Comment Re:You're doing it wrong... (Score 1) 240
Now, where did I put my tinfoil hat?
You left it in the microwave after your last tanning session..
Now, where did I put my tinfoil hat?
You left it in the microwave after your last tanning session..
Don't put an unopened bottle or can of soda in a microwave. Or at least not in a microwave you ever want to use again.
Also, don't put your phone in gas oven, or on a hot griddle.
Similarly, don't touch anything hot enough to cook, and don't stick a knife into your gut.
You forgot: Never play Russian Roulette with an automatic....
>Encryption is ALWAYS breakable by brute force.
Granted.... AND it's a TOTALLY unusable technique in most cases... It's REALLY HARD to do in the real world which is why I didn't put in an exception to my statement.
Ok.. One time pads... So you going to remember that to unlock your phone?
Practical encryption is ALWAYS crackable. (OTP usually CAN be hacked by attacking the pad generation and distribution process, but if you do that right, not crackable. It's just that it is REALLY hard to do it right.)
Actually, it is not. In reality, a 256 bit key can not be brute forced because of physics - especially the second law of thermodynamics. One of the results of this law is that information needs energy to be represented. In an ideal computer, the representation of one bit requires kT energy, where k is the Boltzman constant and T is the temperature. Let's assume we can operate at the average temperature of 3.2 Kelvin, the average temperature of the universe. The required energy to represent a bit in this case would be around 4.416*10-23 Joule. The annual amount of energy that our sun emits is about 1.21*10^34 Joule. Dividing this with the per bit-change energy, we could provide power for our ideal computer to perform 2.74*10^56 bit changes. This is just about enough to have a 187-bit counter go through all its states. This does not include the energy needed for the computations to test each key (our counter state in this case) for correctness. A 256 bit counter would require ~400.000.000.000.000.000.000 stars like our sun just to represent in the counter of our ideal computer. Or, to say it in the words of Bruce Schneier: "...brute force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space". Note: I am not talking about potential attacks against the algorithms here, etc. only pointing out that encryption is definitely not ALWAYS breakable by brute force.
I have no clue what all the above really means.... If you are saying that 256 bit keys are hard to break, I would concur. If you are saying that it would take a long time, I would again agree. However, if you look at "possible" it is totally possible to brute force a 256 bit key, it just takes TIME to do, LOTS of time OR lots of computers. Either way, it is perfectly possible... Now it may take a LOT of computers (more than are physically possible) or it may take a LONG time (more than we likely have before the sun destroys the earth) but that is all about being practical and not about being possible.
Encryption is ALWAYS breakable by brute force. Question is how long does it take? Seconds? Hours? Months? Years? Decades? This is usually determined by key sizes. The longer the key, the longer it takes to brute force. (generally)
Um, not quite, one time pads are provably impossible to break by brute force since the message can be decoded into any message of the right length.
One Time Pads are incredibly difficult to implement because you have to securely distribute the pads AND you have to make sure your pads are indeed random. So, for use on any kind of digital device, nobody can usually afford to use a One Time Pad for encrypting their phone.
I had assumed that the context ruled out the One Use Pad, so I didn't put an exception in for that. Sorry.
It either can or can't be done. Almost impossible means it still can be done.
Encryption is ALWAYS breakable by brute force. Question is how long does it take? Seconds? Hours? Months? Years? Decades? This is usually determined by key sizes. The longer the key, the longer it takes to brute force. (generally)
So, riddle me this batman... If you store the key on the device and read it automatically on boot, how's that protect you? Or are you saying that it's on an external device so I now have to keep the "key" around to boot my phone? One offers zero protection, the other consumers will hate.
See this is what usually happens...The consumer doesn't want two devices to manage, they want one. We implement strong encryption using long keys, then we store these keys someplace "on the device" and protect them with a 4 digit pin. Consumers demand it. So we've really reduced the protection level of all that nifty encryption to that of a 4 digit encryption key.
Sort of like what happened to WEP.... It used good encryption (in fact we STILL use the same encryption for the most part) it just bungled the key management side of things to make it useable by consumers. (OK, they did some other stuff wrong too, but the problem was key management..)
So, I'm not saying that having a "boot key" device, simiar to an RSA token isn't a bad idea, I'm saying that most users won't stand for having something separate from their phone that they need to power it on, nor will they suffer though entering sufficiently long and complex passwords.
And if you think I'd ever willingly put non encrypted data in any sot of could you're dreaming.
I thought this was about ON THE HANDSET encryption?
Which leads you to the key hiding problem.... Keys need to be plain text to be used, so they are in memory when you have a device that is encrypted. Which leads you to the problem of how to get a sufficiently complex key into the device on boot? Providing keys is where most crypto systems start to break down, and people do stupid stuff like reduce everything to a 4 digit pin or some such nonsense...
Screw them both.
What about their customers?
That's what MySQL is for...
The Wicked Witch is dead!
Apparently not, just replaced with two of her minions. She's still going to be there doing "product development" or some such. My guess is the two minions will take the fall for Ellison's mistakes.
It's happened 65 thousand times according to this article. You can't assume that just because someone can't afford a lawyer that they're guilty.
Seizure of property perhaps. Unjustified seizure of property, not so often. I've only heard of ONE case myself where the seizure was found to be unjustified.
So are you claiming that some people just let the property go when it wasn't a justified seizure? Can you produce examples? I'm sure there are organizations that would be happy to fund the legal bills to get their property back as what you suggest is a violation of the 5th amendment.
Happiness is twin floppies.
