Become a fan of Slashdot on Facebook


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Police post plausible statement (Score 1) 415

by fgrieu (#47398043) Attached to: Police Using Dogs To Sniff Out Computer Memory

Apparently the Rhode Island State Police posted a photo and plausible statement:

The post says the canine is "trained to detect electronic devices".

That does not look as bogus a claim as training specifically for storage media: the chemicals used in the soldering, cleaning, and IC packaging conceivably could have a detectable smell.

Comment: The whole thing is unsubstantiated FUD (Score 1) 282

by fgrieu (#44496397) Attached to: Math Advance Suggest RSA Encryption Could Fall Within 5 Years

The whole thing is unsubstantiated FUD. I base my judgment on the slides at

The whole argument boils down to:
a) there has recently been huge progress [*] in solving the Discrete Log Problem over fields of small characteristic;
b) progress in solving the DLP have historically implied progress in factorization, and vice versa;
c) factorization breaks RSA, and solving the DLP breaks DSA;
d) thus RSA and DSA are dead, move to ECDSA.

The fallacy of it is that in b) and c), the DLP is exclusively over fields of huge characteristics (thousands of bits), making the algorithms in a) powerless. The slides do not hint at the faintest research lead towards moving to huge characteristics. Best argument is that "renewed interest could result in further improvements".

One the positive side, the author is honest: "I’m not a mathematician, I just play one on stage".

    François Grieu

[*] See e.g. this recent paper and its references
Razvan Barbulescu, Pierrick Gaudry, Antoine Joux, Emmanuel Thomé: A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic

Comment: The report's author are pretty convincing (Score 1) 133

by fgrieu (#44151325) Attached to: Backdoor Discovered In Atlassian Crowd

The original report says about the last vulnerability discussed (but not disclosed)

Indicators such as covert positioning, the use of special parameters, absence of log messages, facilitation of persistence, and apparent lack of legitimate purpose suggest that this vulnerability could be classified as a symmetric backdoor if malicious intent were to be established (which it has not).

I like the tone: they stop short of stating this is a deliberate backdoor of the worst kind, but give extremely convincing argument that it is one.

Comment: Do not judge us from what we show! (Score 2) 85

by fgrieu (#43513435) Attached to: CipherCloud Invokes DMCA To Block Discussions of Its Crypto System

The taken-down images, and the promotional video around 2:53
make it clear that in these promotional materials, identical plaintext leads to identical ciphertext.

Ciphercould's DMCA takedown notice
rebuts that as wrong ("Ciphercloud's product is not deterministic"), with a key point at the beginning of page 3:
"[detractor] implies that what was perceived from a public demo is Ciphercould's product offering".

Ciphercould's position is: you misjudged us from what we have shown, which is not the real thing.

Comment: Try "SearchMyFiles" (Score 1) 440

by fgrieu (#41205433) Attached to: Ask Slashdot: How Do I De-Dupe a System With 4.2 Million Files?

Recently had this situation.

Nirsoft's free "SearchMyFiles" has a straightforward Find Duplicates mode which helped a lot. It is easy (the most "complex" is designating the base locations for searches as e.g. K:\;L:\;P:\;Q:\), fast, never crashed on me, and had only cosmetic issues ("del" key not working). I recommend running it with administrative privileges so that it does not miss files.

Comment: The abstract of the article is here (Score 5, Informative) 80

by fgrieu (#37802352) Attached to: XML Encryption Broken, Need To Fix W3C Standard

"..we describe a practical attack on XML Encryption, which allows to decrypt a ciphertext by sending related ciphertexts to a Web Service and evaluating the server response. We show that an adversary can decrypt a ciphertext by performing only 14 requests per plaintext byte on average."


Who goeth a-borrowing goeth a-sorrowing. -- Thomas Tusser