Assuming that at some point, the router will be talking to the FON servers (even if everything were unencrypted, it still would need to verify username and password), this is not much of a problem. Let's say that the computer does a diffie-hellman key exchange with the server, through the router. After that all their information can be exchanged encrypted. The router will have no idea what the key is because of the nature of Diffie-Hellman, so it's completely oblivious to the username and password which were transmitted encrypted.
The man in the middle attack isn't so hard to beat either, the FON servers just need to sign their end of the key exchange so you can verify where it came from. That would prevent any man in the middle attack.
As I said, it's not like stuff like this hasn't been done before:P
I don't think you properly understand key-exchange. The point with a good key exchange (like Diffie-Hellman) for instance is that even though someone snoops all the traffic between two people, they will have no idea whatsoever what key they exchanged. The details can be found at wikipedia. It's a fairly simple, yet ingenious protocol.
As for the man-in-the attack, that can be fixed aswell. Assuming here that the router is communicating with an FON server (otherwise, how would it know what username had what password), it can simply request that the server signs his part of the diffie-hellman exchange.
As I said, I'm no expert, but this seems like a pretty trivial problem in cryptography to solve.
If the handshake process is done right, you cannot just capture the passwords. It would be fairly trivial for the router and the computer to do a simple key exchange and encrypt their data, before any usernames or passwords even appear. That would make it impossible for any snoopers to know what was going on. If done wrong this could ofcourse be compromised by something like a man-in-the-middle attack, but with proper authentication that shouldn't be a problem either. I'm certainly no expert in cryptography, but I've no doubt that a smart crypto-dude could create a bulletproof protocol that handles this just fine. I mean, it's not like it's the first time anyone has ever needed to transfer an encrypted password.
I've been a wikipedia editor for two years now, and have an editcount in the several thousands. So yes, I do get the idea of wikipedia. I don't appriciate being insulted by someone who has only the vaguest idea what wikipedia is (which is fairly obvious by your comments)
Are you claiming that wikipedia should only use material that is published on the internet as a source? That's the stupidest thing I ever heard. Much of the information on wikipedia isn't available on the internet, and that's not a bad thíng. Incase you haven't noticed, factswise, the internet sucks. Books, articles, filmclips, that sort of thing is generally much more reliable. And no, not everyone can always verify every source, that's not important, what's important is that someone can.
You say: "then what is the difference between Wikipedia and Brittanica or other encyclopedias?" Are you claiming that because wikipedia can be edited by everyone and that it is online should have less sources available to it than Brittannica? All of us working on it are working for it to become as good as brittannica. As long as a source is reliable it's a good source. That doesn't mean we let all verifiable information through, we don't allow archival sources for instance, because that would break the No Original Research policy.
What if a biography of someone notable were only written in mandarin, and that was the only really reliable source. Are you saying that we shouldn't have an article on that person? Even though they clearly belong in the encyclopedia, and there is a great reliable source for it, that only 700 million people could read? Saying that all sources has to be available for everyone is so mindblowingly insane that I'm surprised that anyone would bring it up.
You should read up on some of Wikipedia's policies before you make an embarresment out of yourself again.
Neither of you probably know very much about wikipedia. We do remind users that every edit needs a reference, and it doesn't matter whether everyone can read it or not by everyone, aslong as it is verifiable by someone. Also we already block ranges and it is forbidden to edit using open proxies, we have loads of them idenfinitly blocked.
I think the point is that Gore pretends to be part, and indeed representative of, the american scientific community, and his use of arguments and science are an imbarresment to the community as a whole.
You know what, I'm getting sick of clueless people saying "Well, the supercomputers at the NSA could crack it!" I'll run some numbers for you:
A couple of years ago we found out that if one was inclined to spend a few dozen million dollars, one could build a machine that could crack DES in 7 hours. Lets take that machine and hype it up to overdrive: let's assume that we could solve a DES cipher in one femtosecond (that is one quadrillionth of a second or 10^-15 or 0.000000000000001 seconds). This is far, far faster than the combined speed of all computers in the world (and I mean FAR FAR faster, you'd need like all the atoms in the solarsystem to build that computer). How long would it take that computer to crack an AES cipher?
