Forgot your password?

Comment: Re:You are going to see that where Science conflic (Score 1) 281

by cold fjord (#46820701) Attached to: The US Public's Erratic Acceptance of Science

The Current Science that we have, with the technology and Anthropology we have, rules out the possibility of the Christian religion having any basis in reality. It doesn't rule out the possibility a god exists. It only means that the current dominant Abrahamic religions are not realistic descriptions of the universe we live in.

Which science is that then? Is it the science that claims we live in a multiverse where there are infinite universes where every possibility happens? Is it the science that claims our universe is a hologram? Is it the science that claims we popped into existence through a fluctuation in quantum probability? Is it the science that claims to explain what the universe is and how it came about, except that it doesn't know what the dark matter and dark energy are that constitute the overwhelming majority of it ... assuming it exists at all and the explanation isn't actually a modified theory of gravity like TeVeS or some such? Is it the science that claimed that the coelacanth was dead for 66 million years .... until one was caught in 1938? Is it the science that claimed the city of Troy didn't exist ... until it was found? Is that the science that said that the Antikythera Mechanism shouldn't exist? Is it the science that claimed that the walls of Jericho falling outward was a myth ... until it was proven? Is it the science that claimed it was impossible that the Bible was transmitted accurately through the centuries.... until the Dead Sea scrolls and other document fragments were found to prove that it had been?

Perhaps you should prepare yourself for further "refinement" in the understanding of science on various matters?

But these religions justify how we treat other people, why certain social groups are stigmatized, and have a heavy impact on who are leaders are, what our laws are, how we raise our children, and the legitimacy of the standing governments. If the Religions aren't true, then there is no justification for the political positions of MANY people in the US Government.

Shall we contrast Marxism or Marxist-Leninism which has been claimed to be a "science" by countless millions over the last century, and which has been the governing philosophy for a large percentage of the earth's population into the 1990s (and still governs China and three lesser nations) with the Bible? Marxist principles (14:16-23:16) call for the destruction of the class enemy in the revolutionary struggle, and the destruction of primitive societies that were too far behind to catch up with the revolutionary struggle which at the time would have included groups such as the Serbs, Bretons, Basques, and Scottish Highlanders. The National Socialists, another set of socialists inspired by Marx, exterminated the "unfit," the deformed, gays, Jews, and many others.

Should we branch off into the Progressives and their ideas about eugenics?

And what of the Bible?

One of the teachers of the law came and heard them debating. Noticing that Jesus had given them a good answer, he asked him, “Of all the commandments, which is the most important?”

“The most important one,” answered Jesus, “is this: ‘Hear, O Israel: The Lord our God, the Lord is one. Love the Lord your God with all your heart and with all your soul and with all your mind and with all your strength. The second is this: ‘Love your neighbor as yourself. There is no commandment greater than these.” -- Mark 12:28-31

Your views seem very questionable on both the science and the question of religion.

Comment: Re:Cut off your nose to spite your face (Score 1) 62

The problem isn't the algorithm. The "problem" is specifically a question of trust in how the constants for the curve were developed. There is no backdoor if you don't create one from the start. The possibility of there being one is gone if you have an open process to create the curve values in which a backdoor isn't created. At that point the remaining issue is performance. Up till now there have been three other RNGs in the standard if you don't like Dual_EC_DRBG. Yes you can compare the situation to DES because the issue in question is the same in both cases: trust in the body creating the standard. The fact that they are different types of encryption is meaningless. Either NSA did or didn't backdoor DES. Either NSA did or didn't backdoor Dual_EC_DRBG. There is now enough accumulated knowledge and evidence to say that they didn't backdoor DES. We may never know about Dual_EC_DRBG. Suspicion is reasonable, claims of knowledge aren't unless you worked at NSA on that standards effort unless you want to say you "just know."

