSTRINGS.COM
Name Server: XS3.XSTRINGS.COM
Name Server: XS4.XSTRINGS.COM
Status: REGISTRAR-LOCK
Updated Date: 27-mar-2004
Creation Date: 28-mar-2000
Expiration Date: 28-mar-2005
I think that first website they mention is just awful! The usability is terrible, the colour scheme - ugh!
In fact, it's so bad, I think I'll set up a website where we can all share our awful experiences with it. Now what will I call it?
Because com-sucks.com has been registered since around this time in 2000?
Are you sure? My partner L has Type II but is now on an insulin regime; her doctors say that her diabetes is so severe it's a kind of "type 1.5" - ie Type II with a lot of Type I symptoms. Can you tell me more about how you came to this conclusion?
cheers!
If quantum crypto really takes off, 2048-bit keylengths won't help you; we'll basically have to abandon public key cryptography. However, it seems very unlikely at the moment that it will ever be practical to build a quantum computer that can do anything faster than a classical computer.
In general, either
(a) there will be some massive, unexpected breakthrough in PK cryptanalysis, in which case your guesses about what will remain strong and what won't are just as totally worthless as mine, or
(b) there will be no such breakthrough, in which case 2048-bit ECC keylengths would be comically excessive and you're talking out of your arse.
If you don't know about a subject, please refrain from trying to educate others on it - thanks.
SHA-0 and SHA-1 may be useful for your non-cryptographic application. However, it's hard to see that there's any cryptographic purpose you'd recommend them for.
For a lot of purposes, we rely on our hash functions having basically no "interesting" properties at all. An algorithm for finding collisions faster than brute force can only exist if the hash function has "interesting" properties. This violates our assumptions about what we can do with the hash function. There aren't many cryptographic applications for which we can confidently use such a function.
SHA-1 is broken. Gut feeling says it's probably not at a stage where we're going to see real attacks based on the problems, but as the man said it's time to start strolling towards the fire exits.
No-one sane uses 2048-bit ECC keys. ECC is used to provide good security with shorter keys (and shorter encrypted messages and suchlike).
Where you say "characteristic", I take it you mean "order"? These curves are usually built over a field of characteristic 2.
Wish I could get hold of the paper. I'm astonished that the NSA would approve a standard that didn't have a tight reduction to the underlying problem though.
I don't think fighting for your home and family is pathetic.
If it is the second possibility, that journalist is doing a very bad thing. Square brackets should be used to indicate where reported speech or writing has been changed for the reader's convenience. Another example is "I think it [the final episode] is appalling" or "I think [the final episode] is appalling".
Hold up there - where's the bit where you say "oh yes, you're quite right, I'm talking bollocks about the Parliament Act, aren't I? Sorry."
I can now be fined/put in prison if I take my dogs for a walk and they chase a fox
Entirely false - it is not illegal unless there is intent for hunt. That's two for two - does it bother you that you seem to be believing everything the CA tells you?
"A lot of people" is a clear minority of the British population. When the CA tried to take out adverts suggesting that a majority were against hunting, they were censured by the Advertising Standards Authority.
I don't know why people keep saying this, it's so obviously bollocks. The Parliament Act takes years to invoke; it is no good for emergencies. The Lords are supposed to be an amending house, not one that takes decisions; the Parliament Act is there for when it starts acting like no more than the voice of the British upper classes against the will of the people.
The purpose of the Parliament Act has always been to ensure that the Lords cannot frustrate the will of the Commons altogether when they have really set their heart on something, and that's exactly what it was used for.
Wikipedia on the Parliament Act