Nitpick: you don't encrypt things with private keys. This confusion arises because of a neat symmetry in the way the RSA operation works. However, in practice the way you encrypt with RSA is completely different to the way you sign with it, and of course RSA is by no means the only public-key primitive.
In this instance I guess it would be a zero-knowledge challenge-response identity protocol, as another poster indicated.
The tamper resistance of these cards can be defeated, but I think you'd have a hard time getting the information out using a small, disposable bit of electronics in the brief time you have access to the card.
Especially since, to work properly, the card has to be in contact with the *real* reader, and thus not with the fake one. The cute thing about swiping is that you can read the magnetic strip as it goes by.
If you could get prolonged access, I think Differential Power Analysis would be more fruitful than a fault-based attack.
I'll buy this if all impediments to me switching providers in a day are removed. For dial-up Internet, I'll take a no tech support service so long as it's providing nothing but access (no email, Web hosting or suchlike) and I pay by the day or by the minute. That way, if your service breaks I can just try another provider and forget about you.
What you're describing is the basis of PageRank: links from sites with high Google karma will increase your Google karma, but a link from a site with zero karma will have no effect. You don't have to eliminate the cycles in the graph before you iterate - instead, you have a fixed "signal strength" reduction which guarantees that the iterations will converge on a single solution. It's an eigenvector finding problem. Read the original PageRank paper, or the explanation in Raph Levien's PhD. thesis.
No-one is going to spend billions of dollars up front on a device that would protect us in the unlikely event of an impending asteroid collision. I'd recommend anyone wanting to do conceptual design to solve this problem assume that *no* precautions have been taken in advance, the asteroid has been discovered by an amateur astronomer about as late as you might expect... but that, in the remaining few weeks, the budget with which to build and launch their rescue plan is a few trillion dollars.
But if you already know Python and are interested in getting into Perl, learn 5 now. 6 is designed for the people who know 5, and it'll be a GOOD LONG WHILE before 6 is the recommended version, so learn 5 and then see if you can get involved in making 6 happen faster.
I'd use Wireless USB in preference to Bluetooth if they can get the crypto and security right. The key exchange is messed up, the encryption they used has real problems, and they elected not to include the most important component - strong authentication - meaning that it's possible (for example) for someone to inject false keystrokes if you use a Bluetooth keyboard. (about Bluetooth securitySchneier talks about the keyboard injection attack)
What I want to hear is that David Wagner, Ross Anderson and Don Coppersmith have been called in to design the security for this new protocol. Then we might see something half decent.
No, this is free software. Those who don't like the license change would always have the option of forking at the point before the change, and indeed it seems OpenBSD plan on doing exactly that. TBH I suspect that will be the major route for a while because it will take freedesktop.org a little while to be really ready for prime time.
First, most people are voyeuristic enough to enjoy watching other people having sex. But in practice two of you tend to gang up on a third and do things to/with/for them, and all three roles are fun.
Larger groups are fun too, but it doesn't seem to come down to pairing up usually.
I don't really understand why anyone uses RSA ever. For both signing and encryption there are Rabin variants faster than RSA provably as hard as factoring (and thus definitely at least as secure as RSA if not more so).
And yes, this is a "fair" contest. I'm glad that Slashdoteers have got the message that cracking contests are generally bullshit, but this is one of the exceptions - this prize genuinely fosters research rather than trying to take its place.
It is necessarily true that there are infinitely many MD5 collisions, by the pidgeonhole principle. However, there may be specific 128-bit strings that have 0 or 1 MD5 preimages.
I'm not really convinced by the cryptography in this paper. It's good that Wagner has read it but I wouldn't interpret that as meaning he's put his seal of approval on it.
Incidentally, I presented a paper on disk sector encryption at FSE 2000, you can read it here:
Any protocol based on IP has to handle out-of-order, missing, and duplicated packets. Using IPSec, you know that you do not have to deal with fabricated packets, and that an attacker cannot directly know anything about the content of the packets, only the timing and length.
Slashdot Mirror
Clearly my karma whoring skills have grown fuzzy over the years :-) or most likely, I just didn't get in early enough.
Nitpick: you don't encrypt things with private keys. This confusion arises because of a neat symmetry in the way the RSA operation works. However, in practice the way you encrypt with RSA is completely different to the way you sign with it, and of course RSA is by no means the only public-key primitive.
In this instance I guess it would be a zero-knowledge challenge-response identity protocol, as another poster indicated.
The tamper resistance of these cards can be defeated, but I think you'd have a hard time getting the information out using a small, disposable bit of electronics in the brief time you have access to the card.