Comment: Re:Cut off your nose to spite your face (Score 1) 62

That really isn't right, is it? You're abusing the notion of "backdoor." The evidence that a backdoor is possible is incontrovertible. But practically speaking to have access to that backdoor you have to develop the backdoor values as part of defining the curve for the standard / implementation. If you don't develop the backdoor values as part of defining the curve then you are essentially back to solving the original problem in order to get your "shortcut". In other words, it is no help at all if you don't do it from the start. An unknown "backdoor" that is as hard or harder to solve than the original math problem isn't really what you could call a backdoor in conventional terms, is it?

Conclusions about Dual_EC_DRBG

The bias in the output mentioned earlier is concerning, but there are no known attacks against Dual_EC_DRBG unless you have pre-existing knowledge of the relationship between P and Q. In other words, this backdoor (if true as alleged) allows the NSA to break Dual_EC_DRBG but does not make it much vulnerable to anyone else. This is much different than a backdoor password which would be immediately usable by any adversary who discovered it (e.g. by reverse engineering the code).

On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng

Comment: Re:Cut off your nose to spite your face (Score 1) 62

So, what are these algorithms that are impossible to backdoor either through design or implementation? No chance of another something like heartbleed, or Reflections on Trusting Trust?

There is actually nothing wrong with the algorithm for Dual_EC_DRBG, the issue is with people's trust of the constants that define the curve for it in the standard. The only issue there is that people don't trust them just like they didn't trust the NSA generated S-boxes that strengthened DES against secret cryptanalysis techniques. Choosing a new set of known good constants for the standard would resolves all the issues other than performance. Of course that would mean you would need to verify the new configuration was still good and generated proper numbers. (And no matter what you do there will be people that mistrust it, just as this thread started.)

Paranoia can be a useful factor in dealing with security, but it should be moderated and harnessed in a positive manner. If not you end up making mistakes due to poor judgment as I discussed in my other post on DES. You assume the worst case, flop around and make an ever worse choice.

Comment: Re:Cut off your nose to spite your face (Score 1) 62

That may be at some level, but keep it mind that operating only on suspicion makes it easy to end up in the "didn't use DES, got data read by differential cryptanalysis (or method X)" bin. Your choice. It is easy to have suspicions that aren't well founded, as well as false confidence.

Math majors get heavily recruited for those jobs for a reason. Sound encryption doesn't tend to emerge from whimsy.

Comment: Re:Cut off your nose to spite your face (Score 1) 62

Clear thinking generally takes some effort. You should always be clear about what the evidence proves and what it doesn't prove or you are likely to make mistakes. Once you understand that you can apply your suspicions. There were plenty of people that assumed that DES was backdoored due to the changes made in the DES S-boxes prior to the standard being approved. They refused to use DES and used other technologies. It was later revealed that DES had been hardened against secret cryptanalysis techniques that cracked other methods. The people that refused to use DES and used those other methods were unknowingly using weaker encryption due simply to their suspicions. Operating by suspicion can be hazardous when it comes to encryption. Of course the flip side is true too, as the Ultra cracks of Enigma showed.

Comment: Re:Cut off your nose to spite your face (Score 1) 62

As I understand it that is the nature of elliptic curve technology, so I don't think that is quite right. You may recall that elliptic curve encryption was thought to be a highly promising encryption technology at the time. I'm not sure that the calculations would really help you since you could probably generate the same points with or without a backdoor, although I could be mistaken on that point. But as far as I know there is no way to tell just by examining a set of constants if there is a backdoor or not. And that is where the controversy comes in.

Comment: Re:Cut off your nose to spite your face (Score 1) 62

When it comes to encryption you're either going to trust somebody, who may end up having a hidden agenda and the ability to hide it from you, or you won't be exchanging encrypted messaged. Even public review is no guarantee: "Opps! Looks like we didn't cover that obscure corner case, "glad" you spotted it!"

Comment: Re:Cut off your nose to spite your face (Score 5, Insightful) 62

The problem is that by assuming the worst you can go down the wrong path is the situation isn't in fact worst case. Consider the example of DES encryption. The NSA tweaked the S-box values before the standard was approved. Nobody outside of NSA knew why. Many people suspected some sort of backdoor, but nobody could find one. As a result of the suspicion there were people that refused to use DES. Eventually it emerged that NSA had strengthened DES against secret cryptanalysis techniques that weren't generally known at the time. Many of the people that refused to use DES ended up using encryption schemes that were vulnerable to the secret techniques because they assumed the worst and were wrong. DES held up remarkably well against attacks over time, including attacks that were either invented or reinvented long after DES was approved.

