Comment Kernel, bah! (Score 1) 128
What about an Emacs package? Or does the band not speak with a Lisp?
What about an Emacs package? Or does the band not speak with a Lisp?
It's always fascinating to find yet another way one differs from hundreds of millions or even billions of other people.
Music to be pwned by.
That doesn't seem to be true.
The Many Flaws of Dual_EC_DRBG
Back in 2004-5, NIST decided to address a longstanding weakness of the FIPS standards, namely, the limited number of approved pseudorandom bit generator algorithms (PRGs, or 'DRBGs' in NIST parlance) available to implementers. This was actually a bit of an issue for FIPS developers, since the existing random number generators had some known design weaknesses.*
NIST's answer to this problem was Special Publication 800-90, parts of which were later wrapped up into the international standard ISO 18031. The NIST pub added four new generators to the FIPS canon. None these algorithms is a true random number generator in the sense that they collect physical entropy. Instead, what they do is process the (short) output of a true random number generator -- like the one in Linux -- conditioning and stretching this 'seed' into a large number of random-looking bits you can use to get things done.** This is particularly important for FIPS-certified cryptographic modules, since the FIPS 140-2 standards typically require you to use a DRBG as a kind of 'post-processing' -- even when you have a decent hardware generator.
The first three SP800-90 proposals used standard symmetric components like hash functions and block ciphers. Dual_EC_DRBG was the odd one out, since it employed mathematics more that are typically used to construct public-key cryptosystems. This had some immediate consequences for the generator: Dual-EC is slow in a way that its cousins aren't. Up to a thousand times slower.
Now before you panic about this, the inefficiency of Dual_EC is not necessarily one of its flaws! Indeed, the inclusion of an algebraic generator actually makes a certain amount of sense. The academic literature includes a distinguished history of provably secure PRGs based on on number theoretic assumptions, and it certainly didn't hurt to consider one such construction for standardization. Most developers would probably use the faster symmetric alternatives, but perhaps a small number would prefer the added confidence of a provably-secure construction.
I don't remember if I've seen that link before, but thanks for sharing it. That is a great explanation, and reinforces the point I've been making.
The Many Flaws of Dual_EC_DRBG
The 'back door' in Dual-EC comes exclusively from the relationship between P and Q -- the latter of which is published only in the Dual-EC specification.
Why don't you ask Interop why they basically returned a Class A network address block?
Interop Returns 16 Million IPv4 Addresses
Interop gives back a month’s worth of IPv4 addresses
Apparently Interop, the holder of the 45.x.x.x block since 1995, no longer needs that much space. They're now returning 99 percent of it to ARIN, the American Registry for Internet Numbers, which handles IP address distribution in North America. Interop is holding on to a small fraction of the 45/8 block that's currently in active use.
Your point is wrong. Much of the internet is reached by client nodes using NAT now.
Does your internet have any firewalls on it?
Client nodes reach the public internet just fine using NAT.
You could keep Dual_EC_DRBG by updating the standard to have a new set of constants just like you can update the standard to remove Dual_EC_DRBG entirely. It isn't that hard.
I never claimed that the existing constants were created via an open process. What I pointed out is that a new set of constants could be created by an open process and that addresses the trust issue.
That would have about as much effect as pissing into the ocean would have on raising sea levels.
That isn't completely true due to the high degree of leveraging that can occur with NAT. It only takes a relatively small number of public addresses to service millions of private IP client addresses. There are very large numbers of private IP addresses being wasted. One properly used Class A block could allow you to service many billions of client computers.
I agree that we do need to move to IPv6.
And hopefully more large companies and organizations that hold large blocks of public IP addresses will start moving to private IP addresses and release the public IP addresses for use by others. I know some places that have large numbers of systems with public IP addresses that are behind firewalls and really have no business having a public IP address on those systems anymore.
Oh dear, did something I wrote bruise your feelings at some point? That's too bad. What is worse is that you don't understand that establishing the facts is a different question than making an assessment. You don't seem to be up to judging my thought process at the moment.
The Current Science that we have, with the technology and Anthropology we have, rules out the possibility of the Christian religion having any basis in reality. It doesn't rule out the possibility a god exists. It only means that the current dominant Abrahamic religions are not realistic descriptions of the universe we live in.
Which science is that then? Is it the science that claims we live in a multiverse where there are infinite universes where every possibility happens? Is it the science that claims our universe is a hologram? Is it the science that claims we popped into existence through a fluctuation in quantum probability? Is it the science that claims to explain what the universe is and how it came about, except that it doesn't know what the dark matter and dark energy are that constitute the overwhelming majority of it
Perhaps you should prepare yourself for further "refinement" in the understanding of science on various matters?
But these religions justify how we treat other people, why certain social groups are stigmatized, and have a heavy impact on who are leaders are, what our laws are, how we raise our children, and the legitimacy of the standing governments. If the Religions aren't true, then there is no justification for the political positions of MANY people in the US Government.
Shall we contrast Marxism or Marxist-Leninism which has been claimed to be a "science" by countless millions over the last century, and which has been the governing philosophy for a large percentage of the earth's population into the 1990s (and still governs China and three lesser nations) with the Bible? Marxist principles (14:16-23:16) call for the destruction of the class enemy in the revolutionary struggle, and the destruction of primitive societies that were too far behind to catch up with the revolutionary struggle which at the time would have included groups such as the Serbs, Bretons, Basques, and Scottish Highlanders. The National Socialists, another set of socialists inspired by Marx, exterminated the "unfit," the deformed, gays, Jews, and many others.
Should we branch off into the Progressives and their ideas about eugenics?
And what of the Bible?
One of the teachers of the law came and heard them debating. Noticing that Jesus had given them a good answer, he asked him, “Of all the commandments, which is the most important?”
“The most important one,” answered Jesus, “is this: ‘Hear, O Israel: The Lord our God, the Lord is one. Love the Lord your God with all your heart and with all your soul and with all your mind and with all your strength. The second is this: ‘Love your neighbor as yourself. There is no commandment greater than these.” -- Mark 12:28-31
Your views seem very questionable on both the science and the question of religion.
You should have read the next line. Apparently you aren't there yet.
Once you understand that you can apply your suspicions.
The problem isn't the algorithm. The "problem" is specifically a question of trust in how the constants for the curve were developed. There is no backdoor if you don't create one from the start. The possibility of there being one is gone if you have an open process to create the curve values in which a backdoor isn't created. At that point the remaining issue is performance. Up till now there have been three other RNGs in the standard if you don't like Dual_EC_DRBG. Yes you can compare the situation to DES because the issue in question is the same in both cases: trust in the body creating the standard. The fact that they are different types of encryption is meaningless. Either NSA did or didn't backdoor DES. Either NSA did or didn't backdoor Dual_EC_DRBG. There is now enough accumulated knowledge and evidence to say that they didn't backdoor DES. We may never know about Dual_EC_DRBG. Suspicion is reasonable, claims of knowledge aren't unless you worked at NSA on that standards effort unless you want to say you "just know."
He has not acquired a fortune; the fortune has acquired him. -- Bion