Last I heard, it look like the Courtois and Pierpzyk attack wouldn't fly. And wasn't that attack *more* effective against Serpent than against Rijndael anyway?
Even the designers of Serpent would say that they believe there are no practical attacks against AES. I voted for Serpent myself, but I still believe Rijndael is an excellent cipher the whole community can rally behind, and overwhelmingly that's what the crypto community is doing.
The attack on WEP depends critically on weak key scheduling in RC4. Substitute an algorithm with a sufficiently strong key schedule, such as AES, and you won't see the same problem.
I agree that "AES" isn't a magic incantation to make things secure, but TBH it's a happy day when we're having to explain that, instead of having to explain why hand-rolling your algorithms isn't such a good plan. With WinZip, it even seems we're having to explain why using a secure encrypt-then-authenticate mode with secure primitives doesn't automatically mean freedom from all attacks - an amazing bit of progress.
The AES process was designed with the help of the worldwide cryptographic community for maximum openness and public participation. The winning algorithm was designed by two Belgians; it's way too simple to hide any chicanery in. It has now seen more cryptanalysis than any other algorithm ever except DES - which, incidentally, IBM/the NSA secretly wired to make *more* secure - and held up well. There's not a reputable cryptographer anywhere in the world who thinks there's a serious chance of AES being broken in a way that would do an attacker any real good.
The NSA approved all five finalists for the AES algorithm. If you really believe they can really break all five, then you might as well give up and start forwarding the plaintext of your email to nsa.gov now.
There's just no sane way to maintain the belief that the NSA somehow rigged the whole thing so they could read your messages. Don't let me deny you your tinfoil hat though.
Crypto 101: don't encrypt any redundant or easy-to-guess data.
Completely wrong. Crypto 101: don't try and work around unknown flaws in the crypto at higher protocol levels - you're doomed to be chasing your tail forever. Use a secure protocol, and rely on it. AES in EAX mode will be secure no matter how redundant or easy-to-guess your data is.
I'm pretty sure your information about Kerberos is wrong - the Kerberos people had better cryptographers than to make a mistake like that. There were other cryptographic mistakes, though - in particular they tried to encrypt and authenticate with a single pass of the block cipher, a problem that wasn't correctly solved until IACBC and IAPM were proposed by Jutla in late 2000.
No, AND is multiplication, but XOR is addition. Thus they form the smallest "ring": in other words, they follow rules like (a + b) * c = (a * c) + (b * c).
I know this is RMS's spin on the history, but it's not true and not fair.
"Free software" and "open source" are synonyms, and there is only one movement. The founders of what you call the "open source movement" were and are members of the free software movement, and like all other members, their goal is the furtherance of software freedom.
They disagree with the founders of that movement on how best to further that freedom, and indeed believe that the misleading name the movement initially chose was such a barrier to that furtherance that it was worth choosing another. But this is no reason to pretend that they are not part of that movement, or that their goal is some other goal than software freedom.
To pretend that the Free Software movement is different from the Open Source movement is as ridiculous as to pretend that liking zucchini is different from liking courgettes.
OK, so it's clear from what you write that contrary to your earlier assertion, ESR has never attacked the ideals of the Free Software movement; he has only talked about problems with the choice of the term "Free Software" to refer to it.
I think you slightly mischaracterise FUD. The pitch would focus on the question of whether BlogsCo will be around in five year's time, implying that no matter what the merits of the competition you risk getting stuck with a product for which you can get no upgrades, no support, no further software. Of course if you stick with Big Blue, they'll be around forever, they'll look after you.
Naturally their customers found that it didn't help them much that Big Blue was still in business if they discontinued the product lines they were using and all support for them...
Oh, and just between you and me, there's a grammar error in your quoted paragraph:-)
Please cite an example of ESR attacking the ideals of free software.
AFAIK he has never said that these ideals are not true or good or proper - the strongest thing he's ever said against them is that they're not always the most effective marketing tool.
ESR is only saying that the choice of term "Free Software" was too misleading to use. To cast this as an attack on the ideals of software freedom is ridiculous.
Microsoft don't have that option. First, they can't be seen to suggest a product which is a direct competitor to their own - they must claim that IIS is best just as they must claim that Windows is best. Second, they especially can't suggest that an Open Source alternative might have any merit. Their whole case is that *all* Open Source is bad.
How many times have I had the conversation "There are too many licensing issues; we don't use any Open Source at our work." -- "What, not even BIND?" -- "Oh, well, yeah, apart from that". There's now an MS alternative to BIND, but it's still used in a lot of places that think they don't use Open Source. It's a useful counter to FUD.
