Forgot your password?

Comment: The whole thing is unsubstantiated FUD (Score 1) 282

by fgrieu (#44496397) Attached to: Math Advance Suggest RSA Encryption Could Fall Within 5 Years

The whole thing is unsubstantiated FUD. I base my judgment on the slides at

The whole argument boils down to:
a) there has recently been huge progress [*] in solving the Discrete Log Problem over fields of small characteristic;
b) progress in solving the DLP have historically implied progress in factorization, and vice versa;
c) factorization breaks RSA, and solving the DLP breaks DSA;
d) thus RSA and DSA are dead, move to ECDSA.

The fallacy of it is that in b) and c), the DLP is exclusively over fields of huge characteristics (thousands of bits), making the algorithms in a) powerless. The slides do not hint at the faintest research lead towards moving to huge characteristics. Best argument is that "renewed interest could result in further improvements".

One the positive side, the author is honest: "I’m not a mathematician, I just play one on stage".

    François Grieu

[*] See e.g. this recent paper and its references
Razvan Barbulescu, Pierrick Gaudry, Antoine Joux, Emmanuel Thomé: A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic

Comment: The report's author are pretty convincing (Score 1) 133

by fgrieu (#44151325) Attached to: Backdoor Discovered In Atlassian Crowd

The original report says about the last vulnerability discussed (but not disclosed)

Indicators such as covert positioning, the use of special parameters, absence of log messages, facilitation of persistence, and apparent lack of legitimate purpose suggest that this vulnerability could be classified as a symmetric backdoor if malicious intent were to be established (which it has not).

I like the tone: they stop short of stating this is a deliberate backdoor of the worst kind, but give extremely convincing argument that it is one.

Comment: Do not judge us from what we show! (Score 2) 85

by fgrieu (#43513435) Attached to: CipherCloud Invokes DMCA To Block Discussions of Its Crypto System

The taken-down images, and the promotional video around 2:53
make it clear that in these promotional materials, identical plaintext leads to identical ciphertext.

Ciphercould's DMCA takedown notice
rebuts that as wrong ("Ciphercloud's product is not deterministic"), with a key point at the beginning of page 3:
"[detractor] implies that what was perceived from a public demo is Ciphercould's product offering".

Ciphercould's position is: you misjudged us from what we have shown, which is not the real thing.

Comment: Try "SearchMyFiles" (Score 1) 440

by fgrieu (#41205433) Attached to: Ask Slashdot: How Do I De-Dupe a System With 4.2 Million Files?

Recently had this situation.

Nirsoft's free "SearchMyFiles" has a straightforward Find Duplicates mode which helped a lot. It is easy (the most "complex" is designating the base locations for searches as e.g. K:\;L:\;P:\;Q:\), fast, never crashed on me, and had only cosmetic issues ("del" key not working). I recommend running it with administrative privileges so that it does not miss files.

Comment: The abstract of the article is here (Score 5, Informative) 80

by fgrieu (#37802352) Attached to: XML Encryption Broken, Need To Fix W3C Standard

"..we describe a practical attack on XML Encryption, which allows to decrypt a ciphertext by sending related ciphertexts to a Web Service and evaluating the server response. We show that an adversary can decrypt a ciphertext by performing only 14 requests per plaintext byte on average."



+ - Inkscape 0.48.1 released! 2

Submitted by ScislaC
ScislaC (827506) writes "This version of the SVG-based vector graphics editor contains over 80 bug fixes as well as improves stability and performance on all platforms. Check out the release notes for a brief summary about what has changed, view the milestone page for a comprehensive list of fixed bugs, or just jump right to downloading your copy for Windows, OSX Leopard & Snow Leopard, or Others."

3rd-Grader Busted For Jolly Rancher Possession 804 Screenshot-sm

Posted by samzenpus
from the step-away-from-the-candy dept.
theodp writes "A third-grader in a small Texas school district received a week's detention for merely possessing a Jolly Rancher. Leighann Adair, 10, was eating lunch Monday when a teacher confiscated the candy. Her parents said she was in tears when she arrived home later that afternoon and handed them the detention notice. But school officials are defending the sentence, saying the school was abiding by a state guideline that banned 'minimal nutrition' foods. 'Whether or not I agree with the guidelines, we have to follow the rules,' said school superintendent Jack Ellis."

When speculation has done its worst, two plus two still equals four. -- S. Johnson