Don't believe me? Look at RedHat and Cheap*Bytes. Cheap*Bytes sells a lot of RedHat CDs. RedHat sells more. RedHat also sells support and various other merchandise, and manages to turn a profit.
Really? Maybe it's just b/c I'm in college, but everyone I know using Linux (RH, Mandrake, Debian, and Slackware) either downloaded an ISO and burned it or got a cheapbytes CD. I've never talked to anyone who actually bought a CD from Redhat (I think a few people buy their BSD CDs from the projects, however, mostly to support development). Companies probably do, for the support, of course, but I can't imagine an individual would actually pay $50 for an official RH CD when cheapbytes will run you $2. 30 days of support and a pretty box != $48.
It's possible that they've found a way to factor very large numbers, a breakthrough which would render all the current ciphers useless.
Unless Diffie-Hellman key exchange were used instead of RSA (and DH is in SSL3). And for sym ciphers, there isn't anything basic that you can point to, and say "we can do this, so we can break this". The only real relation between, say, RC4 and 3DES is that they both use large secret keys. So the only attack which can break both is a brute force attack. And as someone pointed out, breaking the key exchange will break SSL. But just being able to factor won't help you much in DH is used (tho I will admit that DH is not used much in SSL).
And more to the point: if the NSA can break RSA, why don't they let PGP be exported? It won't stop them!
The logical conclusion would be that the NSA knew about DC 20 years before the public.
Indeed, as did the team at IBM (and if you try to tell me that the NSA told the IBM team about it, I'll laugh). The NSA asked them not to tell, and they agreed. In fact, the team (specifically Coppersmith), claimed that they invented the entire thing. There's a quote by him somewhere, something like "The NSA did not dictate a single wire!", presumably refering to the fact that it was done in hardware.
If the NSA has found a shortcut to dramatically reduce those times, then they would allow 128 bit encryption through because it is now trivial for them to crack it.
Huh? That's my point: there is no way to do a 128 bit brute force, at least not on an abstract cipher. Even a quantum computer will only be able to break in with 2**64 effort (or 2**84 with 168 bit 3DES keys). A quantum computer with that kind of power is decades away, and while the NSA does have advanced tech, it's highly unlikely that they're 20 years ahead of state-of-the-art.
If they can find a weakness in the cipher, sure. Finding a weakness in 3 ciphers (RC4, RC2, and 3DES) at the level where brute forcing the key is feasible seems highly unlikely. And if they can break TripleDES there's not much point in encrypting anything. 3DES has been studied for the last 20 something years, and never broken (publicly). If the NSA can break it, they can probably also break any other cipher out there.
Don't assume that just because *you* don't have the resources *they* don't.
LOL. I'm not assuming anything based on my capabilities. I could maybe break a 40 bit key, given a few weeks or so (on my computers, not by hand!). If they had to, the NSA could brute force a 64 bit or even 72 bit key. If the algorithm was bad I'm sure they could do much better.
a massively nondeterministic attack on the RSA (key-exchange) portion of the SSL protocol...
Hrm... hadn't thought of that. But it would be a bit extreme at this point, I think. We're at, what, 3 qubits now? So the NSA can't have more than 15 or so (keeping in mind they've usually about 2 - 5 years ahead of the public state-of-the-art, based on what we've seen released (SHA-1, Skipjack, etc)). And even if what you suggest were true, a 1024 bit RSA key would still be a non-trivial effort.
Also mind that the NSA is not going to be brute forcing your keys (wasting their computing cycles) to recover your CC number.
Right. Even if the NSA can read it, who cares? The NSA doesn't want it, 37337 h4x0r's do, and they can't break it.
Plus, I'm sure the intelligence impact to the NSA of not being able to read https connections is minimal, unless it turns out that they're using credit card fraud to supplement their budget or something.
LOL. So that's how they afford all that computing equipment!!!
That only applies to a brute force attack. There's always the possibility that they've found some fancy mathematical trick to speed the process up by a few million orders of magnitude.
