Personal data need to be treated as government certification of Secret documents, or at least give it Collateral classification level treatment.
You're kidding, right? Then practically every employee in the student services and financial aid offices would need a US Government security clearance, and none of the computers there could be connected to the internet.
"We prove that our design is immune to differential and linear cryptanalysis"
See Bruce Schneier's "Snake Oil", Warning Sign #8: Security proofs.
Two things: number one, you can prove immunity to these two kinds of attacks, in a formal, rigorous way. That doesn't mean there are no attacks, but it's decent evidence of security.
Number two, proofs of security are a very good thing. Just because snake-oil salesmen claim to have "proofs of unbreakability" does not mean that security proofs are bad. A rigorous proof of security against a well-specified, formal attack model should inspire lots of confidence. Without security proofs, cryptography would still just be mostly ad-hoc-ery.
OK, so I'm an idiot in maths, and I've read about prime numbers and cryptography and how predicting prime numbers can help crack encrypted material, so is this development of any significance with cryptography?
It isn't, at least not for the near future.
Editors of magazine articles for lay people seem to have some algorithm which scans for the phrase "prime numbers" and automatically adds a clause "the research may have applications in cryptography." (They did the same thing with the efficient deterministic primality test of a few years ago -- but honestly, it didn't much affect crypto directly in any significant way. We already had good enough primality testers.)
I have never seen anything in cryptography that has anything remotely to do with partitions of numbers. That isn't to say that there never will be, but there sure isn't any direct application of this research today.
With that said, one can never predict what insights might be useful in the future. Everything that improves our understanding of number theory could help somewhere down the line.
Re:Our Fearless Leaders at Work
on
Juiced
·
· Score: 1
Now with what I said above, it would be o.k. if the journalists signed a contract with their newspaper publisher that held them to a certain level of accountability.
This private contract has nothing to do with Congress, much less Congress's "Government Reform Committee." It's farther out of their jurisdiction than right field.
I work for the federal goverment
Fine, but journalists and ball players don't.
You keep saying "accountability," but accountability is up to the parties involved in the contract. If players broke the bargaining agreement by using steroids, the owners have plenty of resources to demand accountability, if they so choose. This is none of Congress's business.
Re:Our Fearless Leaders at Work
on
Juiced
·
· Score: 1
Baseball is exempt from some anti-trust laws.
But this is totally irrelevant.
Just because your employer (the MLB club owners) benefits from being exempt from some regulation does not make it OK for Congress to start sticking its nose into how you, the employee, do your job.
Under such reasoning, it would be OK to subpoena journalist's drug tests because the newspapers that employ them enjoy exemptions from campaign-finance regulations or media-ownership rules.
Should Congress demand drug tests from all of IBM's programmers to make sure they they aren't using amphetamines during their late-deadline programming binges?
No, the point is that you most likely supported trashing the constitution, and are only opposing it now because "Them Evil Republicans" are doing it.
You don't know me, and furthermore you are wrong.
This conversation is not about me, so I will not answer your specific policy questions. However I will say that the federal government (especially the executive branch) grossly exceeds its legitimate authority in all the areas you mentioned, and I don't care whether an "R" or "D" did it in the first place.
President Lincoln suspended the right of habeas corpus entirely... and the right was later reinstated at the end of the war.
Oh good. Then it's just a matter of waiting for the government to declare an official end to the War on Terror. Should be any moment now...
Certainly those who protest the PATRIOT Act now must recognize the horrendous erosions of civil liberties that occurred in the previous Administration under the guise of the "war on drugs" including no-knock warrants and other practices.
Yes, we do. Your point?
Oh, I think I see your point: previous administrations have trashed the Constitution, so it's OK for this one to as well.
Some comments (that I have not seen emphasized much) about all this SHA-1 stuff:
The fact that there is a 2^{69}-time attack (versus a 2^{80} naive attack) on SHA-1 may only be the tip of the iceberg. Once the methods of attack are published and studied widely, other more efficient attacks may be found (historically, this is more likely than not). Saying "we're still safe; the attack is too slow and doesn't find a second preimage" is very naive.
