Forgot your password?

Comment: Multiple master secrets (Score 1) 75

by logicnazi (#47962983) Attached to: Researchers Propose a Revocable Identity-Based Encryption Scheme

Of course you can have as many master secrets as you want with each controlled by a different entity but those master public keys need to be distributed somehow. However, if you try and allow any master secret to work with any email you have exactly the system we have with ssl certs and we know that won't work for things like email. After all if any master secret can generate a private key for any email that means that if any master key is compromised so is the whole system. I believe it also requires that anyone encrypting messages needs information about all the master keys so it really is like certs, you trust all the root certs in the list that comes with your software.

On the other hand if each email address can specify the master key to use with it we are back to the problem of key distribution as the choice of master public key for your email address functions just like a public key (to send you encrypted messages the sender needs to know it and if they are tricked into using the wrong one you get a MITM attack).

Obviously, I use email to stand in for whatever identifier one has in mind.

Comment: No better than using gmail (Score 1) 75

by logicnazi (#47962967) Attached to: Researchers Propose a Revocable Identity-Based Encryption Scheme

As any such identity based encryption requires a master secret (or secrets) that is used to generate the private keys (if not anyone who knows your email can generate a private key for that public key and thus read anything encrypted to you) you might as well just be using gmail and counting on google not to get hacked. After all, you can't compromise every gmail account by gaining access to a few servers but anyone who hacks the server with the master secret brings down the whole system in IBE. And gmail also provides transport security and tls for your web connections so why even bother with IBE unless your correspondent doesn't have transport level security.

MAYBE you could create some kind of large distributed infrastructure for storing the master key but at that point it seems easier just to distribute standard public keys directly.

Comment: Re:How does the decrypter know what to send out? (Score 1) 106

by logicnazi (#46107861) Attached to: Building Deception Into Encryption Software

It will only work for data that is so well characterized you can find the information theoretic optimal representation for it, i.e., you can bijectively map each message onto the integers mod n so that each integer is equally likely to be seen.

Other than CCNs I can't think of much which satisfies this condition.

Comment: Very narrow use (Score 1) 106

by logicnazi (#46107849) Attached to: Building Deception Into Encryption Software

The only cases in which this approach can work are those where the distribution of plaintext is known in advance.

Since the algorithms used to generate CCN are largely public one can map the class of apparently valid CCNs (suppose it has n members) bijectively into the integers mod n and assuming the CCNs are uniformly distributed over the apparently valid CCNs (likely) their images in the integers mod n are uniformly distributed. Assume that ENC_k is any standard encryption function (public or private) with key k operating on inputs from the integers mod z >= n-1 (usually a power of 2 for a symmetric encryption function). Given a CCN c map it to a value c' in mod n arithmetic and generate a random value 0 = r z. We can now encrypt our CCN as the pair r + c' mod n, ENC_k(r).

This will ensure that no statistical test will be able to distinguish a correct choice of the key from an incorrect one.

This is useless, however, for data like english text or names which don't have an easily describable distribution. The construction above relied on our ability to select an information theoretic optimal compression function for CCNs, i.e., one which bijectively maps the message into a uniform distribution on the integers mod n for some n. This is impossible for things like proper names or english text.

Comment: Re:Sounds like a lawsuit waiting to happen (Score 1) 448

by logicnazi (#46101613) Attached to: Developer Loses Single-Letter Twitter Handle Through Extortion

No, this is irrelevant.

If paypal was neither negligent with his data nor violated any privacy laws the fact that in an ideal world they shouldn't have allowed this information to become available is irrelevant.

I mean the law has to have a single answer for whether companies need to keep last four digit info on their super secure system because access to that information would allow affected users to sue or not.

Comment: Sue PayPal and GoDaddy!! And why believe hacker? (Score 1) 448

by logicnazi (#46101563) Attached to: Developer Loses Single-Letter Twitter Handle Through Extortion

This was a thing of substantial value and his own willingness to trade it for his custom domains is a compelling argument they too are worth a similar amount.

Thus, if he can prove negligence or some other cause of action against payal or godaddy he should be able to receive at least 50k damages. Personally, I suspect paypal is the better target as various privacy laws may have been violated. Of course a real lawyer would have a better idea of whether he has a case.