Well, breaking RC4 seems significantly more likely than a 128 bit brute force, but OTOH you can change which ciphers you use. If the NSA could break any SSL cipher, that's bad, since TripleDES, RC2, and RC4 are all used by SSL (well, IDEA is in there too but nobody uses it). If TripleDES is broken, you can safely say that all is lost. It's used in everything: S/MIME, PGP, GnuPG, banks use it, basically anything you can think of uses it. And you can set it to use TripleDES only if you want (I do). In any case, if nobody but the NSA can break RC4 (if an academic discovered an attack it would be published by now), then I'm pretty happy: as I've stated elsewhere, they don't want my CC #. And that's all I'm protecting with SSL.
You know, I'm sure the US government would just love to allow Netscape to export strong encryption with a nice backdoor built in to it...
So they can do what, get your CC #? Who cares? (Answer: not the NSA!). You'll notice it talks about 128 bit SSL, but not 128 bit S/MIME. That's becuase the only thing SSL protects is commerce stuff, not email (like S/MIME does). The NSA just realized that if they allow strong e-commerce crypto, but still block strong email encryption, the big companies will stop complaining and we'll never be able to export PGP (legally, that is!).
The NSA no longer considers 128 bit encryption secure enough to trouble them.
Do you have any idea how hard it would be to brute force a 128 bit key? Acording to Schneier, who seems to get some respect around here, a machine with 10**14 processors, each of which could crack a million keys a second, would need 10**11 years to crack a 128 bit key. The universe has been around 10**10 years or so. Get over it, it's not going to happen, and even if it were possible in our lifetimes (I don't think it is), do you really think they would use this trillion dollar machine to break your SSL session and get your credit card #?? No, they would go to your CC company's office and ask nicely if they wanted that.
I can't understand why people seem to have such a problem paying for software that they will (most likely) use to run a commercial OS. How many people out there are using VMWare to run NetBSD in a window on thier linux box?
You've certainly got a point (while it would be fun to run FreeBSD in a window, I'd probably be mostly running Win98 and BeOS on top of Linux). However, there is a very good reason for a virtualization system to be open sourced: easy migration path. People who would otherwise not use Linux b/c they don't want to reboot to use office or play games can use this (which will, I'm sure, be in most distros once it's stable). Despite the fact that they paid who-knows-how-much for windows and office, they will balk at paying $100 to be able to run windows on linux. But if it's open sourced, they will see it as "free beer". Once alternatives appear (which they're starting to), people will already be confortable with Linux and won't have a problem moving to it entirely.
But overall, I agree with you... if you just want a free-beer VmWare, quit whining and pay the damn company what they're asking! Or help develop FreeMWare.:)
There are always a few non-free pieces of software on someone's box, and one that I've notices a lot of people using in VmWare. Along with Mozilla replacing Netscape, pretty much the only non-free sw people will be using soon will be Q3A [well, beside the OS they will be virtualizing, of course]
Seriously, this is great news for everyone, and I wish the developers good luck with their efforts. I'm looking forward to a release: in fact, if I had more than 64m of memory, I'd go try out the unstable version for kicks (who needs uptime, right?)
With the same argument I guess that since the police carry guns we can no longer critizise violent murderers?
LOL. If police where you live regularly kill people for no reason, I'd recommend moving someplace else. I do see a lot of hypocrisy in allowing only police to be armed (ie, highly restrictive gun control), but that's a different story.
Is the any difference between what the aus. govt. will be doing, and what your average 15 y.o. skript kiddie does, except the govt will be doing it better and to more people? I'm not talking about motivation, wether they're doing it for fun, or as a job, or for "national security reasons", but it's effect? As far as I'm concerned, the only difference is that the aus. govt. will be more dangerous when they do it. In any case, I don't want anyone attacking my machines, regardless of what half-assed reason they come up with.
This is NOT much different from most other countries, the only difference being that in the US, there is probably no 'explicity' rule about breaking into computers. Gimme a break.. In the USA, the authorities can do *anything* in the name of national security... and get away with it.
That's what so bad about it: this law (and others like it) legitimatize enourmous invasions of privacy. Yes, here in the US the govt (ie NSA) can do whatever it wants, but at least they can't hide behind a law (witness EPICs lawsuit against the NSA).
Sadly, it's already been broken (IIRC). Search the coderpunks archive for details. It's doesn't necessarily mean that someone can read your files, but there are some problems with how keys are stored which makes it much easier for someone to compromise the security of the keys.
