Haha! It's funny because in reality, 129/128 = 1.008 = 0.8%. It's 0.8% harder to crack!
Wrong. Ever take a class in counting in Binary? Adding another bit includes all the previous bits as well. 3 bits = [0..7], 4 bits = [0..15], 5 bits = [0..31] and so on. So you can think of it as the bit space below that bit + the bit space again (last bit is a zero or one so those are the possiblilities).
However this doesn't mean that you couldn't get the right key on the first try with a random number. Your literally more likely to be hit by lightning.
I think you are careless with your money then. Your odds are better at Las Vegas I think. Let me explain.
I have heard this argument a number of times. I have a feeling you have no idea just how hard it is to forge a signature and get away with it. It can be done, sure. It also depends on the document.
You seem to have a great deal of confidence in digital signatures. I'm not sure why you are that confident. The big picture right now is that most users machines are not secure. That is, you don't have to break the key nor encryption. You can compromise the machine and that is well known to happen for Windows based clients. Own the machine and you have a rigged game.
There is also the issue of the signature itself. Just how careful is the certificate authority? From my experience not very careful. This can be corrected, however.
I don't want to kill DS, they can be very useful. I don't think it should be considered legitimate any more than a physical document that was signed without a witness. With physical documents there are also fingerprints on them as well as a lot of other forensic evidence. For example it was trivial to show that a 30+ year old memo during the last Presidential race was fake, for many reasons. Even though the man that supposedly wrote the memo is dead, it was supposedly written over 30 years ago and it was faxed. With a digital document all bets are off. You have a doc that is signed, any and all of it can be faked. You can't even go back and try to get physical evidence.
How about the retention of the DS data? Could I come back in 30+ years from now and challenge a document signed today and be sure if it is fake or not? If you would bet that 30+ years from now we could be sure, as PT Barnum would say "A fool and his money are soon parted."
Everyone, what is proposed is the key agreement algorythm. Please don't confuse this with the encryption method. I see a lot of messages that are misleading on what this is.
WTH is it? When a key needs to be exchanged between two machines (like two routers for example), a mutually agreed upon key must exist no matter which encryption you use - blowfish, aes, des, and on and on. The idea is that only the two machines would know what the real key is and it is done automatically.
Diffy-helman has been used for decades (Patent expired in 1997) for this and can be found as close as your nearest cisco router that has encryption enabled. The new algorithm adds a few new twists to it. Those twists may make the key easier to crack, however. Buyer beware, don't bet your life on a mutually agreed upon key like that. Be sure your keys are very secure. This goes for the so called quantum encryption channel as well. I don't think it is as secure as they say it is.
However for most all of us in the world this is perfectly safe for digital signature encrypted data. If you have a need to be absolutely sure a signature is valid, don't use the network. Get it on paper.
I agree with you. We both know what it is supposed to say. My supposition is could they use it maliciously. Looking at the bill I think it is a very real possibility. Would you want to argue a political site is a "legitimate business"? Tell a jury what a "legitimate business" is? What do they sell? Did they do what they said they would? I know it may seem idiotic but that is where problems arise.
The original post asked if other laws apply. They do in most cases. Is it a feel good law? Passing laws for things that are already illegal doesn't do much good. I'm pointing out that it may in fact be used for things they never ment. I think that is what the original poster was after.
Didn't read the bill, RTFA.... ---snip----
Democrat Patrick Leahy, has introduced a new federal anti-phishing bill that would impose jail terms up to five years and fines up to $250,000 for criminals creating fake web site designed to con consumers in to giving them their personal information.
---snip---
What is a "fake web site"? We both probably know but could an activist use that to his advantage? What does the bill say....
The bill Here (could go to thomas.loc.gov, type in anti-phishing into the search box)
Here is what could be used:
(b) Messenger- Whoever knowingly, with the intent to carry on any activity which would be a Federal or State crime of fraud or identity theft sends any electronic mail message that--
(1) falsely represents itself as being sent by a legitimate online business;
(2) includes an Internet information location tool that refers or links users to an online location on the World Wide Web that falsely purports to belong to or be associated with such legitimate online business; and
(3) induces, requests, asks, or solicits a recipient of the electronic mail message directly or indirectly to provide, submit, or relate any means of identification to another;
shall be fined under this title or imprisoned up to 5 years, or both.
