unbreakable (or at least impractical) encryption is possible
We don't actually know this. We don't have a proof that any suitable computationally intractable problems exist. It seems very likely, but I wouldn't want to state it with certainty without proof.
I think you're blowing up a terminological inexactitude into more than it is. They used "private key" where they meant "shared symmetric secret key".
Also you shouldn't refer to signing and verification as "encryption" and "decryption" because they're semantically very different things. Both RSA encryption and RSA verification use the RSA public-key operation, but to be secure they must also use padding and the padding system for an encryption scheme will be different than that for a signature scheme. It's also bad to use the same key as an encryption and as a signing key.
As a last nitpick, AFAIK there are no PK systems for which brute force is the most effective attack. If such a scheme existed it could use really short keys, like the 128-bit keys used in symmetric cryptosystems. Every PK system I know of uses keys at least twice that length.
RSA get the credit because they brought the concept to science. Similarly, Biham and Shamir get the credit for differential cryptanalysis. If you invent it and keep it secret you don't get the credit; that's the cost of the Faustian bargain you made with the security services.
Rabin invented the Rabin public key cryptosystem, and IDA.
IDA is not like secret sharing.
With secret sharing, you have a secret, which you break up into shares. You can decide how many shares you need to reconstruct the secret when you break it up. Without the right number of shares, you know nothing about the secret. But the big difference is that EACH SHARE IS SLIGHTLY BIGGER THAN THE INITIAL SECRET.
With IDA, you have lots of data. You break it up into chunks. EACH CHUNK IS SMALL COMPARED TO THE SIZE OF THE INITIAL DATA. The total size of the chunks is bigger than the size of the data. When the chunks you have add up to a size slightly bigger than the initial data, you can reconstruct the initial data.
Yes, I can help. Learn a different programming language!
Seriously. You only re-use code in C when you really, really have to, because it's so intensely painful to do, and writing libraries is difficult and tiresome. Every time you want to pass a reference around, you have to decide who's going to free() it. If you want to get in the habit of reusing other people's code, learn a language with a stronger re-use culture. You should anyway; far too much new code is written in C when there are better alternatives with automatic memory management.
I like Python, but you might choose Ruby, or Java, or C#, or Haskell, or OCaml, or even Perl. In any of these languages, you'll quickly get into the habit of seeing if someone's already solved your problem, because code re-use is so much less painful.
We used to dream of having a cubicle! Would have been a palace to us.
I want to take a photo of our office - nearly twenty people in little desk groups, no partitions anywhere - and post it so all these Americans can realize how lucky they are...
People have been happily predicting ubiquitous crypto for many years, but recently they don't so much, because they noticed that things haven't made any progress in that direction for the last decade or so. See Where has all the crypto gone?, a Usenix paper from five years ago, and ask yourself what progress has been made since then.
Don't get me wrong, I'd love to see it, but I'm not optimistic that it'll "just happen".
"You don't need to be a Kreskin to predict Itanium's future. The hand writing has been on the wall since at least December 2004, when Hewlett-Packard handed over development and ownership of the Itanium platform to Intel. Soon after, vendors including IBM, Microsoft, and Dell began withdrawing their support for the Itanium processor.
Let's keep to the facts and look at the numbers.
# Chip speed of 1.6 GHz, down from the originally expected 2.4 GHz # Front side bus speed of 400 MHz, down from 667 MHz # On-chip Level 3 cache, down from 24 MB (12 MB per core) to an undisclosed number
All major surveys show that Itanium has steadily declined in market share.
MD5 is not the problem. The trouble with using a system like this is that if you can be fooled into trying to log in to the wrong server, then they can capture your password, because it has to be sent in a form the server understands and can verify against.
The right approach is something like SRP, which uses your password to negotiate a secure tunnel, in such a way that anyone who doesn't have the password, and doesn't guess it correctly during the negotiation phase, doesn't learn it and can't even take a new guess until next time there's a login attempt. This means that even relatively weak passwords gain a lot of security, because it's easy to limit the number of guesses the attacker is allowed.
If ssh used SRP, then you wouldn't have to worry about whether the remote host key is right, or whether it's changed - the fact that you manage to negotiate a proper session with them using your password means that they're a legit host.
Ship with an old-style FAT filesystem, without vfat. VFAT is backwards compatible, so the devices can write to it just as if it's VFAT.
The device manufacturers will have to pay, but not the media manufacturers.
The irony is that what M$ have patented is their workaround for their own fuckup. And people used it not because it was good, but to stay compatible with them. Get into bed with Microsoft and they will screw you.
I need to persuade my psychologist friends who've been arguing this stuff to put up a web page somewhere collecting their detailed refutations and counter-arguments in response to Rieger's paper. If you haven't read it already, I recommend you do so - the blatant way in which the analysis is chosen to support the desired conclusions should jump out at you. But the more detailed analysis by those versed in the field is worth reading too.
The closest related link I can find ATM is this one, but it's only tangentally related:
Slashdot Mirror
unbreakable (or at least impractical) encryption is possible
We don't actually know this. We don't have a proof that any suitable computationally intractable problems exist. It seems very likely, but I wouldn't want to state it with certainty without proof.
I think you're blowing up a terminological inexactitude into more than it is. They used "private key" where they meant "shared symmetric secret key".
Also you shouldn't refer to signing and verification as "encryption" and "decryption" because they're semantically very different things. Both RSA encryption and RSA verification use the RSA public-key operation, but to be secure they must also use padding and the padding system for an encryption scheme will be different than that for a signature scheme. It's also bad to use the same key as an encryption and as a signing key.
