Forgot your password?
typodupeerror

Comment: Re:Also... (Score 1) 163

by bobbied (#47966095) Attached to: Friendly Reminder: Do Not Place Your IPhone In a Microwave

Don't put an unopened bottle or can of soda in a microwave. Or at least not in a microwave you ever want to use again.

Also, don't put your phone in gas oven, or on a hot griddle.

Similarly, don't touch anything hot enough to cook, and don't stick a knife into your gut.

You forgot: Never play Russian Roulette with an automatic....

Comment: Re:There is no "almost impossible" (Score 1) 231

by bobbied (#47947983) Attached to: Apple's "Warrant Canary" Has Died

Actually, it is not. In reality, a 256 bit key can not be brute forced because of physics - especially the second law of thermodynamics. One of the results of this law is that information needs energy to be represented. In an ideal computer, the representation of one bit requires kT energy, where k is the Boltzman constant and T is the temperature. Let's assume we can operate at the average temperature of 3.2 Kelvin, the average temperature of the universe. The required energy to represent a bit in this case would be around 4.416*10-23 Joule. The annual amount of energy that our sun emits is about 1.21*10^34 Joule. Dividing this with the per bit-change energy, we could provide power for our ideal computer to perform 2.74*10^56 bit changes. This is just about enough to have a 187-bit counter go through all its states. This does not include the energy needed for the computations to test each key (our counter state in this case) for correctness. A 256 bit counter would require ~400.000.000.000.000.000.000 stars like our sun just to represent in the counter of our ideal computer. Or, to say it in the words of Bruce Schneier: "...brute force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space". Note: I am not talking about potential attacks against the algorithms here, etc. only pointing out that encryption is definitely not ALWAYS breakable by brute force.

I have no clue what all the above really means.... If you are saying that 256 bit keys are hard to break, I would concur. If you are saying that it would take a long time, I would again agree. However, if you look at "possible" it is totally possible to brute force a 256 bit key, it just takes TIME to do, LOTS of time OR lots of computers. Either way, it is perfectly possible... Now it may take a LOT of computers (more than are physically possible) or it may take a LONG time (more than we likely have before the sun destroys the earth) but that is all about being practical and not about being possible.

Comment: Re:There is no "almost impossible" (Score 1) 231

by bobbied (#47947867) Attached to: Apple's "Warrant Canary" Has Died

Encryption is ALWAYS breakable by brute force. Question is how long does it take? Seconds? Hours? Months? Years? Decades? This is usually determined by key sizes. The longer the key, the longer it takes to brute force. (generally)

Um, not quite, one time pads are provably impossible to break by brute force since the message can be decoded into any message of the right length.

One Time Pads are incredibly difficult to implement because you have to securely distribute the pads AND you have to make sure your pads are indeed random. So, for use on any kind of digital device, nobody can usually afford to use a One Time Pad for encrypting their phone.

I had assumed that the context ruled out the One Use Pad, so I didn't put an exception in for that. Sorry.

Comment: Re:There is no "almost impossible" (Score 4, Interesting) 231

by bobbied (#47941341) Attached to: Apple's "Warrant Canary" Has Died

It either can or can't be done. Almost impossible means it still can be done.

Encryption is ALWAYS breakable by brute force. Question is how long does it take? Seconds? Hours? Months? Years? Decades? This is usually determined by key sizes. The longer the key, the longer it takes to brute force. (generally)

Comment: Re:Don't use a google account with Android. (Score 1) 126

by bobbied (#47941211) Attached to: Next Android To Enable Local Encryption By Default Too, Says Google

So, riddle me this batman... If you store the key on the device and read it automatically on boot, how's that protect you? Or are you saying that it's on an external device so I now have to keep the "key" around to boot my phone? One offers zero protection, the other consumers will hate.

See this is what usually happens...The consumer doesn't want two devices to manage, they want one. We implement strong encryption using long keys, then we store these keys someplace "on the device" and protect them with a 4 digit pin. Consumers demand it. So we've really reduced the protection level of all that nifty encryption to that of a 4 digit encryption key.

Sort of like what happened to WEP.... It used good encryption (in fact we STILL use the same encryption for the most part) it just bungled the key management side of things to make it useable by consumers. (OK, they did some other stuff wrong too, but the problem was key management..)

So, I'm not saying that having a "boot key" device, simiar to an RSA token isn't a bad idea, I'm saying that most users won't stand for having something separate from their phone that they need to power it on, nor will they suffer though entering sufficiently long and complex passwords.

Comment: Re:Don't use a google account with Android. (Score 1) 126

by bobbied (#47940541) Attached to: Next Android To Enable Local Encryption By Default Too, Says Google

And if you think I'd ever willingly put non encrypted data in any sot of could you're dreaming.

I thought this was about ON THE HANDSET encryption?

Which leads you to the key hiding problem.... Keys need to be plain text to be used, so they are in memory when you have a device that is encrypted. Which leads you to the problem of how to get a sufficiently complex key into the device on boot? Providing keys is where most crypto systems start to break down, and people do stupid stuff like reduce everything to a 4 digit pin or some such nonsense...

Comment: Re:hackers and painters (Score 1) 391

by bobbied (#47919089) Attached to: Ask Slashdot: Any Place For Liberal Arts Degrees In Tech?
The best two programmers I know both didn't have college degrees at all... But that doesn't mean I would recommend those desiring such a career to forget the technical education a CS degree gives you. Both of the programmers I know expressed to me that they wish they had actually done the college degree because like it or not, not having the degree does put a considerable limitation on where you can work and thus can put limits on your earning power. Go to school, get the degree. Better yet, the masters or Phd...

Comment: Re:In other words....Don't look like a drug traffi (Score 1) 462

by bobbied (#47884533) Attached to: CBC Warns Canadians of "US Law Enforcement Money Extortion Program"

It's happened 65 thousand times according to this article. You can't assume that just because someone can't afford a lawyer that they're guilty.

Seizure of property perhaps. Unjustified seizure of property, not so often. I've only heard of ONE case myself where the seizure was found to be unjustified.

So are you claiming that some people just let the property go when it wasn't a justified seizure? Can you produce examples? I'm sure there are organizations that would be happy to fund the legal bills to get their property back as what you suggest is a violation of the 5th amendment.

Order and simplification are the first steps toward mastery of a subject -- the actual enemy is the unknown. -- Thomas Mann

Working...