Micropayments are bad because people don't want to have to worry about the cost of every click; the effort of considering whether a purchase is worth the money ("mental transaction cost") should not outweigh the value of the money spent.
Microdonations are fine though, because you donate what you want when you want, and click away freely knowing that each click costs you nothing.
Whether anyone can make enough money out of microdonations to be worth it I don't know, but I don't think the arguments against micropayments apply here. There's also some interesting issues with the legal infrastructure needed to reassure the donator that anyone trying to get my microdonations by passing off pirated content as their own is going to get sued for it; I suspect trusted intermediaries are needed. --
This is nice in some ways, but it seems pretty bizarre to go to all this effort to teach them decimal and kilograms. Why not make things more universal by using binary exclusively for numbers? Why not use a more "universal" measure of weight, like the weight of a proton? Why go to the effort of teaching them meters, seconds, and kilograms?
Sheesh, they even use superscript notation for exponents! Just explain about brackets, and use "^"! --
The main purpose of radomes is to make it more difficult for us to know where they're pointing their dishes. I can't offhand think of any non-spook projects that use them, and I guess that's the reason. --
It is possible to see a virgin Slashdot story, with no responses, and resist the temptation to reach for the "Reply" button. I've done it. It's possible.
Just *damn* hard! But so far I've resisted the FP urge... --
If you don't have data that could result in loss of life for others, then not using a deniable system means you can prove that you don't have it to someone who might otherwise kill you for it.
Deniability is pretty tricky stuff. Of course deniable crypto systems should work against a judge, who can't punish you just because they suspect you're holding back but can't prive it. In theory anyway. --
Oddly enough, Ireland is not as bad on this point as you might think. The age of consent in ROI is the same (16) regardless of sexuality, whereas here in the UK it's still 18 for gay men and 16 for heterosexuals.
I still wouldn't want to live in Ireland, but that's more for cultural reasons. --
The first is probably no longer the best place to start from for crypto info, but the other two are pretty interesting and I hadn't seen them before. I don't see anything there about a further root two improvement on Grover's algorithm though.
I apologise for being ruder than I should have been - it was meant to be funnier and less harsh, too much caffeine. But I *do* wish people wouldn't post opinions on the difficulty of cryptanalytic problems that are based on no good evidence. --
Correct. I can't remember the name of the algorithm now - Grove's algorithm? Anyway, yes, for arbitrary such problems the search time is on the square root of the search space for a quantum computer, so it only takes 2^64 steps to test all 128-bit keys. Which is why 256-bit AES will be strong for a while... --
I don't normally try to emulate Bob Silverman (factorisation expert and great sci.crypt flamer) but, uh, where does that opinion come from, and does the sun shine there?
If you've any basis for that belief at all, I'd love to hear it...
Deniable systems are bad against rubberhose attacks. Supposing your denials are true, but your attacker doesn't believe you and thinks you've only revealed your duress key and there's a true key you're holding back? --
"Let's face it; once quantum computing comes online, all cryptography is defunct."
Simply false. With what's currently known, public-key algorithms might be in trouble, but the secret-key stuff works just fine if we double the key lengths. 256-bit AES should be fine.
And even for public key stuff, "defunct" is massively overstating it. --
Thanks for the comment, and you're right to criticise my imprecise use of the term. In my defence I can only say that David Jablon, designer of B-SPEKE, employs similarly imprecise terminology, though Thomas Wu of SRP avoids it.
Work continues on password protocols about which good things can be proven: check out Stefan Lucks's Open Key Exchange for a password protocol that uses a simulator-based argument under the Random Oracle model to prove that finding a more efficient attack is dependent on breaking the underlying public key cryptosystem. AMP is another proposal in the works. --
Clarke himself has said that Kubrick deserves more credit for the vision of the future in 2001, and the fundamental story ideas, than he does. "The Sentinel" is the germ of an idea, but 2001 is the whole damn tree, cut down and made into a mind-bending sculpture with lots of extra added bits. Clarke certainly deserves a prominent credit, but fundamentally it's Kubrick's film.
