Meanwhile the Italian labor union RSU is planning a virtual protest in response to pay negotiations that might result in an employee pay cut. The protest is currently planned for 9/25 at IBM's corporate campus in Second Life. Hopefully someone will youtube some of the action.
And I believe there was an SF story or two about how a computer could put up resistance to being unplugged
I found
The Adolescence of P-1 to be a good take on how that might play out. Interesting read given when it was written. This story was what inspired me to get into the field of AI and game theory.
As much as I love Apple and their ethics, it was overdue. The only way that Universal can lose is if they fail to market the new service they have selling the content.
I guess Apple found another way that NBC could lose. Apple has announced that they will not be carrying NBC's fall programming on iTunes. Good luck getting that new service up and running tomorrow.
This locks their customers into the current $500-$600 units forever, as you wouldn't want to buy a used one in 1 1/2 years.
I certainly will buy one used in a couple of years. It's a solder joint for pete's sake. Unsolder the old battery and solder in a new one with twice the storage capacity. Maybe I should see this as less of a comment and more of a business model. Total time: 15 minutes
Total cost: Probably about $20 including the case tool to open the iPhone
No guarantee that you will be able to avoid the problem. Consider the domain A-Z, the cipher function C:f(x) = (x + k) mod 26 and a shuffle function S:s(x) = swap(E(x),E(x+1)). In this case K13 = K1 + K3 and S remains unchanged.
I don't know much about encryption, so forgive me if this is a dumb question, but what does this mean apropos the security of other encryption techniques, like RSA or SSL/TLS? If it's so easy to crack AACS, what about the others?
First we need to realize that it is the communications protocol that is being attacked, not the encryption method. The underlying encryption used in AACS remains uncompromised. The difference is in the protocol and the amount of knowledge that the "attacker" has. In the case of SSL/TLS, the protocol used to establish the session key for the communications is designed to prevent an attacker from gaining access. The sender, receiver, and attacker are all distinct entities. In the case of AACS the receiver and the attacker are the same entity. It's just a matter of figuring out when and where to look to find the desired data. In this case they are recovering the cryptographic keys used in the decryption process. There was an attack against the DRM protection of itunes tracks that recovered the audio data frames right after decryption using breakpoints.
The whole thing is an exercise in tilting at windmills, yet the industry continues on in a Don Quixote like manner. So strange!
Using any decently random data at least as long as the file to encrypt it (even with something as simple as XOR)
You definitely want to use XOR! This allows you to have any number of "key" files that can be applied to the encrypted data. While one file will recover your real data, another file will cause the data to decode into a database of BBQ recipes that you want to keep from your family. If required to give up the key by the courts, you give them the second one. Just don't store the key CDs in the same place, and never, ever, ever reuse a key with a OTP.
PS - Real random data can be difficult to generate in the quantities needed. Plan ahead!
Encryption scheme are designed so that your clear text will become close-to-random garbage when encrypted.
If you crypt your text twice (or more) you modify the entropy of the encryption scheme, and the encrypted data will be not optimally close to random data
These two statements contradict each other. Can you see why? Hint: consider that the output from the first encryption is nothing more than the "clear text" of the second encryption.
I remember an episode of law and order, I think, that the guy had a computer in the room and had built some power magnets into the door frame.
If the computer was taken from that room it was wiped. Not sure how feasible it is, but sounds pretty cool.
It's feasible but not very practical. It can probably be done with sufficient power, but I think the authorities would notice that you were using more electricity than an average city block and that everything ferrous that they were carrying was now stuck to the door frame.
Sure it does - 2DES ~= DES in terms of security, while 3DES is better.
One of the things that you have to be concerned about when you apply an encryption method multiple times is whether the encryption function forms a particular type of group (in the number theory sense) known as an abelian group. If this is true, then the key strength is never greater than the size of a single key no matter how many times you encrypt things.