As a last nitpick, AFAIK there are no PK systems for which brute force is the most effective attack. If such a scheme existed it could use really short keys, like the 128-bit keys used in symmetric cryptosystems. Every PK system I know of uses keys at least twice that length.
Er, to whom are you explaining the joke?
I think people would look down on you if you took money and pocketed it. But I think giving the money to a worthy cause (like the FSF) is fine.
RSA get the credit because they brought the concept to science. Similarly, Biham and Shamir get the credit for differential cryptanalysis. If you invent it and keep it secret you don't get the credit; that's the cost of the Faustian bargain you made with the security services.
Rivest, Shamir, Adleman invented RSA.
Shamir invented secret sharing.
Rabin invented the Rabin public key cryptosystem, and IDA.
IDA is not like secret sharing.
With secret sharing, you have a secret, which you break up into shares. You can decide how many shares you need to reconstruct the secret when you break it up. Without the right number of shares, you know nothing about the secret. But the big difference is that EACH SHARE IS SLIGHTLY BIGGER THAN THE INITIAL SECRET.
With IDA, you have lots of data. You break it up into chunks. EACH CHUNK IS SMALL COMPARED TO THE SIZE OF THE INITIAL DATA. The total size of the chunks is bigger than the size of the data. When the chunks you have add up to a size slightly bigger than the initial data, you can reconstruct the initial data.
That was a lot of confusion to untangle.
Is that to ensure that no-one huffs and puffs and blows your house in?
So... you care about performance enough to change operating system in return for a 10% speedup, but not enough to really think about it?
No criminal would dare steal a laptop near a free donut stand.
They all went downhill after MCC.
I can put off reading Slashdot?
Yes, I can help. Learn a different programming language!
Seriously. You only re-use code in C when you really, really have to, because it's so intensely painful to do, and writing libraries is difficult and tiresome. Every time you want to pass a reference around, you have to decide who's going to free() it. If you want to get in the habit of reusing other people's code, learn a language with a stronger re-use culture. You should anyway; far too much new code is written in C when there are better alternatives with automatic memory management.
I like Python, but you might choose Ruby, or Java, or C#, or Haskell, or OCaml, or even Perl. In any of these languages, you'll quickly get into the habit of seeing if someone's already solved your problem, because code re-use is so much less painful.
Visudo should explicitly ask you "you are about to deny *yourself* root access. Are you sure?"
We used to dream of having a cubicle! Would have been a palace to us.
I want to take a photo of our office - nearly twenty people in little desk groups, no partitions anywhere - and post it so all these Americans can realize how lucky they are...
People have been happily predicting ubiquitous crypto for many years, but recently they don't so much, because they noticed that things haven't made any progress in that direction for the last decade or so. See Where has all the crypto gone?, a Usenix paper from five years ago, and ask yourself what progress has been made since then.
Don't get me wrong, I'd love to see it, but I'm not optimistic that it'll "just happen".
A few more examples
You didn't like Brokeback Mountain either?
I'll celebrate the big step forward for Hollywood's portrayal of gay issues when they make a gay feelgood movie. Or, you know, a gay Dukes of Hazzard.
"You don't need to be a Kreskin to predict Itanium's future. The hand writing has been on the wall since at least December 2004, when Hewlett-Packard handed over development and ownership of the Itanium platform to Intel. Soon after, vendors including IBM, Microsoft, and Dell began withdrawing their support for the Itanium processor.
Let's keep to the facts and look at the numbers.
# Chip speed of 1.6 GHz, down from the originally expected 2.4 GHz
# Front side bus speed of 400 MHz, down from 667 MHz
# On-chip Level 3 cache, down from 24 MB (12 MB per core)
to an undisclosed number
All major surveys show that Itanium has steadily declined in market share.
Fact: Itanium is dead"
You and Kronecker, huh? Why treat the natural numbers specially?
I have no mod points but I must comment...
MD5 is not the problem. The trouble with using a system like this is that if you can be fooled into trying to log in to the wrong server, then they can capture your password, because it has to be sent in a form the server understands and can verify against.
The right approach is something like SRP, which uses your password to negotiate a secure tunnel, in such a way that anyone who doesn't have the password, and doesn't guess it correctly during the negotiation phase, doesn't learn it and can't even take a new guess until next time there's a login attempt. This means that even relatively weak passwords gain a lot of security, because it's easy to limit the number of guesses the attacker is allowed.
If ssh used SRP, then you wouldn't have to worry about whether the remote host key is right, or whether it's changed - the fact that you manage to negotiate a proper session with them using your password means that they're a legit host.
Wikipedia checked. The edit history makes it look very unlikely that any one person was solely responsible for the material in question.
Definitely start with the new series.
Ship with an old-style FAT filesystem, without vfat. VFAT is backwards compatible, so the devices can write to it just as if it's VFAT.
The device manufacturers will have to pay, but not the media manufacturers.
The irony is that what M$ have patented is their workaround for their own fuckup. And people used it not because it was good, but to stay compatible with them. Get into bed with Microsoft and they will screw you.
I need to persuade my psychologist friends who've been arguing this stuff to put up a web page somewhere collecting their detailed refutations and counter-arguments in response to Rieger's paper. If you haven't read it already, I recommend you do so - the blatant way in which the analysis is chosen to support the desired conclusions should jump out at you. But the more detailed analysis by those versed in the field is worth reading too.
/ Psychology%20Perverted%20-%20A%20Response.htm
The closest related link I can find ATM is this one, but it's only tangentally related:
http://ai.eecs.umich.edu/people/conway/TS/Reviews