I think all religion is nutzoid. I know people who claim to be in contact with this guy in the sky who created the world and has wishes and plans for everyone. In practice, it seems that those people are often capable of being perfectly rational about other things, so I just ignore their carefully contained madness.
Of course we're speculating based on whatever evidence we have to go on. They don't publish their sources of funding. If they took this basic step of declaring their interests we wouldn't have to speculate about what was really motivating them.
The guy even asked several of the organisations about whether they were funded by Microsoft and received no reply. A reply would have put an end to this speculation.
As it is, this may be poor evidence but it's the best we can do. And given how ridiculous some of the cases they try to make against open-source are, it's not unreasonable to wonder whether they're motivated by something other than a spirit of honest inquiry.
What you describe is like what "wipe" or (AIUI) Eraser does, only not as good. I chose the/dev/zero example precisely because it isn't as effective as "wipe" or other, more secure methods.
I have no intention of explaining Miller-Rabin's strengths to you. Google could answer the question in detail a moment. The choice of learning or noisy ignorance is entirely yours.
FSE, SAC, and all the conferences I know about in the crypto world put out a call for submissions, review the papers to decide which ones to accept for presentation, send out corrections, and have a pre-proceedings binder for all the delegates which you can refer to during the conference to bring you up to date on what was presented. The best presentations make light work of a difficult paper - Adi Shamir's presentation of the A5/1 attack and Tadayoshi Kohno's presentation of the Boomerang Amplifier attack spring to mind.
I think all the articles in journals go under the author's real names, but you sometimes see people cite stuff by authors with made-up names. For example, the initial release of the RC4 design was done by a post under the name "David Sterndark", which referred to a frequent defender of export controls on sci.crypt, "David Sternlight".
Heh. When he started, there were no journals on crypto. I recommend Steven Levy's "Crypto" for a readable introduction to the genesis of the field. Of course Rivest will be following all the journals, but it won't be the only source of his reading list by any means.
Slashdot Mirror
"rubber hose cryptanalysis"
Last I heard, it look like the Courtois and Pierpzyk attack wouldn't fly. And wasn't that attack *more* effective against Serpent than against Rijndael anyway?
Even the designers of Serpent would say that they believe there are no practical attacks against AES. I voted for Serpent myself, but I still believe Rijndael is an excellent cipher the whole community can rally behind, and overwhelmingly that's what the crypto community is doing.
The attack on WEP depends critically on weak key scheduling in RC4. Substitute an algorithm with a sufficiently strong key schedule, such as AES, and you won't see the same problem.
I agree that "AES" isn't a magic incantation to make things secure, but TBH it's a happy day when we're having to explain that, instead of having to explain why hand-rolling your algorithms isn't such a good plan. With WinZip, it even seems we're having to explain why using a secure encrypt-then-authenticate mode with secure primitives doesn't automatically mean freedom from all attacks - an amazing bit of progress.
The AES process was designed with the help of the worldwide cryptographic community for maximum openness and public participation. The winning algorithm was designed by two Belgians; it's way too simple to hide any chicanery in. It has now seen more cryptanalysis than any other algorithm ever except DES - which, incidentally, IBM/the NSA secretly wired to make *more* secure - and held up well. There's not a reputable cryptographer anywhere in the world who thinks there's a serious chance of AES being broken in a way that would do an attacker any real good.
The NSA approved all five finalists for the AES algorithm. If you really believe they can really break all five, then you might as well give up and start forwarding the plaintext of your email to nsa.gov now.
There's just no sane way to maintain the belief that the NSA somehow rigged the whole thing so they could read your messages. Don't let me deny you your tinfoil hat though.
Crypto 101: don't encrypt any redundant or easy-to-guess data.
Completely wrong. Crypto 101: don't try and work around unknown flaws in the crypto at higher protocol levels - you're doomed to be chasing your tail forever. Use a secure protocol, and rely on it. AES in EAX mode will be secure no matter how redundant or easy-to-guess your data is.
I'm pretty sure your information about Kerberos is wrong - the Kerberos people had better cryptographers than to make a mistake like that. There were other cryptographic mistakes, though - in particular they tried to encrypt and authenticate with a single pass of the block cipher, a problem that wasn't correctly solved until IACBC and IAPM were proposed by Jutla in late 2000.
"Go the fuck away! I am working on some bad-ass computer shit right now! I have no time for Team Spirit!"
I agree. I'd say the maximally polite exchange is something like
"Hello?"