And... considering that M$ seems to screw up crypto every time they try it (seriously: PPTP, PPTPv2, password hashing for LANMAN and also a database I can't think the name of right now, probably others I haven't heard off...), I wouldn't have too much confidence in it. 'specially as it will be 40 bit keys unless you download the domestic encryption fixes.:)
Trusted DG/UX has been rated B2, which is pretty good. I'd bet a few bucks OpenBSD could achieve a similiar rating. Solaris could probably make C2 at least, but hasn't been rated officially AFAIK. Several *nix vendors make "trusted" versions, like Trusted IRIX and Trusted HP/UX. However, based on my experiences with both of the those OSes 'normal' configurations, I don't think they would do too well... though it is mostly an administration thing.
Does it seem weird to anyone eles that/., "News for Nerds", is covering this story (which I saw last night on the news, along with the stevie wonder story), but hasn't posted a thing about the mars lander vanishing (which I also saw last night, but at least it's relevant to/.). Thanks for the link: if I had moderator points I'd mark your post up.:)
Hmmm, wasn't the reason they where able to crack it so easily was because one of the keys was not protected and therefore they used that key to break the others? I mean that had nothing to do with weak encryption, that was just incompetence.
No, that just made it easier. All of the keys were only 40 bits, which takes a few weeks (at most) to brute force. Not only that, they screwed up the crypto (badly) so it's trivial to break (a few hours on a run of the mill machine). And the fact that knowing one key allows you to get all the others shows quite clearly that the crypto is weak [this should not be possible for a "strong" encryption system].
And if they want to change it, they'll have to replace every single player and DVD (I think). So it's not really economical (I mean, who's going to pay for a DVD twice!?!?!?).
I think its performance bites too, but I'm comparing it to C. Compared to Python, Java looks like a speed freak.
Right... but Python is a hell of a lot easier to write (and Perl, according to Kernighan and Pike (in TPOP), runs almost as fast as C). One of the reasons I don't like Java is that you write in a fairly low-level language (C,C++, etc) but get the performance of an interpreted lang (Python, Lisp, etc). Doesn't seem like a good tradeoff to me.
People talk about the hardware Sun's doing which are specially designed for Java, and how fast is will be. I have news for those people: anything is fast if it's done in dedicated hardware. Sheesh.
And object-orientation has been the trend in language design, at least officially, for a while.
One of the things I dislike about Java is the fact that it forces OO only code. Sometimes all you need is a simple function. Not to mention the lack of templates (though IIRC the keyword generic is reserved so they can add it in later).
I mean, it's been my experience that Windows does indeed have trouble staying up for even a few days at a time. Though it may have been a bit of a joke, I'm sure it's not out of the realm of possibility that you'd need to reboot a Windows box once a day.
I have to agree. I was using 98 for a quite a while, and usually after 4 days, things just go sooooo slow that it forced a reboot. And I was forced to do reboots daily (or even every 6 hours at times) if I was doing a lot of devel work. I think I once got a week though... Most NT people I know reboot their machines every two weeks or so. OTOH:
I would love to see 98 do that, hehe.:) Course a power or hardware failure will get it at some point... I'm hoping for a year uptime. Note that this machine is somewhat high end (only a P-II 350, but a ton of RAM), and also isn't used by a lot of people (though the people that do use it are doing heavy compuational stuff most of the time) which may help explain it somewhat.
Somewhat off topic, but on the subject of Windows bugs, my favorite is the following:
1) System crashes hard 2) You power cycle the POS 3) 'doze loads up, then (before you do anything at all) you're informed that kernel32.dll has performed an invalid instruction, so you get to reboot again.
What would really be funny is if this looped. That happened to me maybe half a dozen times... OTOH, I don't remember seeing anything like what you describe (I'm on a P-II, though).
Hmmm... windows sometimes doesn't load up, Linux always boots: guess your computer is trying to tell you something...:)
Slashdot Mirror
Who says a domain name needs to be at all descriptive of the site it represents?
:)
Slashdot?
Amazon?
Ebay?
Yahoo?
Excite?
Google?
Don't believe me? Look at RedHat and Cheap*Bytes. Cheap*Bytes sells a lot of RedHat CDs. RedHat sells more. RedHat also sells support and various other merchandise, and manages to turn a profit.