Well, lets see: DES has a 56 bit key, AES has a 256 bit key. Lets assume that it takes equal amounts to try a key on both ciphers (which it almost does, I think AES is about 2 times faster, but that wont matter much so it's a reasonable simplification). That would mean that it would take (10^-15)*2^(256-56) femtoseconds to solve. How much is that? Well we can easily convert it to years: (10^15*2^200)/(femtoseconds in a second * seconds in an hour * hour in a day * day in a year)= (10^-15*2^200)/(10^15 * 3600 * 24 * 365) = 50955671114250072156962 years.
I'll say it again: Using impossible supercomputer-power that is unimaginably fast, it would take 50955671114250072156962 years to crack a standard, run of the mill, WPA2 connection with any old router (assuming you selected a good password.) Which is reassuring since the universe is only about 13700000000 years old.
Can you promise me that you will never again utter those mindblowingly stupid comments that say "Ofcourse the NSA can crack modern ciphers!" Can you reassure me that, or will you simply ignore this message and pretend you never saw it?
That wont be NEAR enough, you'd need a couple of thousands of those to get the speed to under a millenia. Look, modern cryptography is MINDBLOWINGLY STRONG. Stronger than you can ever imagine.
Ahh, crap, I just got the joke! Didn't I rudely put you down a while ago? Well, you got you're revenge now, but know this: we shall meet again! Sleep with one eye open!
I am actually listening to Science Friday already, I'm a bit of an NPR junkie (which is completly bananas considering I've never even been outside Europe:P), but I'll try All Songs COnsidered. Cheers!
Yeah, documents released in the public domain can be distributed at will, because per definition if something is in the public domain it's not copyrighted. That is, the author has specifically given up his copyright or that the copyright has expired (what is it, 75 years after his death or something?). But this isn't the case here, the documents are released free as in beer, not free as in speech.
Take the computer software analogy: just because IE is released for free for everyone to download, it does not mean that it isn't copyrighted. Or take a book analogy: say that a writer starts handing out his books for free, that still doesn't mean that a publisher can without permission start printing copies of it. That would be copyright infringment. Or take an internet analogy: even if someone writes a stellar article on dungbeetles somewhere on the internet, available for free, it would still be illegal to put that up on Wikipedia because the original author owns the copyright on the text.
Ofcourse you can't redistribute them! Ever heard of copyright infringment? Just because you get to see something for free doesn't mean they arn't copyrighted.
Unless they release the docs under some sort of neat little license (CC, GFDL, PD,...) you can't just copy someone elses work and give it to others. Have the RIAA taught us nothing?
Re:Well I won't be listening...
on
NPR's Gaming Podcast
·
· Score: 4, Interesting
You obviously arn't listening to any good ones! NPR has some great ones, such as Wait, wait, don't tell me! (funny as hell) and NPR:Books, which is great if you're interested in books an literature. Slate's daily podcast is also very, very interesting. As for gaming, Gamespot's The Hotspot is great. TV Guide hosts TVGuide Talk a great podcast on television. If you're a super-nerd The Word Nerds are alot of fun. That's just naming a few of my favourites.
The greatest one of all however is Filmspotting (formerly Cinecast), a movie podcast which frankly is the best reviewers in all of media. A normal review contains what, 3-4 minutes of discussion, maybe 6-7 if it's an article. The Filmspotting guys routinely talk for seventeen (17!) minutes about a movie, incredibly smart and intellectual discussion that really dives deep into actors, scripts, direction, theme, etc. of every movie it reviews. That is what makes podcasting great, by not being contrained by a corporation, people are free to create their own formats, and have complete creative control. Most often that means it's gonna suck, but when it doesn't you get something like Filmspotting which is frankly unparalelled in quality.
