Become a fan of Slashdot on Facebook


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:This is more of authentication than encryption. (Score 1) 106

by ComaVN (#46107947) Attached to: Building Deception Into Encryption Software

Think of it as ROT-n encryption of random data, where n is the key

If you choose the wrong n, you'll still get blob of random data back, just not the correct one.

Now, the tricky part is in making sure the incorrect keys returns data that's hard to distinguish (meaning it can't be done automatically and/or quickly) from the correct plain text, when the plain text ISN'T random looking, but something like passwords, SSN, credit card numbers.

Comment: Re: How do we get Congress to sign up? (Score 1) 365

by ComaVN (#45141335) Attached to: Buried In the Source: "No Expectation of Privacy"

The money you pay in this kind of insurance is ALWAYS more than the expected cost for an individual (ie. the chance they actually have to pay you times the average cost of a canceled holiday)

That's how insurance companies make money. If it was any different, they'd go broke.

So, the payout is basically your own money, and on average, you'd have more money if you had just saved it.

Comment: Re: How do we get Congress to sign up? (Score 1) 365

by ComaVN (#45132433) Attached to: Buried In the Source: "No Expectation of Privacy"

If one has the ability to back up that risk, (...) it is on average better to not get insurance.

I don't get why this concept is so hard for people to understand.

Like people taking out insurance for canceling a holiday trip. If you have paid up front for your vacation, then pretty much by definition you can afford to lose that money without ill effects worse than "I won't get to go on holiday this time"

Comment: Re:But this is India we are talking about (Score 1) 164

by ComaVN (#40865075) Attached to: RIM Agrees To Hand Over Its Encryption Keys To India

You just told all of us your method, and we didn't even need to use a wrench.

One time pads are only unbreakable when they're generated with a true random source. What you described is a stream cipher, and as long as you know the key to initialize the keystream, it can be forced from you.

Of course, if you do have a true one-time pad, the location of your copy of it can be extracted just as easily. I'd say the only way to protect against that is to make sure no-one knows you use crypto at all.

Comment: Re:Newsflash (Score 3, Funny) 450

by ComaVN (#39217547) Attached to: Linode Exploit Caused Theft of Thousands of Bitcoins

They're exactly the same as the casino owner: the house always gets its cut.

Not quite. The casino sets the rules of the game, making sure they know EXACTLY what the odds are, thereby turning long-term profit into a statistical certainty. The insurer has to guess the odds, and can actually guess wrong, so there's a lot less certainty. That's why there are reinsurers, who insure the insurers against unexpectedly large payouts.

Single tasking: Just Say No.