I'm sorry, but for the main part it seems like interpreting Bruce Schneier's motto "Security is a process, not a product" to mean that therefore all products are insecure and we should panic. It's hardly news that these products don't drop into place and create perfect security. No measure is perfect; what's wonderful is that when you use these measures, it gives an attacker headaches like greater expense and difficulty and a better chance of being caught, and that's what computer security is really all about.
Now I think there's a lot to be said for articles that detail the ways someone might try and mount attacks that circumvent the protection offered by these measures, so that you know how to gain the most protection from them, but presenting it in the form of alarmism about sensible security precautions is irresponsible.
Also, there's at least one important error in this article: Unlike SRP, B-SPEKE et al, Kerberos is *not* a ZKP password protocol. The Kerberos password protocol, IIRC, is a "weak" password protocol that allows offline dictionary attacks where no extra authentication information exists at the client end. Seifreid interviewed the creator of SRP last year (sorry, can't find URL just now), but I'm not sure he "gets it" about why SRP and friends are so great. --
which takes you straight to the article without JavaScript.
However, the article gives most attention to the Approval and Borda alternatives to plurality, both of which are pretty flawed. Check out electionmethods.org for a very thorough analysis. --
AFAICT this article is wholly correct, point by point, and entirely the right response to the alarmism it counters. Plaudits to the author.
I said this last time, but it may be worth emphasising again: we do have other tools that can address this, tools that allow both client and server to authenticate each other without the user having to remember any more than their passphrase. These tools are called "strong password protocols". The best known is SRP, but others exist or are in development, including B-SPEKE and AMP, and while they are already efficient and seem damn secure work is proceeding to make them even faster and give us better guarantees of security.
Where one end can't carry around good strong information for authentication, like a user logging onto a previously untrusted computer knowing only a passphrase, strong password authentication is the appropriate solution. --
The Code Book doesn't talk about modern crypto much; it's mainly confined to the last chapter, which is mostly about RSA.
I'd like evidence for what you assert. Everyone thought that the DES S-boxes were "cooked" to give the NSA a back door into the cipher, until we discovered differential cryptanalysis and found that the S-boxes had been arranged to lend resistance to it. I think what they have contributed is as strong as they claim it to be.
I'm no fan of the NSA, quite the opposite, but I'd just like to do my bit to resist the spread of crypto-paranoia. --
Clearly, reducing the number of packages that come with the distribution would be a stupid way to address this. When I want to install my favourite pager, I don't want to be told that it has "helpfully" been removed in favour of a "standard" one, I want the pager I'm used to.
However, when I first decide I want a pager (or suchlike), I find the choice Debian offers me pretty daunting. Sometimes I just wish Debian could recommend one for me, the same way it recommends exim among the MTAs. Now, Debian offers a priority system, so maybe I should choose the one marked "optional" rather than the ones marked "extra". But while offering a big choice is good, it would also be a good thing to offer a way of *reducing* that choice in favour of judgement calls made by people who know the packages better than me. Hiding packages marked "extra" might be enough.
I also agree with the person who pointed out that the granularity at which Debian packages offer is finer than that at which we want to choose them. In general, I don't care about, say, xserver-common; by itself, it doesn't do anything for me. I'd like Debian to arrange for it to be installed if and only if it is needed by packages I do care about (like task-x-window-system-core) without ever bringing it to my attention.
All of this requires lots of tricky infrastructure. It's not through laziness or stupidity that Debian doesn't already do this; it's because they already have enough problems to solve! --
Slashdot Mirror
Micropayments are bad because people don't want to have to worry about the cost of every click; the effort of considering whether a purchase is worth the money ("mental transaction cost") should not outweigh the value of the money spent.
Microdonations are fine though, because you donate what you want when you want, and click away freely knowing that each click costs you nothing.
Whether anyone can make enough money out of microdonations to be worth it I don't know, but I don't think the arguments against micropayments apply here. There's also some interesting issues with the legal infrastructure needed to reassure the donator that anyone trying to get my microdonations by passing off pirated content as their own is going to get sued for it; I suspect trusted intermediaries are needed.