Especially since, to work properly, the card has to be in contact with the *real* reader, and thus not with the fake one. The cute thing about swiping is that you can read the magnetic strip as it goes by.
If you could get prolonged access, I think Differential Power Analysis would be more fruitful than a fault-based attack.
That tactic won't work against PageRank - the "tiny sites" will have low rank, so they won't help increase the rank of the site they link to.
I'll buy this if all impediments to me switching providers in a day are removed. For dial-up Internet, I'll take a no tech support service so long as it's providing nothing but access (no email, Web hosting or suchlike) and I pay by the day or by the minute. That way, if your service breaks I can just try another provider and forget about you.
Yes! Thank-you! Catch-22 is a much better comparison than 1984.
What you're describing is the basis of PageRank: links from sites with high Google karma will increase your Google karma, but a link from a site with zero karma will have no effect. You don't have to eliminate the cycles in the graph before you iterate - instead, you have a fixed "signal strength" reduction which guarantees that the iterations will converge on a single solution. It's an eigenvector finding problem. Read the original PageRank paper, or the explanation in Raph Levien's PhD. thesis.
No-one is going to spend billions of dollars up front on a device that would protect us in the unlikely event of an impending asteroid collision. I'd recommend anyone wanting to do conceptual design to solve this problem assume that *no* precautions have been taken in advance, the asteroid has been discovered by an amateur astronomer about as late as you might expect... but that, in the remaining few weeks, the budget with which to build and launch their rescue plan is a few trillion dollars.
Naah, learn Python. :-)
But if you already know Python and are interested in getting into Perl, learn 5 now. 6 is designed for the people who know 5, and it'll be a GOOD LONG WHILE before 6 is the recommended version, so learn 5 and then see if you can get involved in making 6 happen faster.
I'd use Wireless USB in preference to Bluetooth if they can get the crypto and security right. The key exchange is messed up, the encryption they used has real problems, and they elected not to include the most important component - strong authentication - meaning that it's possible (for example) for someone to inject false keystrokes if you use a Bluetooth keyboard. (about Bluetooth security Schneier talks about the keyboard injection attack)
What I want to hear is that David Wagner, Ross Anderson and Don Coppersmith have been called in to design the security for this new protocol. Then we might see something half decent.
No, this is free software. Those who don't like the license change would always have the option of forking at the point before the change, and indeed it seems OpenBSD plan on doing exactly that. TBH I suspect that will be the major route for a while because it will take freedesktop.org a little while to be really ready for prime time.
Thankfully, this is bull. I'm a nice guy and I've never found it got in the way of getting laid a lot - quite the reverse.
First, most people are voyeuristic enough to enjoy watching other people having sex. But in practice two of you tend to gang up on a third and do things to/with/for them, and all three roles are fun.
Larger groups are fun too, but it doesn't seem to come down to pairing up usually.
Bignum math would benefit enormously, but it's an atypical application...
I don't really understand why anyone uses RSA ever. For both signing and encryption there are Rabin variants faster than RSA provably as hard as factoring (and thus definitely at least as secure as RSA if not more so).
And yes, this is a "fair" contest. I'm glad that Slashdoteers have got the message that cracking contests are generally bullshit, but this is one of the exceptions - this prize genuinely fosters research rather than trying to take its place.
You can do ECC without infringing Certicom's patents pretty easily. Look for Roger Schafly's postings on the subject in sci.crypt.
As well as giving you your coordinates in space, GPS receivers can report time very precisely.
Thanks! Let me just print that out for future reference.
Hmm, seem to be having problems...
http://www.cs.berkeley.edu/~daw/my-posts/crypt-col lision
It is necessarily true that there are infinitely many MD5 collisions, by the pidgeonhole principle. However, there may be specific 128-bit strings that have 0 or 1 MD5 preimages.
Is it not bleeding obvious that the writer was taking the piss?
For the record, Izzard is heterosexual.
I'm not really convinced by the cryptography in this paper. It's good that Wagner has read it but I wouldn't interpret that as meaning he's put his seal of approval on it.
Incidentally, I presented a paper on disk sector encryption at FSE 2000, you can read it here:
http://www.ciphergoth.org/crypto/mercy/
That'll be because we all karma-whored ourselves into the stratosphere back when the system was comprehensible...
Any protocol based on IP has to handle out-of-order, missing, and duplicated packets. Using IPSec, you know that you do not have to deal with fabricated packets, and that an attacker cannot directly know anything about the content of the packets, only the timing and length.