Couldn't they argue (1) that they aren't a legitimate online business? (2) The e-mail seems to always have such links to their online web presence and they fulfil the last requirement by (3) asking for a donation and get info that way?
If you look below that you see where they bothered to define what they mean by the terms and "legitimate online business" is missing.
I realize that to most people this seems unreasonable, however there are a lot of unresonable people out there today.
I do think something should be done, however I think they could do better. Leahy isn't a new represenative after all.
Other way around, the political activists using the law to hit the politician over the head.
Politicians do put up web sites and most (all?) of them collect money. Pick one of the two last Presidential candidates for example. I'm fairly sure that for both candidates they had at least one thing on their site that could be considered false (some of us think ALL of Bush's site was false and the others think ALL of Kerry's was false). Someone with a political vendeta could donate money to the oposition ($20 say) and later say he was defrauded and make news headlines (Senator cottonpicker defrauded people, phished my info from his site). After all they do have to collect information about you when you donate. My guess is that you haven't donated to a political group. They also use that information to mail stuff to you. That is why I chose this as an example, they DO collect info on you (save the wee turtles).
It all depends on how the law is worded. Maybe they think they can fool a jury into convicting someone. Maybe you aren't familiar with the government misusing laws? Look at the RICO laws (for gangsters), they are being applied to entities that Congress never ment them to be applied to for example. Slashdoters are well aware of the DCMA and the desire to apply it widely.
The answer is almost always yes. Wire, fraud and other laws are applied today to net these criminals as seen on slashdot! The Represenative thinks that the laws aren't applicable in some cases. That is, it isn't a clearcut fit.
What else he says is that he wants to stop the erosion of public trust in the net. So this is yet another "feel good" bill. Feel good bills often lead to unintended consequences. For example, could this be applied to a politicians site? Someone could sign up saying they thought he was for JEDI (Just Enter Desired Issue). Turns out he is against JEDI. Right now he would be a waffler, he may be a criminal under the new law. Politicians often make sure they are left out of the law's grasp. bla bla bla except for political sites.
Your right, however if things work anything like they do in the US, this is known as seeding. They throw the idea out there, visit it from time to time and say this is way out there, won't happen. Next thing you know it is law and your a criminal or you are looking at a big bill. If they can't do it that way then they often make other proposals and increment them until they get what they wanted. If that doesn't work then sometimes they use the courts. If that doesn't work then they try to buy lawmakers, sometimes launch commercials. Your probably familiar with that in the US with the MPAA and other copyright groups. Hey, "they are loosing a lot of money." "a lot" is often associated with a huge number pulled out of the air.
I'm curious if you think the old system that they had should be changed. Was the old system broken?
Slashdot Mirror
Wrong. Ever take a class in counting in Binary? Adding another bit includes all the previous bits as well. 3 bits = [0..7], 4 bits = [0..15], 5 bits = [0..31] and so on. So you can think of it as the bit space below that bit + the bit space again (last bit is a zero or one so those are the possiblilities).
However this doesn't mean that you couldn't get the right key on the first try with a random number. Your literally more likely to be hit by lightning.
I have heard this argument a number of times. I have a feeling you have no idea just how hard it is to forge a signature and get away with it. It can be done, sure. It also depends on the document.
You seem to have a great deal of confidence in digital signatures. I'm not sure why you are that confident. The big picture right now is that most users machines are not secure. That is, you don't have to break the key nor encryption. You can compromise the machine and that is well known to happen for Windows based clients. Own the machine and you have a rigged game.
There is also the issue of the signature itself. Just how careful is the certificate authority? From my experience not very careful. This can be corrected, however.
I don't want to kill DS, they can be very useful. I don't think it should be considered legitimate any more than a physical document that was signed without a witness. With physical documents there are also fingerprints on them as well as a lot of other forensic evidence. For example it was trivial to show that a 30+ year old memo during the last Presidential race was fake, for many reasons. Even though the man that supposedly wrote the memo is dead, it was supposedly written over 30 years ago and it was faxed. With a digital document all bets are off. You have a doc that is signed, any and all of it can be faked. You can't even go back and try to get physical evidence.
