Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Submission + - OpenSSH has a new cipher, chacha20-poly1305, from D.J. Bernstein!

ConstantineM writes: Inspired by a recent Google initiative to adopt ChaCha20 and Poly1305 for TLS, OpenSSH developer Damien Miller has added a similar protocol to ssh, chacha20-poly1305@openssh.com, which is based on D. J. Bernstein algorithms that are specifically optimised to provide the highest security at the lowest computational cost, and not require any special hardware at doing so. Some further details are in his blog, and at undeadly. The source code of the protocol is remarkably simple — less than 100 lines of code!

Comment Re:Version numbers (Score 2) 188 188

Google has grabbed a bunch of open source libraries, sometimes respecting the license, hacked on them, and rolled them into Chrom*.

If you have any cases where you think that Chrome is failing to comply with the terms of a free software license, then please file a bug at http://code.google.com/p/chromium/issues/list - we take license compliance very seriously. (I'm a Google engineer, though not working Chrome).

Comment Re:OpenSSH is not vulnerable (Score 4, Informative) 31 31

No, it is not vulnerable to this attack. The Brumley/Tuveri paper describes a timing leak in a specific algorithm that is only used for elliptic curve crypto over binary/GF(2m) fields. OpenSSH uses ECC over prime fields that use different algorithms that have no known timing leaks. A result against ECC using prime fields would be more difficult because the curve point components are integers and so can use well-tested modular arithmetic code.

Comment Don't be fooled (Score 5, Insightful) 122 122

The changes announced today seem to be little more than a delaying tactic to remove the issue of mandatory Internet censorship from the agenda ahead of the election that is expected to be announced any day now. This issue has turned quite toxic for the government; the people who are for it are only weakly so, but the people who are against it are furious and are already organising campaigns against the government on various social media.

I don't think the government can be trusted not to bring it back in a essentially unmodified form after the next election. Vote accordingly.

Comment Re:Sony can't be trusted (Score 1) 171 171

Sony has managed to lose my trust too. I was a very happy customer of PS1-3, but the retroactive otheros thing has put me right off. I rarely used Linux once I installed it, but that they were willing to retrospectively nuke an advertised feature of their product clearly demonstrated to me that they do not put the customer first. I wouldn't be at all surprised if they do start crippling the PSN for non-paying customers.

The dumbest thing about the OtherOS removal is that it is probably not even going to help. Now that the hypervisor has been cracked enough to obtain memory dumps, it is far more likely that further hacking is going to rely on bugs that are found in the hypervisor software itself. These will probably be reachable by any application running on the system that takes user or network input. Think that every savegame loader is foolproof? How about that dinky web browser? Nuking OtherOS just pissed off loyal customers and bought them very little.

Comment Re:I don't worry much about paper (Score 1) 446 446

Actually, in some places (e.g. Australia), a significant amount of paper _is_ made by chopping down unique old-growth forests. Furthermore, the chlorine bleaching processes commonly used release a substantial amount of toxic effluent. So yeah, you should worry.

Comment Re:Australian Competition & Consumer Commissio (Score 1) 270 270

Thanks for the pointer, I have been meaning to do just that. Here is mine:

Sony has just issued a firmware update[1] that disables the "OtherOS" support that is used to run alternate operating systems such as Linux on the Playstation 3 (PS3) game console. This was an advertised feature of the PS3 and was a factor in my decision to purchase the product. The firmware update is effectively mandatory; the PS3 will not support online play or game updates/downloads via the Playstation network without it (these are also advertised features).

That a major consumer electronics company can unilaterally remove advertised features from a product that I have bought and paid for is chilling to say the least and appears misleading and deceptive in the classic "bait and switch" style. I request that the ACCC investigate this matter.

[1] http://blog.us.playstation.com/2010/03/28/ps3-firmware-v3-21-update/

1.79 x 10^12 furlongs per fortnight -- it's not just a good idea, it's the law!

Working...