I live in Europe, and have been doing my ordering from amazon.co.uk. When I order from the US, I have the choice of paying +/- %15 shippig charges or wait 5 weeks for my books to get here.
Unfortunately there doesn't seem to be a working web mailorderhouse that sells English books in my country (.nl).
So... Does anyone know of a good alternative to Amazon? One that lives on my side of the pond.
SSH is somewhat secure against MTM
on
SSH v. SRP
·
· Score: 1
The only time a man-in-the-middle attack would work with SSH is the first time you connect to a host. Any time after that your SSH client will compare the host's key to what it has stored in ~/.ssh/known_hosts.
SRP seems to be an authentication protocol. A promising one, but just that, nothing more nothing less.
SSH on the other hand is a very useful application offering secure communications to another host. Keep in mind that SSH's password authentication happens after the encrypted channel has been set up. This means that the password can only be intercepted if the crypto fails.
SRP's security is based on similar cypro primitives as SSH's, so if the magic crypto hack we're all looking for gets found both will be useless.
While quickly scanning the Bluetooth spec, I see some potential problems:
The designers of the cryptosystem seem to think that 64 bits is enough for general use. This does not bode well.
The spec does not mandate a known-good random number generator. It has been shown in the past that designing one is a very difficult task that few people do right the first time. This opens the way for lame randomnumber generators in devices.
I have not been able to find any good references to the crypto algoriythm used. This, again, is not a good sign. Remember GSM anyone?
The spec claims Bluetooth uses a modified SAFER for authentication. Bruce Schneier has this to say about SAFER: SAFER was designed for Cylink, and Cylink is tainted by the NSA. I recommend years of intense cryptoanalysis before using SAFER in any form.
These things do not fill me with confidence.
Disclaimer: I am not a cryptographer. Someone with more clue than me is more than welcome to show me the errors of my ways
Slashdot Mirror
No, my friend, you miss the point. Nowhere in the GPL it says that I should buy RMS's silly politics when I use GPLed software.
Is this once again a case of /. posting articles accusing people of Evil Deeds without checking the other side of the story?
Looks like it.
Maybe you should change the subtitle to "News for Nerds. Stuff that matters. Bad journalism."
I live in Europe, and have been doing my ordering from amazon.co.uk. When I order from the US, I have the choice of paying +/- %15 shippig charges or wait 5 weeks for my books to get here.
Unfortunately there doesn't seem to be a working web mailorderhouse that sells English books in my country (.nl).
So... Does anyone know of a good alternative to Amazon? One that lives on my side of the pond.
The only time a man-in-the-middle attack would work with SSH is the first time you connect to a host. Any time after that your SSH client will compare the host's key to what it has stored in ~/.ssh/known_hosts.
SSH on the other hand is a very useful application offering secure communications to another host. Keep in mind that SSH's password authentication happens after the encrypted channel has been set up. This means that the password can only be intercepted if the crypto fails.
SRP's security is based on similar cypro primitives as SSH's, so if the magic crypto hack we're all looking for gets found both will be useless.
These things do not fill me with confidence.
Disclaimer: I am not a cryptographer. Someone with more clue than me is more than welcome to show me the errors of my ways
Ha! I bet these dudes had shorted YHOO and expected that Yahoo stock would drop like a stone on the news and they could make a bundle.
YHOO up 18 7/8 today
Muhahahaha
How can AMD ship this thing on time? They haven't even announced a shipping date for this thing yet.
It's nothing more than a marketing gimmick.
Well, they could start by getting out more often.
This is *not* an interview. This is Paul Ferris' *very* subjective report of a conversation he had with the LinuxOne CTO.
This is the worst bit of journalism I've seen in ages.
There is actually:
Black holes can be electrically charged, and can therefore be moved using magnetic fields.
Why is it that some (fortunately not all) of you linux zealots feel so threatened every time there's a new FreeBSD release?
Get the jpegs and tiffs over here.
NASA also has a mailinglist which announces the daily headlines, which is very cool, as there's something waiting for me nearly every morning :)