Because we fucking hate the bastards! Slashdot is not a corporate news portal - it's still fundamentally a fan-run advocacy site. It's ludicrous to imagine that Slashdot should pretend to be neutral, or mature, about these things
If the judge basically doesn't extend SCO the benefit of the doubt any further on any of this, how long might it take for the whole thing to be completely dead, stop quivering, be visibly a corpse? How long can SCO continue to drag the threat out before it's dead?
"Energy companies" that own a lot of oil wells tend to be "energy companies" that are quite keen on protecting the value of their investments.
And if fusion delivered what fission failed to - energy too cheap to meter - you can bet it wouldn't be long before significantly less oil was going into automobiles of one sort or another.
Every experienced programmer has this reaction at first. You have to actually try it to find out that it's not the problem you think it is - quite the reverse.
Indentation that mixes spaces and tabs in a way that could cause ambiguity (ie consecutive lines such that neither's indentation is a prefix of the other's) is a syntax error in Python.
All skilled programmers who've never used Python have the reaction you're having. I had it, my friend Jon had it, my Python-loving colleages either side of me felt the same way, and Eric Raymond reports he felt that way too. I see why you imagine that the whitespace thing would be a terrible problem.
But it just isn't, ever; it's actually a real boon. If you were able to get over your prejudice and try it, you'd make the same discovery.
Open source doesn't just mean access to the source code.
Note that opensource.org invented the term "open source" - it was not in use to describe software until they had that meeting where they invented the term - so they certainly get to say what it means.
Your sums are correct, and indeed an 80 bit difficulty is usually considered sufficient to be beyond the reach of any attacker. However, it makes it far from clear that we can have more confidence in 3DES than in AES.
In addition, you have to consider "key collision attacks". Under some circumstances your attacker can arrange for the same text to be encrypted many times with many different keys. They can then attempt a brute force attack where they can efficiently test each guess against any of the keys used. This attack has been used to break the security of ATM machines using a relatively tiny hardware DES cracker. To resist this attack, your keyspace must be larger than the product of the number of keys you use and the number your attacker can test. If you use 500 keys a second, you might generate 2^34 keys in just over a year, at which point the difficulty of breaking one of them is comparable to the difficulty of breaking DES.
Lucifer was vulnerable to a DC attack that reduced the effective strength to around 56 bits.
Coppersmith maintains that the NSA had no hand in designing DES, and all the secret design features turned out to be there to make it stronger (eg against DC, which the IBM team kept secret).
It was known when 3DES was proposed that the "meet in the middle" attack reduced the effective strength to 112 bits. Lucks's attacks reduce that strength to 90 bits. See
When using a fantastically good algorithm is free, why use a worse one? AES is not only vastly more secure than DES, it's also much simpler and somewhat faster.
Diffie and Hellman attacked the short key length of DES from the day it was proposed, arguing for keys of at least 128 bits in length. Michael Wiener proposed a $1 million hardware cracking machine not long afterwards, to demonstrate the vulnerability. People could do the sums even then and see that 56 bits was far from being enough.
AES certainly was designed to be secure. You exaggerate the extent of what people have against it so far by an absolutely gargantuan margin.
In addition, you are clearly unaware of Stefan Lucks's attacks on 3DES, which take it down to about 72 bits of security - far from the 112 it promises. You might as well just use DESX, which is about as strong but three times faster.
Diffie didn't invent knapsack encryption. Diffie and his colleague, Martin Hellman, invented the first public key cryptosystem, Diffie-Hellman, and founded the modern field of cryptography. We all owe them (and Ralph Merkle, who basically did the same things at the same time) an enormous debt.
There were no ITAR limits on key length. The law simply stated that you needed a license to export products that included cryptography; strictly interpreted that would have included a Secret Decoder Ring. It wasn't until Lotus wanted to export Notes with crypto built in that the NSA got involved in the process of making it possible for products that used crypto to be granted export licenses by demanding features such as CDWF, which made it easy for the NSA to break messages while keeping it hard for everyone else.
Lucifer was vulnerable to a differential cryptanalytic attack that reduced the effective key strength to around 56 bits. However, IBM and the NSA kept their knowledge of DC secret until Biham and Shamir rediscovered it in 89.
RSA was invented later. It was never prohibitively slow, though of course it's got much faster over the years.
If you wanted a description of RSA, why didn't you just buy a copy of Scientific American, where it was first published in Martin Gardener's "Mathematical Games" column?
Secrets encrypted properly with an AES-based system should be secure against purely cryptanalytic recovery for on the order of a century or more, if Moore's law holds.
Dr Pike says that the thing he misses most from the 1970s at Bell Labs was the terminal room. Because computers were rare at the time, people did not have them on their desks, but rather went to the room, one side of which was covered with whiteboards, and sat down at a random computer to work. The technical hub of the system became the social hub.
Even/. readers occasionally want to see people face-to-face. Even if we're arranging meetings over IM and bringing WiFi laptops, let's occasionally try to set eyes on other geeks:-)
* In London at least, they have a near-monopoly on cinemas. If you don't like it, stop going to the cinema.