If yuo want a good gaming podcast....
on
NPR's Gaming Podcast
·
· Score: 2, Informative
....get gamespots The Hotspot. It's a little silly, but they do have the by far best insights and discussions of any gaming podcast I've listened to. That, and it's really fun:P
Emm, no, they couldn't. Even if the NSA had double the computing power of the rest of the world, it would still take them millions of years to crack modern ciphers. So no, it aint possible
You do know of this great protocol called Wi-Fi Protected Access, or WPA, don't you? You refer to something called WAP which I can only assume you mean to be the Wireless Application Protocol that cellphones use. Anyway, WPA is secure. It really is. Use a good password (25+ characters with some numbers and %"#&-characters) and there is not a force in the universe that can crack your password.
Slashdot Mirror
The man in the middle attack isn't so hard to beat either, the FON servers just need to sign their end of the key exchange so you can verify where it came from. That would prevent any man in the middle attack.
As I said, it's not like stuff like this hasn't been done before :P
As for the man-in-the attack, that can be fixed aswell. Assuming here that the router is communicating with an FON server (otherwise, how would it know what username had what password), it can simply request that the server signs his part of the diffie-hellman exchange.
As I said, I'm no expert, but this seems like a pretty trivial problem in cryptography to solve.
If the handshake process is done right, you cannot just capture the passwords. It would be fairly trivial for the router and the computer to do a simple key exchange and encrypt their data, before any usernames or passwords even appear. That would make it impossible for any snoopers to know what was going on. If done wrong this could ofcourse be compromised by something like a man-in-the-middle attack, but with proper authentication that shouldn't be a problem either. I'm certainly no expert in cryptography, but I've no doubt that a smart crypto-dude could create a bulletproof protocol that handles this just fine. I mean, it's not like it's the first time anyone has ever needed to transfer an encrypted password.
Are you claiming that wikipedia should only use material that is published on the internet as a source? That's the stupidest thing I ever heard. Much of the information on wikipedia isn't available on the internet, and that's not a bad thíng. Incase you haven't noticed, factswise, the internet sucks. Books, articles, filmclips, that sort of thing is generally much more reliable. And no, not everyone can always verify every source, that's not important, what's important is that someone can.
You say: "then what is the difference between Wikipedia and Brittanica or other encyclopedias?" Are you claiming that because wikipedia can be edited by everyone and that it is online should have less sources available to it than Brittannica? All of us working on it are working for it to become as good as brittannica. As long as a source is reliable it's a good source. That doesn't mean we let all verifiable information through, we don't allow archival sources for instance, because that would break the No Original Research policy.
What if a biography of someone notable were only written in mandarin, and that was the only really reliable source. Are you saying that we shouldn't have an article on that person? Even though they clearly belong in the encyclopedia, and there is a great reliable source for it, that only 700 million people could read? Saying that all sources has to be available for everyone is so mindblowingly insane that I'm surprised that anyone would bring it up.
You should read up on some of Wikipedia's policies before you make an embarresment out of yourself again.
Touché
Neither of you probably know very much about wikipedia. We do remind users that every edit needs a reference, and it doesn't matter whether everyone can read it or not by everyone, aslong as it is verifiable by someone. Also we already block ranges and it is forbidden to edit using open proxies, we have loads of them idenfinitly blocked.
You shouldn't trust these kinds of articles about wikipedia, they almost always get things wrong.
Don't worry, MS will be here for a long time.
Or did I just miss a joke? :P
A couple of years ago we found out that if one was inclined to spend a few dozen million dollars, one could build a machine that could crack DES in 7 hours. Lets take that machine and hype it up to overdrive: let's assume that we could solve a DES cipher in one femtosecond (that is one quadrillionth of a second or 10^-15 or 0.000000000000001 seconds). This is far, far faster than the combined speed of all computers in the world (and I mean FAR FAR faster, you'd need like all the atoms in the solarsystem to build that computer). How long would it take that computer to crack an AES cipher?