Comment: Re:Cut off your nose to spite your face (Score 1) 62

There is no evidence that a backdoor actually exists, only that one is possible with the technology. You can't tell if one exists or not just from the published specification. The only people that would know if one exists are the people that created the curve values.

Comment: Re:Cut off your nose to spite your face (Score 1, Informative) 62

Presumably GP worries that if one out of four options selected by this body is not just flawed but apparently deliberately subverted, what does that say about how well the other three were vetted?

That isn't quite the issue. All of the options in the standard were vetted. The Dual_EC_DRBG option is controversial for performance, the correction to it, and one other reason. Some people claim that it has a backdoor, but that isn't what has been proven. What has been proven is that a backdoor is possible with the technology and you wouldn't know either way. You can generate values for the curve without creating a backdoor, and that would be less work. If there was a backdoor created, only the person or group that created the values used in curve would know it and how to exploit it. If a backdoor exists for a particular set of curve values identifying it isn't easier than the original problem. It looks the same either way with or without a backdoor. People have been making exaggerated claims based on this ambiguity.

Comment: Re:Surprised? (Score 1) 122

by cold fjord (#46818085) Attached to: VK CEO Fired, Says Company Under Kremlin Control

Ah yes, the "no true communist" fallacy. Surely you don't believe it? There has been no shortage of communists over the years willing to exterminate the class according to Marx's bloody theories (14:16-23:16) to try building yet another Marxist "uptopia" of collectivism and a dictatorship of the proletariat. What makes you so certain you've got it right and none of those other millions that called themselves communists didn't?

Comment: Re:Surprised? (Score 1) 122

by cold fjord (#46817825) Attached to: VK CEO Fired, Says Company Under Kremlin Control

I hope that if you haven't already done so that you make some time to share some of those memories with her. It would be mark of shame on the generation that lived through it if the memory of communist oppression were to disappear quickly, especially since there are still communists straining for another chance to try building communism again.

Comment: Re:Surprised? (Score 4, Informative) 122

by cold fjord (#46817447) Attached to: VK CEO Fired, Says Company Under Kremlin Control

If it was Soviet Estonia then your parents or grandparents weren't among the victims of repression or deportation, although they might be among the ethnic Russians moved there by the Soviet Union. (Ethnic Russian by any chance?) Those would be among the ethnic Russians that Putin has threatened other countries over.

Just a snippet of history: Soviet deportations from Estonia in 1940s

The Soviet Union had started preparations for the launch of terror in Estonian civil society already before the occupation of Estonia. As elsewhere, the purpose of communist terror was to suppress any possible resistance from the very beginning and to inculcate great fear among people in order to rule out any kind of organised general resistance movement in the future as well. In Estonia, the planned extermination of the prominent and active persons, as well as the displacement of large groups of people were intended to destroy the Estonian society and economy. The lists of people to be repressed were prepared well in advance. From the files of the Soviet security organs, it seems that already in the early 1930’s the Soviet security organs had collected data on persons to be subjected to repressions. Pursuant to the instructions issued in 1941, the following people in the territories to be annexed into the Soviet Union and their family members were to be subjected to repression: all the members of the former governments, higher state officials and judges, higher military personnel, former politicians, members of voluntary state defence organisations, members of student organisations, persons having actively participated in anti-Soviet armed combat, Russian émigrés, security police officers and police officers, representatives of foreign companies and in general all people having contacts abroad, entrepreneurs and bankers, clergymen and members of the Red Cross. Approximately 23 percent of the population belonged to these categories. In fact, the number of those actually subjected to repressions was much greater, for a large number of people not included in the lists also fell victim to the settlement of scores.

Help me, I'm a prisoner in a Fortune cookie file!