How about the retention of the DS data? Could I come back in 30+ years from now and challenge a document signed today and be sure if it is fake or not? If you would bet that 30+ years from now we could be sure, as PT Barnum would say "A fool and his money are soon parted."
WTH is it? When a key needs to be exchanged between two machines (like two routers for example), a mutually agreed upon key must exist no matter which encryption you use - blowfish, aes, des, and on and on. The idea is that only the two machines would know what the real key is and it is done automatically.
Diffy-helman has been used for decades (Patent expired in 1997) for this and can be found as close as your nearest cisco router that has encryption enabled. The new algorithm adds a few new twists to it. Those twists may make the key easier to crack, however. Buyer beware, don't bet your life on a mutually agreed upon key like that. Be sure your keys are very secure. This goes for the so called quantum encryption channel as well. I don't think it is as secure as they say it is.
However for most all of us in the world this is perfectly safe for digital signature encrypted data. If you have a need to be absolutely sure a signature is valid, don't use the network. Get it on paper.
The original post asked if other laws apply. They do in most cases. Is it a feel good law? Passing laws for things that are already illegal doesn't do much good. I'm pointing out that it may in fact be used for things they never ment. I think that is what the original poster was after.
---snip----
Democrat Patrick Leahy, has introduced a new federal anti-phishing bill that would impose jail terms up to five years and fines up to $250,000 for criminals creating fake web site designed to con consumers in to giving them their personal information.
---snip---
What is a "fake web site"? We both probably know but could an activist use that to his advantage? What does the bill say....
The bill Here
(could go to thomas.loc.gov, type in anti-phishing into the search box) Here is what could be used:
(b) Messenger- Whoever knowingly, with the intent to carry on any activity which would be a Federal or State crime of fraud or identity theft sends any electronic mail message that--
(1) falsely represents itself as being sent by a legitimate online business;
(2) includes an Internet information location tool that refers or links users to an online location on the World Wide Web that falsely purports to belong to or be associated with such legitimate online business; and
(3) induces, requests, asks, or solicits a recipient of the electronic mail message directly or indirectly to provide, submit, or relate any means of identification to another;
shall be fined under this title or imprisoned up to 5 years, or both.
Couldn't they argue (1) that they aren't a legitimate online business? (2) The e-mail seems to always have such links to their online web presence and they fulfil the last requirement by (3) asking for a donation and get info that way?
If you look below that you see where they bothered to define what they mean by the terms and "legitimate online business" is missing.
I realize that to most people this seems unreasonable, however there are a lot of unresonable people out there today.
I do think something should be done, however I think they could do better. Leahy isn't a new represenative after all.
Politicians do put up web sites and most (all?) of them collect money. Pick one of the two last Presidential candidates for example. I'm fairly sure that for both candidates they had at least one thing on their site that could be considered false (some of us think ALL of Bush's site was false and the others think ALL of Kerry's was false). Someone with a political vendeta could donate money to the oposition ($20 say) and later say he was defrauded and make news headlines (Senator cottonpicker defrauded people, phished my info from his site). After all they do have to collect information about you when you donate. My guess is that you haven't donated to a political group. They also use that information to mail stuff to you. That is why I chose this as an example, they DO collect info on you (save the wee turtles).
It all depends on how the law is worded. Maybe they think they can fool a jury into convicting someone. Maybe you aren't familiar with the government misusing laws? Look at the RICO laws (for gangsters), they are being applied to entities that Congress never ment them to be applied to for example. Slashdoters are well aware of the DCMA and the desire to apply it widely.
What else he says is that he wants to stop the erosion of public trust in the net. So this is yet another "feel good" bill. Feel good bills often lead to unintended consequences. For example, could this be applied to a politicians site? Someone could sign up saying they thought he was for JEDI (Just Enter Desired Issue). Turns out he is against JEDI. Right now he would be a waffler, he may be a criminal under the new law. Politicians often make sure they are left out of the law's grasp. bla bla bla except for political sites.
I'm curious if you think the old system that they had should be changed. Was the old system broken?