Well, lets see: DES has a 56 bit key, AES has a 256 bit key. Lets assume that it takes equal amounts to try a key on both ciphers (which it almost does, I think AES is about 2 times faster, but that wont matter much so it's a reasonable simplification). That would mean that it would take (10^-15)*2^(256-56) femtoseconds to solve. How much is that? Well we can easily convert it to years: (10^15*2^200)/(femtoseconds in a second * seconds in an hour * hour in a day * day in a year)= (10^-15*2^200)/(10^15 * 3600 * 24 * 365) = 50955671114250072156962 years.
I'll say it again: Using impossible supercomputer-power that is unimaginably fast, it would take 50955671114250072156962 years to crack a standard, run of the mill, WPA2 connection with any old router (assuming you selected a good password.) Which is reassuring since the universe is only about 13700000000 years old.
Can you promise me that you will never again utter those mindblowingly stupid comments that say "Ofcourse the NSA can crack modern ciphers!" Can you reassure me that, or will you simply ignore this message and pretend you never saw it?
That wont be NEAR enough, you'd need a couple of thousands of those to get the speed to under a millenia. Look, modern cryptography is MINDBLOWINGLY STRONG. Stronger than you can ever imagine.
Ahh, crap, I just got the joke! Didn't I rudely put you down a while ago? Well, you got you're revenge now, but know this: we shall meet again! Sleep with one eye open!
:D
I am actually listening to Science Friday already, I'm a bit of an NPR junkie (which is completly bananas considering I've never even been outside Europe :P), but I'll try All Songs COnsidered. Cheers!
Take the computer software analogy: just because IE is released for free for everyone to download, it does not mean that it isn't copyrighted. Or take a book analogy: say that a writer starts handing out his books for free, that still doesn't mean that a publisher can without permission start printing copies of it. That would be copyright infringment. Or take an internet analogy: even if someone writes a stellar article on dungbeetles somewhere on the internet, available for free, it would still be illegal to put that up on Wikipedia because the original author owns the copyright on the text.
Unless they release the docs under some sort of neat little license (CC, GFDL, PD,...) you can't just copy someone elses work and give it to others. Have the RIAA taught us nothing?
The greatest one of all however is Filmspotting (formerly Cinecast), a movie podcast which frankly is the best reviewers in all of media. A normal review contains what, 3-4 minutes of discussion, maybe 6-7 if it's an article. The Filmspotting guys routinely talk for seventeen (17!) minutes about a movie, incredibly smart and intellectual discussion that really dives deep into actors, scripts, direction, theme, etc. of every movie it reviews. That is what makes podcasting great, by not being contrained by a corporation, people are free to create their own formats, and have complete creative control. Most often that means it's gonna suck, but when it doesn't you get something like Filmspotting which is frankly unparalelled in quality.
....get gamespots The Hotspot. It's a little silly, but they do have the by far best insights and discussions of any gaming podcast I've listened to. That, and it's really fun :P
What the hell is "the shape of pi"?
Ofcourse I have! I heard about it 5e10^-1 years ago!
Emm, no, they couldn't. Even if the NSA had double the computing power of the rest of the world, it would still take them millions of years to crack modern ciphers. So no, it aint possible
Wouldn't injecting pure caffeine directly in the bloodstream work better?
Either write 1*10^-9 or write 1e-9, you look like a dilettante if you mix scientific and exponential notation.
You do know of this great protocol called Wi-Fi Protected Access, or WPA, don't you? You refer to something called WAP which I can only assume you mean to be the Wireless Application Protocol that cellphones use. Anyway, WPA is secure. It really is. Use a good password (25+ characters with some numbers and %"#&-characters) and there is not a force in the universe that can crack your password.
Yes exactly! The NSA also developed the SHA hashing algorithms, and they are great even though there might be some trouble with SHA-1
Damn that karma! I agree with you, I got a good chuckle out of it!