* As I have just discovered, if you don't fancy going through the hoops of using their website, you can jump through the hoops of using their entirely automated, speech-recognition-based phone interface. THERE IS NO OPTION TO SPEAK TO A HUMAN - I tried all the usual tricks.
Usually if a website's shit, I'll just use the phone, and the idiots have to pay the much greater costs of my enquiry. In this instance, there's no such option.
I read the page you referenced. I have never seen such partisan writing from a professional cryptographer! In particular it's a bit off the way he cites Murphy and Robshaw as if to say that they believe the XSL attack is practical, where in fact they go to great lengths to state that they do not believe there is sufficient evidence to claim a break in AES.
I don't think NIST left enough time for the AES process - especially since they asked for something so novel (there were very few 128-bit block ciphers when they put out the call, and there's a lot of ways in which their cryptanalysis is different - integral cryptanalysis being the obvious example). And I confess, I wish that Rijndael had been specified with a Twofish-like S-box (as do, I believe, the designers). But nonetheless, I think we've ended up with a very fine cipher in which we can all have great confidence.
The only writing from Coppersmith on the XSL attack I can find argues against its practicality, can you give me a cite?
We do not know whether the attack is applicable against any ciphers. However, if it will fly, then Serpent falls harder than Rijndael does - a surprising result for everyone, and evidence against the lobby that says "NIST should have gone for Serpent for security, not Rijndael for speed".
I confess at this point that, like Schneier, I'm not 100% certain that no academic attack on Rijndael will be found, but I an 100% confident that no attack that does anyone any good will be found. Indeed, Anderson in his summing up argued not that there was any danger of a practical break in Rijndael but that the risk of an academic attack damaging public confidence was too great.
Remember John Kelsey's observation: in practice, if all the block ciphers in the world were replaced with the famously insecure FEAL-8, on which half the world's cryptographers seem to have cut their teeth, it would probably make almost zero practical difference to the security of the world's cryptosystems because some other part of the system is nearly always easier to attack.
Slashdot Mirror
Because we fucking hate the bastards! Slashdot is not a corporate news portal - it's still fundamentally a fan-run advocacy site. It's ludicrous to imagine that Slashdot should pretend to be neutral, or mature, about these things
If the judge basically doesn't extend SCO the benefit of the doubt any further on any of this, how long might it take for the whole thing to be completely dead, stop quivering, be visibly a corpse? How long can SCO continue to drag the threat out before it's dead?
Actually, with current design the estimated cost of fusion electricity is about double of current price. All due to huge construction costs.
Cite?
"Energy companies" that own a lot of oil wells tend to be "energy companies" that are quite keen on protecting the value of their investments.
And if fusion delivered what fission failed to - energy too cheap to meter - you can bet it wouldn't be long before significantly less oil was going into automobiles of one sort or another.
I hadn't realised that robots had got that good yet.
Still, I for one...
Ah, you haven't tried it, have you?
Every experienced programmer has this reaction at first. You have to actually try it to find out that it's not the problem you think it is - quite the reverse.
What should the drug be called?
I wrote that I wanted such a thing about a couple of years ago - I'm glad they were paying attention!
Indentation that mixes spaces and tabs in a way that could cause ambiguity (ie consecutive lines such that neither's indentation is a prefix of the other's) is a syntax error in Python.
All skilled programmers who've never used Python have the reaction you're having. I had it, my friend Jon had it, my Python-loving colleages either side of me felt the same way, and Eric Raymond reports he felt that way too. I see why you imagine that the whitespace thing would be a terrible problem.
But it just isn't, ever; it's actually a real boon. If you were able to get over your prejudice and try it, you'd make the same discovery.
The population of the world is about 6000000000.
How will he shoot straight?
Please read at least the first line of the Open Source Definition:
Open source doesn't just mean access to the source code.
Note that opensource.org invented the term "open source" - it was not in use to describe software until they had that meeting where they invented the term - so they certainly get to say what it means.
DJBDNS is "disclosed source". Big difference.
No, they're thinking of 2-key 3DES. I've never heard of "DES2".
Your sums are correct, and indeed an 80 bit difficulty is usually considered sufficient to be beyond the reach of any attacker. However, it makes it far from clear that we can have more confidence in 3DES than in AES.
In addition, you have to consider "key collision attacks". Under some circumstances your attacker can arrange for the same text to be encrypted many times with many different keys. They can then attempt a brute force attack where they can efficiently test each guess against any of the keys used. This attack has been used to break the security of ATM machines using a relatively tiny hardware DES cracker. To resist this attack, your keyspace must be larger than the product of the number of keys you use and the number your attacker can test. If you use 500 keys a second, you might generate 2^34 keys in just over a year, at which point the difficulty of breaking one of them is comparable to the difficulty of breaking DES.
