Forgot your password?
typodupeerror

Comment: Re:There is no "almost impossible" (Score 1) 228

by bobbied (#47947983) Attached to: Apple's "Warrant Canary" Has Died

Actually, it is not. In reality, a 256 bit key can not be brute forced because of physics - especially the second law of thermodynamics. One of the results of this law is that information needs energy to be represented. In an ideal computer, the representation of one bit requires kT energy, where k is the Boltzman constant and T is the temperature. Let's assume we can operate at the average temperature of 3.2 Kelvin, the average temperature of the universe. The required energy to represent a bit in this case would be around 4.416*10-23 Joule. The annual amount of energy that our sun emits is about 1.21*10^34 Joule. Dividing this with the per bit-change energy, we could provide power for our ideal computer to perform 2.74*10^56 bit changes. This is just about enough to have a 187-bit counter go through all its states. This does not include the energy needed for the computations to test each key (our counter state in this case) for correctness. A 256 bit counter would require ~400.000.000.000.000.000.000 stars like our sun just to represent in the counter of our ideal computer. Or, to say it in the words of Bruce Schneier: "...brute force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space". Note: I am not talking about potential attacks against the algorithms here, etc. only pointing out that encryption is definitely not ALWAYS breakable by brute force.

I have no clue what all the above really means.... If you are saying that 256 bit keys are hard to break, I would concur. If you are saying that it would take a long time, I would again agree. However, if you look at "possible" it is totally possible to brute force a 256 bit key, it just takes TIME to do, LOTS of time OR lots of computers. Either way, it is perfectly possible... Now it may take a LOT of computers (more than are physically possible) or it may take a LONG time (more than we likely have before the sun destroys the earth) but that is all about being practical and not about being possible.

Comment: Re:There is no "almost impossible" (Score 1) 228

by bobbied (#47947867) Attached to: Apple's "Warrant Canary" Has Died

Encryption is ALWAYS breakable by brute force. Question is how long does it take? Seconds? Hours? Months? Years? Decades? This is usually determined by key sizes. The longer the key, the longer it takes to brute force. (generally)

Um, not quite, one time pads are provably impossible to break by brute force since the message can be decoded into any message of the right length.

One Time Pads are incredibly difficult to implement because you have to securely distribute the pads AND you have to make sure your pads are indeed random. So, for use on any kind of digital device, nobody can usually afford to use a One Time Pad for encrypting their phone.

I had assumed that the context ruled out the One Use Pad, so I didn't put an exception in for that. Sorry.

Comment: Re:There is no "almost impossible" (Score 4, Interesting) 228

by bobbied (#47941341) Attached to: Apple's "Warrant Canary" Has Died

It either can or can't be done. Almost impossible means it still can be done.

Encryption is ALWAYS breakable by brute force. Question is how long does it take? Seconds? Hours? Months? Years? Decades? This is usually determined by key sizes. The longer the key, the longer it takes to brute force. (generally)

Comment: Re:Don't use a google account with Android. (Score 1) 125

by bobbied (#47941211) Attached to: Next Android To Enable Local Encryption By Default Too, Says Google

So, riddle me this batman... If you store the key on the device and read it automatically on boot, how's that protect you? Or are you saying that it's on an external device so I now have to keep the "key" around to boot my phone? One offers zero protection, the other consumers will hate.

See this is what usually happens...The consumer doesn't want two devices to manage, they want one. We implement strong encryption using long keys, then we store these keys someplace "on the device" and protect them with a 4 digit pin. Consumers demand it. So we've really reduced the protection level of all that nifty encryption to that of a 4 digit encryption key.

Sort of like what happened to WEP.... It used good encryption (in fact we STILL use the same encryption for the most part) it just bungled the key management side of things to make it useable by consumers. (OK, they did some other stuff wrong too, but the problem was key management..)