Hash algorithms like SHA-1 are used for more than just digital signatures. They are often used to achieve certain strong properties (like chosen-ciphertext security) in some public-key encryption algorithms (like OAEP). So saying "this only affects signatures" is wrong -- we don't yet know what effect these attacks might have on the security of the many other cryptographic schemes and protocols that use hashing primitives.
Pratically, they're mostly used in military-grade real-time encryption in the hash keys of secured phones.
This sounds like some gobbledegook. Most Mersenne primes are too large and too rare to have any real cryptographic significance today. Can you back up this claim at all?
...the Boston Globe article says that it comes up to a vote of the faculty today. So it hasn't been approved yet, but probably will... (?)
The real question is which course number it would take! My guess is XIII (formerly ocean engineering), which was dropped late last year. Yep, lucky Course 13.
It says (right in the headline!) that BME is a minor, and BE might become a major.
Re:Not a problem (yet)
on
SHA-1 Broken
·
· Score: 1
Can you make the length of the hashed data to be equal?
If the attack is anything like the team's prior MD5 attack, then yes -- in the collision they generated, both messages were the same length.
Also, it's worth noting that the message length is appended as part of the "padding" when hashing. So actually, looking for colliding messages of the same length is, in a sense, the "easier" way to go about it.
Summary: checking message length adds nothing to the security.
Re:Info on what exactly SHA-1 is ...
on
SHA-1 Broken
·
· Score: 1
SHA-1 is not used for encryption, it is used for message authentication.
SHA-1 is used for what it is used for. It is a hashing primitive. Hashing primitives are used for encryption too; e.g., for achieving chosen-ciphertext security via OAEP.
I was very happy with KnoppMyth, but Hauppauge changes their hardware around so often that KnoppMyth isn't entirely plug-n-play.
The PVR-350 that I got was the newest version, so I had weird "color issues" and had to download new ivtv drivers (and feed them non-default arguments). Also, the new PVR-350s come with a cooler remote, but it has different IR codes. So I had to find a config file for those too.
Still: MythTV is awesome, KnoppMyth is fantastic, and I love my time-shifting:).
The TPM is supposedly very tamper-resistant, not just a piece of solid-state memory holding the keys. This should make physical attacks very expensive and labor-intensive.
What makes you think these products where coded by chimps?
Well, the researchers discovered that the proprietary cipher that underlies the system is pretty lousy -- it's not particularly fast, and it may have structural flaws. You don't have to be a "chimp" to construct a bad cipher, but ignoring something like AES or the many other peer-reviewed ciphers is pretty dumb.
But using this excuse, researchers can prevent me and others from implementing a faster attack, or even finding an attack of smaller complexity -- this is a Feistel cipher, so it shares some structure with DES and thus some similar attacks (linear, differential cryptanalysis) might apply.
And you're right to say so -- in fact, the paper mentions that the cipher may have some structural weaknesses, so it's legitimate to want to know the details.
My guess is that if you asked the authors for the full spec, you'd get it. I don't know whether that's sufficient to satisfy those "established principles of academia" or not.
... is that they reverse-engineered the design of the cipher using just black-box access!
Reverse-engineering can be easy enough when you have some assembly code or a piece of hardware, but these guys figured out the internals just by looking at input/output pairs. (OK, they had a rough description of the design, but it was lacking almost all details and was even inaccurate in places.)
That's really clever -- and really underscores the idea that "security through obscurity" tends to fail terribly. (TI probably thought that the use of a proprietary cipher provided a lot of security, so they didn't worry so much about key length. Foolish, but common, reasoning.)
Challenge-response isn't inherently more secure than an auto-updating number based on time. Both are basically implementations of a pseudo-random function. With the auto-updater, the current time is essentially the challenge. And not having to type/scan in an explicit challenge is a lot more usable.
FB: Would you sign and promote a petition or an initiative for free access to hardware specifications?
RMS: I'd endorse any sort of nonviolent democratic political activity to promote such a law.