I misremembered the efficacy of Lucks's attacks - it's more like 90 bits. See
k s/ papers.html
http://th.informatik.uni-mannheim.de/People/Luc
Lucifer was vulnerable to a DC attack that reduced the effective strength to around 56 bits.
Coppersmith maintains that the NSA had no hand in designing DES, and all the secret design features turned out to be there to make it stronger (eg against DC, which the IBM team kept secret).
It was known when 3DES was proposed that the "meet in the middle" attack reduced the effective strength to 112 bits. Lucks's attacks reduce that strength to 90 bits. See
k s/ papers.html
http://th.informatik.uni-mannheim.de/People/Luc
When using a fantastically good algorithm is free, why use a worse one? AES is not only vastly more secure than DES, it's also much simpler and somewhat faster.
Diffie and Hellman attacked the short key length of DES from the day it was proposed, arguing for keys of at least 128 bits in length. Michael Wiener proposed a $1 million hardware cracking machine not long afterwards, to demonstrate the vulnerability. People could do the sums even then and see that 56 bits was far from being enough.
AES certainly was designed to be secure. You exaggerate the extent of what people have against it so far by an absolutely gargantuan margin.
In addition, you are clearly unaware of Stefan Lucks's attacks on 3DES, which take it down to about 72 bits of security - far from the 112 it promises. You might as well just use DESX, which is about as strong but three times faster.
Diffie didn't invent knapsack encryption. Diffie and his colleague, Martin Hellman, invented the first public key cryptosystem, Diffie-Hellman, and founded the modern field of cryptography. We all owe them (and Ralph Merkle, who basically did the same things at the same time) an enormous debt.
There were no ITAR limits on key length. The law simply stated that you needed a license to export products that included cryptography; strictly interpreted that would have included a Secret Decoder Ring. It wasn't until Lotus wanted to export Notes with crypto built in that the NSA got involved in the process of making it possible for products that used crypto to be granted export licenses by demanding features such as CDWF, which made it easy for the NSA to break messages while keeping it hard for everyone else.
Lucifer was vulnerable to a differential cryptanalytic attack that reduced the effective key strength to around 56 bits. However, IBM and the NSA kept their knowledge of DC secret until Biham and Shamir rediscovered it in 89.
RSA was invented later. It was never prohibitively slow, though of course it's got much faster over the years.
If you wanted a description of RSA, why didn't you just buy a copy of Scientific American, where it was first published in Martin Gardener's "Mathematical Games" column?
Secrets encrypted properly with an AES-based system should be secure against purely cryptanalytic recovery for on the order of a century or more, if Moore's law holds.
Dr Pike says that the thing he misses most from the 1970s at Bell Labs was the terminal room. Because computers were rare at the time, people did not have them on their desks, but rather went to the room, one side of which was covered with whiteboards, and sat down at a random computer to work. The technical hub of the system became the social hub.
/. readers occasionally want to see people face-to-face. Even if we're arranging meetings over IM and bringing WiFi laptops, let's occasionally try to set eyes on other geeks :-)
Even
* In London at least, they have a near-monopoly on cinemas. If you don't like it, stop going to the cinema.
* As I have just discovered, if you don't fancy going through the hoops of using their website, you can jump through the hoops of using their entirely automated, speech-recognition-based phone interface. THERE IS NO OPTION TO SPEAK TO A HUMAN - I tried all the usual tricks.
Usually if a website's shit, I'll just use the phone, and the idiots have to pay the much greater costs of my enquiry. In this instance, there's no such option.
Wankers!
I read the page you referenced. I have never seen such partisan writing from a professional cryptographer! In particular it's a bit off the way he cites Murphy and Robshaw as if to say that they believe the XSL attack is practical, where in fact they go to great lengths to state that they do not believe there is sufficient evidence to claim a break in AES.
I don't think NIST left enough time for the AES process - especially since they asked for something so novel (there were very few 128-bit block ciphers when they put out the call, and there's a lot of ways in which their cryptanalysis is different - integral cryptanalysis being the obvious example). And I confess, I wish that Rijndael had been specified with a Twofish-like S-box (as do, I believe, the designers). But nonetheless, I think we've ended up with a very fine cipher in which we can all have great confidence.
The only writing from Coppersmith on the XSL attack I can find argues against its practicality, can you give me a cite?
We do not know whether the attack is applicable against any ciphers. However, if it will fly, then Serpent falls harder than Rijndael does - a surprising result for everyone, and evidence against the lobby that says "NIST should have gone for Serpent for security, not Rijndael for speed".
I confess at this point that, like Schneier, I'm not 100% certain that no academic attack on Rijndael will be found, but I an 100% confident that no attack that does anyone any good will be found. Indeed, Anderson in his summing up argued not that there was any danger of a practical break in Rijndael but that the risk of an academic attack damaging public confidence was too great.
Remember John Kelsey's observation: in practice, if all the block ciphers in the world were replaced with the famously insecure FEAL-8, on which half the world's cryptographers seem to have cut their teeth, it would probably make almost zero practical difference to the security of the world's cryptosystems because some other part of the system is nearly always easier to attack.