--
This is nice in some ways, but it seems pretty bizarre to go to all this effort to teach them decimal and kilograms. Why not make things more universal by using binary exclusively for numbers? Why not use a more "universal" measure of weight, like the weight of a proton? Why go to the effort of teaching them meters, seconds, and kilograms?
Sheesh, they even use superscript notation for exponents! Just explain about brackets, and use "^"!
--
The main purpose of radomes is to make it more difficult for us to know where they're pointing their dishes. I can't offhand think of any non-spook projects that use them, and I guess that's the reason.
--
It is possible to see a virgin Slashdot story, with no responses, and resist the temptation to reach for the "Reply" button. I've done it. It's possible.
Just *damn* hard! But so far I've resisted the FP urge...
--
Stop Prisoner Rape has more information along the lines of what you're looking for. I don't think you'll find it as pleasing as you hope, though.
-1, Offtopic and bang goes some Karma, never to be recovered, but prisoner rape is less funny than you might imagine.
--
If you don't have data that could result in loss of life for others, then not using a deniable system means you can prove that you don't have it to someone who might otherwise kill you for it.
Deniability is pretty tricky stuff. Of course deniable crypto systems should work against a judge, who can't punish you just because they suspect you're holding back but can't prive it. In theory anyway.
--
Oddly enough, Ireland is not as bad on this point as you might think. The age of consent in ROI is the same (16) regardless of sexuality, whereas here in the UK it's still 18 for gay men and 16 for heterosexuals.
I still wouldn't want to live in Ireland, but that's more for cultural reasons.
--
The first is probably no longer the best place to start from for crypto info, but the other two are pretty interesting and I hadn't seen them before. I don't see anything there about a further root two improvement on Grover's algorithm though.
I apologise for being ruder than I should have been - it was meant to be funnier and less harsh, too much caffeine. But I *do* wish people wouldn't post opinions on the difficulty of cryptanalytic problems that are based on no good evidence.
--
Correct. I can't remember the name of the algorithm now - Grove's algorithm? Anyway, yes, for arbitrary such problems the search time is on the square root of the search space for a quantum computer, so it only takes 2^64 steps to test all 128-bit keys. Which is why 256-bit AES will be strong for a while...
--
I don't normally try to emulate Bob Silverman (factorisation expert and great sci.crypt flamer) but, uh, where does that opinion come from, and does the sun shine there?
If you've any basis for that belief at all, I'd love to hear it...
--
Deniable systems are bad against rubberhose attacks. Supposing your denials are true, but your attacker doesn't believe you and thinks you've only revealed your duress key and there's a true key you're holding back?
--
"Let's face it; once quantum computing comes online, all cryptography is defunct."
Simply false. With what's currently known, public-key algorithms might be in trouble, but the secret-key stuff works just fine if we double the key lengths. 256-bit AES should be fine.
And even for public key stuff, "defunct" is massively overstating it.
--
Nobody smart enough to put this argument as well as this could be stupid enough to believe it for a moment, so please cut it with the trolling.
--
I stand corrected. Thanks.
--
My DOB is on my Web pages. Figure it out.
--
See my comment Zero Knowledge - you are right, but... in response to your response to me.
It's important to emphasise that SRP is *much* better than Kerberos, this caveat notwithstanding.
--
Thanks for the comment, and you're right to criticise my imprecise use of the term. In my defence I can only say that David Jablon, designer of B-SPEKE, employs similarly imprecise terminology, though Thomas Wu of SRP avoids it.
Work continues on password protocols about which good things can be proven: check out Stefan Lucks's Open Key Exchange for a password protocol that uses a simulator-based argument under the Random Oracle model to prove that finding a more efficient attack is dependent on breaking the underlying public key cryptosystem. AMP is another proposal in the works.
--
Clarke himself has said that Kubrick deserves more credit for the vision of the future in 2001, and the fundamental story ideas, than he does. "The Sentinel" is the germ of an idea, but 2001 is the whole damn tree, cut down and made into a mind-bending sculpture with lots of extra added bits. Clarke certainly deserves a prominent credit, but fundamentally it's Kubrick's film.