Of course, such a law (like all laws) would have to be backed up by violence -- don't obey it, have your freedom or property taken away. I think it's disingenuous for RMS to claim the high road of "non-violence" while advocating exactly the opposite.
Except for this, I think his stances are in general very admirable.
Slashdot Mirror
Personal data need to be treated as government certification of Secret documents, or at least give it Collateral classification level treatment.
You're kidding, right? Then practically every employee in the student services and financial aid offices would need a US Government security clearance, and none of the computers there could be connected to the internet.
"We prove that our design is immune to differential and linear cryptanalysis"
See Bruce Schneier's "Snake Oil", Warning Sign #8: Security proofs.
Two things: number one, you can prove immunity to these two kinds of attacks, in a formal, rigorous way. That doesn't mean there are no attacks, but it's decent evidence of security.
Number two, proofs of security are a very good thing. Just because snake-oil salesmen claim to have "proofs of unbreakability" does not mean that security proofs are bad. A rigorous proof of security against a well-specified, formal attack model should inspire lots of confidence. Without security proofs, cryptography would still just be mostly ad-hoc-ery.
Dr. Summers' (Harvard) comments that women are inherently less able to succeed as scientists
He didn't say that, or imply it. He said that one reason (among 3 he listed) for women's under-representation in science may be inherently genetic.
Think what you will of that hypothesis -- but don't blatantly misattribute.
OK, so I'm an idiot in maths, and I've read about prime numbers and cryptography and how predicting prime numbers can help crack encrypted material, so is this development of any significance with cryptography?
It isn't, at least not for the near future.
Editors of magazine articles for lay people seem to have some algorithm which scans for the phrase "prime numbers" and automatically adds a clause "the research may have applications in cryptography." (They did the same thing with the efficient deterministic primality test of a few years ago -- but honestly, it didn't much affect crypto directly in any significant way. We already had good enough primality testers.)
I have never seen anything in cryptography that has anything remotely to do with partitions of numbers. That isn't to say that there never will be, but there sure isn't any direct application of this research today.
With that said, one can never predict what insights might be useful in the future. Everything that improves our understanding of number theory could help somewhere down the line.
Now with what I said above, it would be o.k. if the journalists signed a contract with their newspaper publisher that held them to a certain level of accountability.
This private contract has nothing to do with Congress, much less Congress's "Government Reform Committee." It's farther out of their jurisdiction than right field.
I work for the federal goverment
Fine, but journalists and ball players don't.
You keep saying "accountability," but accountability is up to the parties involved in the contract. If players broke the bargaining agreement by using steroids, the owners have plenty of resources to demand accountability, if they so choose. This is none of Congress's business.
Baseball is exempt from some anti-trust laws.
But this is totally irrelevant.
Just because your employer (the MLB club owners) benefits from being exempt from some regulation does not make it OK for Congress to start sticking its nose into how you, the employee, do your job.
Under such reasoning, it would be OK to subpoena journalist's drug tests because the newspapers that employ them enjoy exemptions from campaign-finance regulations or media-ownership rules.
Should Congress demand drug tests from all of IBM's programmers to make sure they they aren't using amphetamines during their late-deadline programming binges?
... Google's server farm has failed so miserably.
No, the point is that you most likely supported trashing the constitution, and are only opposing it now because "Them Evil Republicans" are doing it.
You don't know me, and furthermore you are wrong.
This conversation is not about me, so I will not answer your specific policy questions. However I will say that the federal government (especially the executive branch) grossly exceeds its legitimate authority in all the areas you mentioned, and I don't care whether an "R" or "D" did it in the first place.
President Lincoln suspended the right of habeas corpus entirely ... and the right was later reinstated at the end of the war.
Oh good. Then it's just a matter of waiting for the government to declare an official end to the War on Terror. Should be any moment now...
Certainly those who protest the PATRIOT Act now must recognize the horrendous erosions of civil liberties that occurred in the previous Administration under the guise of the "war on drugs" including no-knock warrants and other practices.
Yes, we do. Your point?
Oh, I think I see your point: previous administrations have trashed the Constitution, so it's OK for this one to as well.
They're both delicious.