Consider encrypting data using a symmetric encryption algorithm F where Fe(C,K) means encrypt cleartext C using function F and key K. the proposed scheme then is E (our encrypted data) = Fe(Fe(C,K1),K2). Normally this is undone using Fd(Fd(E,K2),K1). Unfortunately if F forms an abelian group then there will be a third key K3 that has the property Fd(E,K3) = C. In other words, rather than needing the original two keys to decrypt the data, there is an equivalent third key that will will do the job using the algorithm F a single time. It doesn't matter how many times you encrypt using any number of different keys, there will be a single key that will decrypt the data. That key can be brute forced and the cipher is only as strong as a single key.
BTW DES does not form an abelian group. Neither does AES or Blowfish/Twofish.
As a first-time offender without a prior record, the Kent County prosecutor's office decided not to charge Peterson with a felony. Instead, he'll be enrolled in the county's diversion program.
He'll pay a $400 fine and do 40 hours of community service, but it will not go on his record.
Both the summary and the linked article are misleading. The original article has a lot more detail about this story.
I also found this bit interesting:
New York's Westchester County is trying a different tack. Their local government said it's up to WiFi subscribers to protect themselves against piggybackers. Businesses were told to secure their networks or pay a fine.
Packet shaping examines what you're downloading -- or more specifically, how you're downloading -- and restricts your download speed by up to 500 percent...
Must be that new math stuff I keep hearing so much about.
Shift builds on an existing technology known as Offset Cursor, which displays a cursor just above the spot a user touches on the screen. That allows a user to place their finger below the item they wish to choose so that they can see the item, rather than hiding it with their finger."
from TFA:
The Microsoft Research project, called Shift, automatically displays an image on
the screen above where users place their finger showing the area under the
users' finger. The image is circular and includes a small X. By toggling the tip
of the finger, users can move the X to place it on top of the item they want to
choose. Lifting the finger from the screen selects the item.
You still click where you point with your finger. The system just shows you a small "virtual" image of what is under your finger at the moment and also a virtual cursor for where your click will be registered. The virtual cursor allows for more fine grained control.
Are you willing to indemnify your users for any and all losses suffered by them due to a flaw/bug which you knew about but chose not to patch? If not, then patch it!
Before anyone gets too excited, you might want to note that "It is a set of scripts, rigs and models for 3D Studio MAX". Current list price for 3ds max? $3495.
Slashdot Mirror
Meanwhile the Italian labor union RSU is planning a virtual protest in response to pay negotiations that might result in an employee pay cut. The protest is currently planned for 9/25 at IBM's corporate campus in Second Life. Hopefully someone will youtube some of the action.
Total time: 15 minutes
Total cost: Probably about $20 including the case tool to open the iPhone
No guarantee that you will be able to avoid the problem. Consider the domain A-Z, the cipher function C:f(x) = (x + k) mod 26 and a shuffle function S:s(x) = swap(E(x),E(x+1)). In this case K13 = K1 + K3 and S remains unchanged.
The whole thing is an exercise in tilting at windmills, yet the industry continues on in a Don Quixote like manner. So strange!
PS - Real random data can be difficult to generate in the quantities needed. Plan ahead!
Hint: consider that the output from the first encryption is nothing more than the "clear text" of the second encryption.
Consider encrypting data using a symmetric encryption algorithm F where Fe(C,K) means encrypt cleartext C using function F and key K. the proposed scheme then is E (our encrypted data) = Fe(Fe(C,K1),K2). Normally this is undone using Fd(Fd(E,K2),K1). Unfortunately if F forms an abelian group then there will be a third key K3 that has the property Fd(E,K3) = C. In other words, rather than needing the original two keys to decrypt the data, there is an equivalent third key that will will do the job using the algorithm F a single time. It doesn't matter how many times you encrypt using any number of different keys, there will be a single key that will decrypt the data. That key can be brute forced and the cipher is only as strong as a single key.
BTW DES does not form an abelian group. Neither does AES or Blowfish/Twofish.
I also found this bit interesting:
Are you willing to indemnify your users for any and all losses suffered by them due to a flaw/bug which you knew about but chose not to patch? If not, then patch it!
Before anyone gets too excited, you might want to note that "It is a set of scripts, rigs and models for 3D Studio MAX". Current list price for 3ds max? $3495.