Really? Maybe it's just b/c I'm in college, but everyone I know using Linux (RH, Mandrake, Debian, and Slackware) either downloaded an ISO and burned it or got a cheapbytes CD. I've never talked to anyone who actually bought a CD from Redhat (I think a few people buy their BSD CDs from the projects, however, mostly to support development). Companies probably do, for the support, of course, but I can't imagine an individual would actually pay $50 for an official RH CD when cheapbytes will run you $2. 30 days of support and a pretty box != $48.
It's possible that they've found a way to factor very large numbers, a breakthrough which
would render all the current ciphers useless.
Unless Diffie-Hellman key exchange were used instead of RSA (and DH is in SSL3). And for sym ciphers, there isn't anything basic that you can point to, and say "we can do this, so we can break this". The only real relation between, say, RC4 and 3DES is that they both use large secret keys.
So the only attack which can break both is a brute force attack. And as someone pointed out, breaking the key exchange will break SSL. But just being able to factor won't help you much in DH is used (tho I will admit that DH is not used much in SSL).
And more to the point: if the NSA can break RSA, why don't they let PGP be exported? It won't stop them!
The logical conclusion would be that the NSA knew about DC 20 years before the public.
Indeed, as did the team at IBM (and if you try to tell me that the NSA told the IBM team about it, I'll laugh). The NSA asked them not to tell, and they agreed. In fact, the team (specifically Coppersmith), claimed that they invented the entire thing. There's a quote by him somewhere, something like "The NSA did not dictate a single wire!", presumably refering to the fact that it was done in hardware.
If the NSA has found a shortcut to dramatically reduce those times, then they would allow 128 bit encryption through because it is now trivial for them to crack it.
Huh? That's my point: there is no way to do a 128 bit brute force, at least not on an abstract cipher. Even a quantum computer will only be able to break in with 2**64 effort (or 2**84 with 168 bit 3DES keys). A quantum computer with that kind of power is decades away, and while the NSA does have advanced tech, it's highly unlikely that they're 20 years ahead of state-of-the-art.
If they can find a weakness in the cipher, sure. Finding a weakness in 3 ciphers (RC4, RC2, and 3DES) at the level where brute forcing the key is feasible seems highly unlikely. And if they can break TripleDES there's not much point in encrypting anything. 3DES has been studied for the last 20 something years, and never broken (publicly). If the NSA can break it, they can probably also break any other cipher out there.
Don't assume that just because *you* don't have the resources *they* don't.
LOL. I'm not assuming anything based on my capabilities. I could maybe break a 40 bit key, given a few weeks or so (on my computers, not by hand!). If they had to, the NSA could brute force a 64 bit or even 72 bit key. If the algorithm was bad I'm sure they could do much better.
a massively nondeterministic attack on the RSA (key-exchange) portion of the SSL protocol...
Hrm... hadn't thought of that. But it would be a bit extreme at this point, I think. We're at, what, 3 qubits now? So the NSA can't have more than 15 or so (keeping in mind they've usually about 2 - 5 years ahead of the public state-of-the-art, based on what we've seen released (SHA-1, Skipjack, etc)). And even if what you suggest were true, a 1024 bit RSA key would still be a non-trivial effort.
Also mind that the NSA is not going to be brute forcing your keys (wasting their computing cycles) to recover your CC number.
Right. Even if the NSA can read it, who cares? The NSA doesn't want it, 37337 h4x0r's do, and they can't break it.
Plus, I'm sure the intelligence impact to the NSA of not being able to read https connections is minimal, unless it turns out that they're using credit card fraud to supplement their budget or something.
LOL. So that's how they afford all that computing equipment!!!
That only applies to a brute force attack. There's always the possibility that they've found some fancy mathematical trick to speed the process up by a few million orders of magnitude.
Well, breaking RC4 seems significantly more likely than a 128 bit brute force, but OTOH you can change which ciphers you use. If the NSA could break any SSL cipher, that's bad, since TripleDES, RC2, and RC4 are all used by SSL (well, IDEA is in there too but nobody uses it). If TripleDES is broken, you can safely say that all is lost. It's used in everything: S/MIME, PGP, GnuPG, banks use it, basically anything you can think of uses it. And you can set it to use TripleDES only if you want (I do). In any case, if nobody but the NSA can break RC4 (if an academic discovered an attack it would be published by now), then I'm pretty happy: as I've stated elsewhere, they don't want my CC #. And that's all I'm protecting with SSL.