Pratically, they're mostly used in military-grade real-time encryption in the hash keys of secured phones.
This sounds like some gobbledegook. Most Mersenne primes are too large and too rare to have any real cryptographic significance today. Can you back up this claim at all?
...the Boston Globe article says that it comes up to a vote of the faculty today. So it hasn't been approved yet, but probably will ... (?)
The real question is which course number it would take! My guess is XIII (formerly ocean engineering), which was dropped late last year. Yep, lucky Course 13.
It says (right in the headline!) that BME is a minor, and BE might become a major.
Can you make the length of the hashed data to be equal?
If the attack is anything like the team's prior MD5 attack, then yes -- in the collision they generated, both messages were the same length.
Also, it's worth noting that the message length is appended as part of the "padding" when hashing. So actually, looking for colliding messages of the same length is, in a sense, the "easier" way to go about it.
Summary: checking message length adds nothing to the security.
SHA-1 is not used for encryption, it is used for message authentication.
SHA-1 is used for what it is used for. It is a hashing primitive. Hashing primitives are used for encryption too; e.g., for achieving chosen-ciphertext security via OAEP.
I was very happy with KnoppMyth, but Hauppauge changes their hardware around so often that KnoppMyth isn't entirely plug-n-play.
:).
The PVR-350 that I got was the newest version, so I had weird "color issues" and had to download new ivtv drivers (and feed them non-default arguments). Also, the new PVR-350s come with a cooler remote, but it has different IR codes. So I had to find a config file for those too.
Still: MythTV is awesome, KnoppMyth is fantastic, and I love my time-shifting
The TPM is supposedly very tamper-resistant, not just a piece of solid-state memory holding the keys. This should make physical attacks very expensive and labor-intensive.
What makes you think these products where coded by chimps?
Well, the researchers discovered that the proprietary cipher that underlies the system is pretty lousy -- it's not particularly fast, and it may have structural flaws. You don't have to be a "chimp" to construct a bad cipher, but ignoring something like AES or the many other peer-reviewed ciphers is pretty dumb.
But using this excuse, researchers can prevent me and others from implementing a faster attack, or even finding an attack of smaller complexity -- this is a Feistel cipher, so it shares some structure with DES and thus some similar attacks (linear, differential cryptanalysis) might apply.
And you're right to say so -- in fact, the paper mentions that the cipher may have some structural weaknesses, so it's legitimate to want to know the details.
My guess is that if you asked the authors for the full spec, you'd get it. I don't know whether that's sufficient to satisfy those "established principles of academia" or not.
... is that they reverse-engineered the design of the cipher using just black-box access!
Reverse-engineering can be easy enough when you have some assembly code or a piece of hardware, but these guys figured out the internals just by looking at input/output pairs. (OK, they had a rough description of the design, but it was lacking almost all details and was even inaccurate in places.)
That's really clever -- and really underscores the idea that "security through obscurity" tends to fail terribly. (TI probably thought that the use of a proprietary cipher provided a lot of security, so they didn't worry so much about key length. Foolish, but common, reasoning.)
Challenge-response isn't inherently more secure than an auto-updating number based on time. Both are basically implementations of a pseudo-random function. With the auto-updater, the current time is essentially the challenge. And not having to type/scan in an explicit challenge is a lot more usable.
From the interview:
FB: Would you sign and promote a petition or an initiative for free access to hardware specifications?
RMS: I'd endorse any sort of nonviolent democratic political activity to promote such a law.
Of course, such a law (like all laws) would have to be backed up by violence -- don't obey it, have your freedom or property taken away. I think it's disingenuous for RMS to claim the high road of "non-violence" while advocating exactly the opposite.
Except for this, I think his stances are in general very admirable.
From the nytimes article:
It separated students into seven groups, ranging from Level 6, the best, to Level 1, which the authors viewed as a minimal level of competence.
(Note: don't flame me for illiteracy; I see that the next sentence implicitly defines a "Level 0"...)
Since RMS's office is now in the Gates building...
Actually, it's not -- it's between the Gates and Dreyfoos Towers, but "officially" on the Dreyfoos side. See?