2001 the book was written after the film.
--
I'm sorry, but for the main part it seems like interpreting Bruce Schneier's motto "Security is a process, not a product" to mean that therefore all products are insecure and we should panic. It's hardly news that these products don't drop into place and create perfect security. No measure is perfect; what's wonderful is that when you use these measures, it gives an attacker headaches like greater expense and difficulty and a better chance of being caught, and that's what computer security is really all about.
Now I think there's a lot to be said for articles that detail the ways someone might try and mount attacks that circumvent the protection offered by these measures, so that you know how to gain the most protection from them, but presenting it in the form of alarmism about sensible security precautions is irresponsible.
Also, there's at least one important error in this article: Unlike SRP, B-SPEKE et al, Kerberos is *not* a ZKP password protocol. The Kerberos password protocol, IIRC, is a "weak" password protocol that allows offline dictionary attacks where no extra authentication information exists at the client end. Seifreid interviewed the creator of SRP last year (sorry, can't find URL just now), but I'm not sure he "gets it" about why SRP and friends are so great.
--
First, you may prefer to use this URL
http://www.discover.com/nov_00/featbestman.html
which takes you straight to the article without JavaScript.
However, the article gives most attention to the Approval and Borda alternatives to plurality, both of which are pretty flawed. Check out electionmethods.org for a very thorough analysis.
--
AFAICT this article is wholly correct, point by point, and entirely the right response to the alarmism it counters. Plaudits to the author.
I said this last time, but it may be worth emphasising again: we do have other tools that can address this, tools that allow both client and server to authenticate each other without the user having to remember any more than their passphrase. These tools are called "strong password protocols". The best known is SRP, but others exist or are in development, including B-SPEKE and AMP, and while they are already efficient and seem damn secure work is proceeding to make them even faster and give us better guarantees of security.
Where one end can't carry around good strong information for authentication, like a user logging onto a previously untrusted computer knowing only a passphrase, strong password authentication is the appropriate solution.
--
The Code Book doesn't talk about modern crypto much; it's mainly confined to the last chapter, which is mostly about RSA.
I'd like evidence for what you assert. Everyone thought that the DES S-boxes were "cooked" to give the NSA a back door into the cipher, until we discovered differential cryptanalysis and found that the S-boxes had been arranged to lend resistance to it. I think what they have contributed is as strong as they claim it to be.
I'm no fan of the NSA, quite the opposite, but I'd just like to do my bit to resist the spread of crypto-paranoia.
--
Looking at the way I use my fingers when I touch type, shouldn't it be
q=[ w=p e=o r=i t=u y=y (you have t=y)
a=; s=l d=k f=j g=h (as you have)
z=. x=, c=m v=n b=b (you have b=n)
?
It costs an extra key and extra width, but I would have thought it would be worth it?
--
The NSA actually contribute a surprising amount to our open knowledge. They're not exactly a University department, but there are several examples.
--
Clearly, reducing the number of packages that come with the distribution would be a stupid way to address this. When I want to install my favourite pager, I don't want to be told that it has "helpfully" been removed in favour of a "standard" one, I want the pager I'm used to.
However, when I first decide I want a pager (or suchlike), I find the choice Debian offers me pretty daunting. Sometimes I just wish Debian could recommend one for me, the same way it recommends exim among the MTAs. Now, Debian offers a priority system, so maybe I should choose the one marked "optional" rather than the ones marked "extra". But while offering a big choice is good, it would also be a good thing to offer a way of *reducing* that choice in favour of judgement calls made by people who know the packages better than me. Hiding packages marked "extra" might be enough.
I also agree with the person who pointed out that the granularity at which Debian packages offer is finer than that at which we want to choose them. In general, I don't care about, say, xserver-common; by itself, it doesn't do anything for me. I'd like Debian to arrange for it to be installed if and only if it is needed by packages I do care about (like task-x-window-system-core) without ever bringing it to my attention.
All of this requires lots of tricky infrastructure. It's not through laziness or stupidity that Debian doesn't already do this; it's because they already have enough problems to solve!
--