You know, I'm sure the US government would just love to allow Netscape to export strong encryption with a nice backdoor built in to it...
So they can do what, get your CC #? Who cares? (Answer: not the NSA!). You'll notice it talks about 128 bit SSL, but not 128 bit S/MIME. That's becuase the only thing SSL protects is commerce stuff, not email (like S/MIME does). The NSA just realized that if they allow strong e-commerce crypto, but still block strong email encryption, the big companies will stop complaining and we'll never be able to export PGP (legally, that is!).
The NSA no longer considers 128 bit encryption secure enough to trouble them.
Do you have any idea how hard it would be to brute force a 128 bit key? Acording to Schneier, who seems to get some respect around here, a machine with 10**14 processors, each of which could crack a million keys a second, would need 10**11 years to crack a 128 bit key. The universe has been around 10**10 years or so. Get over it, it's not going to happen, and even if it were possible in our lifetimes (I don't think it is), do you really think they would use this trillion dollar machine to break your SSL session and get your credit card #?? No, they would go to your CC company's office and ask nicely if they wanted that.
I can't understand why people seem to have such a problem paying for software that they will (most likely) use to run a commercial OS. How many
:)
people out there are using VMWare to run NetBSD in a window on thier linux box?
You've certainly got a point (while it would be fun to run FreeBSD in a window, I'd probably be mostly running Win98 and BeOS on top of Linux). However, there is a very good reason for a virtualization system to be open sourced: easy migration path. People who would otherwise not use Linux b/c they don't want to reboot to use office or play games can use this (which will, I'm sure, be in most distros once it's stable). Despite the fact that they paid who-knows-how-much for windows and office, they will balk at paying $100 to be able to run windows on linux. But if it's open sourced, they will see it as "free beer". Once alternatives appear (which they're starting to), people will already be confortable with Linux and won't have a problem moving to it entirely.
But overall, I agree with you... if you just want a free-beer VmWare, quit whining and pay the damn company what they're asking! Or help develop FreeMWare.
There are always a few non-free pieces of software on someone's box, and one that I've notices a lot of people using in VmWare. Along with Mozilla replacing Netscape, pretty much the only non-free sw people will be using soon will be Q3A [well, beside the OS they will be virtualizing, of course]
Seriously, this is great news for everyone, and I wish the developers good luck with their efforts. I'm looking forward to a release: in fact, if I had more than 64m of memory, I'd go try out the unstable version for kicks (who needs uptime, right?)
With the same argument I guess that since the police carry guns we can no longer critizise violent murderers?
LOL. If police where you live regularly kill people for no reason, I'd recommend moving someplace else. I do see a lot of hypocrisy in allowing only police to be armed (ie, highly restrictive gun control), but that's a different story.
Is the any difference between what the aus. govt. will be doing, and what your average 15 y.o. skript kiddie does, except the govt will be doing it better and to more people? I'm not talking about motivation, wether they're doing it for fun, or as a job, or for "national security reasons", but it's effect? As far as I'm concerned, the only difference is that the aus. govt. will be more dangerous when they do it. In any case, I don't want anyone attacking my machines, regardless of what half-assed reason they come up with.
This is NOT much different from most other countries, the only difference being that in the US, there is probably no 'explicity' rule about
breaking into computers. Gimme a break.. In the USA, the authorities can do *anything* in the name of national security... and get away with it.
That's what so bad about it: this law (and others like it) legitimatize enourmous invasions of privacy. Yes, here in the US the govt (ie NSA) can do whatever it wants, but at least they can't hide behind a law (witness EPICs lawsuit against the NSA).
Don't forget gcc 3!!!! Redhat 6.2 will be an interesting release, me thinks...
You can audit ugly object, too.
:) [I'm just joking around, NT fans please chill].
That's good; I think most of the objects in NT would be pretty ugly.
Sadly, it's already been broken (IIRC). Search the coderpunks archive for details. It's doesn't necessarily mean that someone can read your files, but there are some problems with how keys are stored which makes it much easier for someone to compromise the security of the keys.
:)
And... considering that M$ seems to screw up crypto every time they try it (seriously: PPTP, PPTPv2, password hashing for LANMAN and also a database I can't think the name of right now, probably others I haven't heard off...), I wouldn't have too much confidence in it. 'specially as it will be 40 bit keys unless you download the domestic encryption fixes.