"Hi George, it's Paul"
"Hi Paul"
"Is Liz about?"
No, AND is multiplication, but XOR is addition. Thus they form the smallest "ring": in other words, they follow rules like (a + b) * c = (a * c) + (b * c).
I know this is RMS's spin on the history, but it's not true and not fair.
"Free software" and "open source" are synonyms, and there is only one movement. The founders of what you call the "open source movement" were and are members of the free software movement, and like all other members, their goal is the furtherance of software freedom.
They disagree with the founders of that movement on how best to further that freedom, and indeed believe that the misleading name the movement initially chose was such a barrier to that furtherance that it was worth choosing another. But this is no reason to pretend that they are not part of that movement, or that their goal is some other goal than software freedom.
To pretend that the Free Software movement is different from the Open Source movement is as ridiculous as to pretend that liking zucchini is different from liking courgettes.
OK, so it's clear from what you write that contrary to your earlier assertion, ESR has never attacked the ideals of the Free Software movement; he has only talked about problems with the choice of the term "Free Software" to refer to it.
I think you slightly mischaracterise FUD. The pitch would focus on the question of whether BlogsCo will be around in five year's time, implying that no matter what the merits of the competition you risk getting stuck with a product for which you can get no upgrades, no support, no further software. Of course if you stick with Big Blue, they'll be around forever, they'll look after you.
:-)
Naturally their customers found that it didn't help them much that Big Blue was still in business if they discontinued the product lines they were using and all support for them...
Oh, and just between you and me, there's a grammar error in your quoted paragraph
Please cite an example of ESR attacking the ideals of free software.
AFAIK he has never said that these ideals are not true or good or proper - the strongest thing he's ever said against them is that they're not always the most effective marketing tool.
This clarifies things a lot. Thank you.
ESR is only saying that the choice of term "Free Software" was too misleading to use. To cast this as an attack on the ideals of software freedom is ridiculous.
Microsoft don't have that option. First, they can't be seen to suggest a product which is a direct competitor to their own - they must claim that IIS is best just as they must claim that Windows is best. Second, they especially can't suggest that an Open Source alternative might have any merit. Their whole case is that *all* Open Source is bad.
How many times have I had the conversation "There are too many licensing issues; we don't use any Open Source at our work." -- "What, not even BIND?" -- "Oh, well, yeah, apart from that". There's now an MS alternative to BIND, but it's still used in a lot of places that think they don't use Open Source. It's a useful counter to FUD.
I think all religion is nutzoid. I know people who claim to be in contact with this guy in the sky who created the world and has wishes and plans for everyone. In practice, it seems that those people are often capable of being perfectly rational about other things, so I just ignore their carefully contained madness.
Of course we're speculating based on whatever evidence we have to go on. They don't publish their sources of funding. If they took this basic step of declaring their interests we wouldn't have to speculate about what was really motivating them.
The guy even asked several of the organisations about whether they were funded by Microsoft and received no reply. A reply would have put an end to this speculation.
As it is, this may be poor evidence but it's the best we can do. And given how ridiculous some of the cases they try to make against open-source are, it's not unreasonable to wonder whether they're motivated by something other than a spirit of honest inquiry.
"auto"? That'll be one of your funny words for "car"...
The X-Prize is privately funded; it is not a government prize.
What you describe is like what "wipe" or (AIUI) Eraser does, only not as good. I chose the /dev/zero example precisely because it isn't as effective as "wipe" or other, more secure methods.
I have no intention of explaining Miller-Rabin's strengths to you. Google could answer the question in detail a moment. The choice of learning or noisy ignorance is entirely yours.
I'm not Seth - I just think that this story needs to be remembered.
FSE, SAC, and all the conferences I know about in the crypto world put out a call for submissions, review the papers to decide which ones to accept for presentation, send out corrections, and have a pre-proceedings binder for all the delegates which you can refer to during the conference to bring you up to date on what was presented. The best presentations make light work of a difficult paper - Adi Shamir's presentation of the A5/1 attack and Tadayoshi Kohno's presentation of the Boomerang Amplifier attack spring to mind.
I think all the articles in journals go under the author's real names, but you sometimes see people cite stuff by authors with made-up names. For example, the initial release of the RC4 design was done by a post under the name "David Sterndark", which referred to a frequent defender of export controls on sci.crypt, "David Sternlight".
Heh. When he started, there were no journals on crypto. I recommend Steven Levy's "Crypto" for a readable introduction to the genesis of the field. Of course Rivest will be following all the journals, but it won't be the only source of his reading list by any means.