So, I'm not saying that having a "boot key" device, simiar to an RSA token isn't a bad idea, I'm saying that most users won't stand for having something separate from their phone that they need to power it on, nor will they suffer though entering sufficiently long and complex passwords.

Comment: Re:Don't use a google account with Android. (Score 1) 125

by bobbied (#47940541) Attached to: Next Android To Enable Local Encryption By Default Too, Says Google

And if you think I'd ever willingly put non encrypted data in any sot of could you're dreaming.

I thought this was about ON THE HANDSET encryption?

Which leads you to the key hiding problem.... Keys need to be plain text to be used, so they are in memory when you have a device that is encrypted. Which leads you to the problem of how to get a sufficiently complex key into the device on boot? Providing keys is where most crypto systems start to break down, and people do stupid stuff like reduce everything to a 4 digit pin or some such nonsense...

Comment: Re:hackers and painters (Score 1) 391

by bobbied (#47919089) Attached to: Ask Slashdot: Any Place For Liberal Arts Degrees In Tech?
The best two programmers I know both didn't have college degrees at all... But that doesn't mean I would recommend those desiring such a career to forget the technical education a CS degree gives you. Both of the programmers I know expressed to me that they wish they had actually done the college degree because like it or not, not having the degree does put a considerable limitation on where you can work and thus can put limits on your earning power. Go to school, get the degree. Better yet, the masters or Phd...

Comment: Re:In other words....Don't look like a drug traffi (Score 1) 462

by bobbied (#47884533) Attached to: CBC Warns Canadians of "US Law Enforcement Money Extortion Program"

It's happened 65 thousand times according to this article. You can't assume that just because someone can't afford a lawyer that they're guilty.

Seizure of property perhaps. Unjustified seizure of property, not so often. I've only heard of ONE case myself where the seizure was found to be unjustified.

So are you claiming that some people just let the property go when it wasn't a justified seizure? Can you produce examples? I'm sure there are organizations that would be happy to fund the legal bills to get their property back as what you suggest is a violation of the 5th amendment.

Comment: Re:In other words....Don't look like a drug traffi (Score -1, Troll) 462

by bobbied (#47884479) Attached to: CBC Warns Canadians of "US Law Enforcement Money Extortion Program"

and that requires that they actually have some level of proof that illegal activity was going on.

You haven't been following this issue very much, have you? Siezures have been made where there was no proof, only suspicion (based on the flimsiest of evidence). As the owner, you don't have the right to challenge the siezure -- the siezure is made against the property itself.

Oh I understand the issue just fine. But, they have to have a minimum level of proof to do the seizure and they also have to defend the action in court if/when the property owner objects. A judge will rip them a new one if they don't come up with justification and the property owner objects. There are checks and balances here.

Comment: Re:In other words....Don't look like a drug traffi (Score -1, Troll) 462

by bobbied (#47884427) Attached to: CBC Warns Canadians of "US Law Enforcement Money Extortion Program"

Like I said to another poster. This unlawful seizure has only happened in a handful of cases over the last decade, and those where corrected by the courts, property returned and officers involved appropriately disciplined.

The original story reads like this happens every day. Sorry, that's not true. It doesn't happen once a week, or once a month even. For the vanishingly few cases where police forces are actively looking for things to seize, you lower your personal risk by not LOOKING like someone who's stuff they can get their hands on easily. Thus my advice to be careful of appearances.

Look, many TV programs have tried and failed to document this happening since the law was passed. 20/20 came about as close as anybody, but all they really caught on camera was a questionable traffic stop and a whole lot of people who where claiming to be innocent but had serious credibility issues. If the press cannot find and document this, it's NOT happening with any frequency that should be concerning.

If you choose to look like you might be doing something illegal, best figure on being more interesting to those who are charged with preventing crime. So it's up to you. If you want to be stopped and questioned more often, go ahead.

"Pay no attention to the man behind the curtain." -- Karl, as he stepped behind the computer to reboot it, during a FAT

Working...