Trusted DG/UX has been rated B2, which is pretty good. I'd bet a few bucks OpenBSD could achieve a similiar rating. Solaris could probably make C2 at least, but hasn't been rated officially AFAIK. Several *nix vendors make "trusted" versions, like Trusted IRIX and Trusted HP/UX. However, based on my experiences with both of the those OSes 'normal' configurations, I don't think they would do too well... though it is mostly an administration thing.
so far, all that's really happened was that contact wasn't made during a very short time window Friday afternoon.
Ok, you've got a point there. It just seemed odd.
Does it seem weird to anyone eles that /., "News for Nerds", is covering this story (which I saw last night on the news, along with the stevie wonder story), but hasn't posted a thing about the mars lander vanishing (which I also saw last night, but at least it's relevant to /.). Thanks for the link: if I had moderator points I'd mark your post up. :)
They already get enough for system... even browser type (although Konqueror allows you to change that).
:)
As does lynx, the one true browser.
Hmmm, wasn't the reason they where able to crack it so easily was because one of the keys was not protected and therefore they used that key to break the others? I mean that had nothing to do with weak encryption, that was just incompetence.
No, that just made it easier. All of the keys were only 40 bits, which takes a few weeks (at most) to brute force. Not only that, they screwed up the crypto (badly) so it's trivial to break (a few hours on a run of the mill machine). And the fact that knowing one key allows you to get all the others shows quite clearly that the crypto is weak [this should not be possible for a "strong" encryption system].
And if they want to change it, they'll have to replace every single player and DVD (I think). So it's not really economical (I mean, who's going to pay for a DVD twice!?!?!?).
I think its performance bites too, but I'm comparing it to C. Compared to Python, Java looks like a speed freak.
Right... but Python is a hell of a lot easier to write (and Perl, according to Kernighan and Pike (in TPOP), runs almost as fast as C). One of the reasons I don't like Java is that you write in a fairly low-level language (C,C++, etc) but get the performance of an interpreted lang (Python, Lisp, etc). Doesn't seem like a good tradeoff to me.
People talk about the hardware Sun's doing which are specially designed for Java, and how fast is will be. I have news for those people: anything is fast if it's done in dedicated hardware. Sheesh.
And object-orientation has been the trend in language design, at least officially, for a while.
One of the things I dislike about Java is the fact that it forces OO only code. Sometimes all you need is a simple function. Not to mention the lack of templates (though IIRC the keyword generic is reserved so they can add it in later).
I mean, it's been my experience that Windows does indeed have trouble staying up for even a few days at a time. Though it may have been a bit of a
:) Course a power or hardware failure will get it at some point... I'm hoping for a year uptime. Note that this machine is somewhat high end (only a P-II 350, but a ton of RAM), and also isn't used by a lot of people (though the people that do use it are doing heavy compuational stuff most of the time) which may help explain it somewhat.
joke, I'm sure it's not out of the realm of possibility that you'd need to reboot a Windows box once a day.
I have to agree. I was using 98 for a quite a while, and usually after 4 days, things just go sooooo slow that it forced a reboot. And I was forced to do reboots daily (or even every 6 hours at times) if I was doing a lot of devel work. I think I once got a week though... Most NT people I know reboot their machines every two weeks or so. OTOH:
[lloyd@galaxy lloyd]$ uptime
11:00am up 270 days, 18:44, 4 users, load average: 1.34, 1.13, 1.10
[lloyd@galaxy lloyd]$
I would love to see 98 do that, hehe.
Somewhat off topic, but on the subject of Windows bugs, my favorite is the following:
:)
1) System crashes hard
2) You power cycle the POS
3) 'doze loads up, then (before you do anything at all) you're informed that kernel32.dll has performed an invalid instruction, so you get to reboot again.
What would really be funny is if this looped. That happened to me maybe half a dozen times... OTOH, I don't remember seeing anything like what you describe (I'm on a P-II, though).
Hmmm... windows sometimes doesn't load up, Linux always boots: guess your computer is trying to tell you something...
OK, thanks for the replies. I had seen this on NASA's Beowulf Project web page somewhere, so I assumed that was that. I'll check it out.