Frankly, it's hard to see what could have made this trade a worthwhile deal. I mean, either the hacker already had control of his email through a dns change or he didn't. If the hacker didn't what about the trade would make the extortion victim believe the hacker would behave differently if he turned over the domain than if he didn't? I mean he could presumably still decide to be a dick and use his access to delete the data.

And why not simply pretend not to be at his computer? He could have called godaddy and the like to lock down all the domains.

Comment: Re:Rude != Troll (Score 1) 298

by logicnazi (#43194763) Attached to: Why Trolls Win With Toxic Comments

I understand that religion is detrimental for modern humans,

False, most assuredly. Detrimental? I'm unconvinced.

Sure, if the alternative was for everyone to read CSICOP and become skeptical scientifically minded individuals then sure religion would be harmful to society. However, that's not the alternative. You undermine religiosity and people remain just as `spiritual' and seek out more harmful, less stable forms of mystical thought, e.g., homeopathy, belief in spirits, medium etc...

The failure of any major world culture to exist without substantial religious, spiritual or otherwise mystical beliefs (even a semi-mystical view of the benefits of great literature or the wisdom to be found in meditation) casts doubt on your claim that religion itself is detrimental. Perhaps the harm done by religion is balanced by the comfort it gives to many people who can't or won't find the truth comforting. Perhaps religion is merely the least bad outcome of underlying psychological tendencies we all share pushing us to interpret the world as `speaking' to us and to inject emotion into our evaluation of claims. In the long run with appropriate genetic engineering it might be desirable to phase our religion but for the moment it may be better than things like homeopathy, talk about Chakras and other spiritual interests that aren't religion.

that teaching religion to children is a form of abuse, and therefore indoctrinating anyone under 18 should be illegal.

This is a very very different claim. Sure, in the long run weaning humans off of religion may be desirable but now the question is what will that child be best served by?

As much as I feel that religious indoctrination before adulthood is brainwashing people into holding certain extremely implausible beliefs in most cases it is probably beneficial for the child. Most of America is highly religious and if you deny them that cultural belonging religion provides in these area you hurt them far worse than the harm done from carrying around comforting but incorrect beliefs for their lives. Just make sure there are ample opportunities for them to consider the question later and reach a more informed decision when they are capable.

What is most important is to make sure atheist views, socialization etc... become widely distributed so it's viewed as just another kind of belief. Furthermore, tackling the very hard problem of providing community unity and socialization without any masses is important..

Atheists visibly taking roles in community service programs would be much more useful than viewing religious indoctrination (as are most lessons from parents) would be much more useful.

Comment: Re:Freedom? Safety? Privacy? Where? (Score 1) 307

by logicnazi (#43194481) Attached to: Should We Be Afraid of Google Glass?

And people inferring what you do from your public behaviors is slavery how?

This only seems so awful because we imagine continuing to apply the same social standards in place now to a new world of massive transparency and data mining. These technologies will shift our social norms so it's considered impolite to condemn others for personal choices and we'll view it as rude to use data about someone's personal life to affect the hiring process or how you treat them professionally.

Comment: Re:Let me see... (Score 1) 307

by logicnazi (#43194471) Attached to: Should We Be Afraid of Google Glass?

And if google doesn't do this what do you forsee happening in the future?

High res cameras not only will get cheap but by the miracles of integrated circuit fabrication (and the high cost of running multiple processes/designs) eventually it will be cheaper to buy the standard high-res camera rather than the uncommon low-res camera. It's only a matter of time before all security and ATM cameras are high-res and the price of storage falls so low that they keep all that data in digital form online.

Now is every storeowner, photographer and bank going to use their own security camera management system? Save the images all themselves? Of course not, they will pick some company to manage it for them and that will centralize a great deal of this video information.

There is an inescapable collusion in the works between our expectations of anonymity and our write to free speech. Even if no one goes out and creates a central repository all it takes is many internet accessible public sites hosting this information and anyone with sufficient computer hardware can data mine your life.

Comment: Re:FUCK two-way "transparency". (Score 1) 307

by logicnazi (#43194437) Attached to: Should We Be Afraid of Google Glass?

Most professional cameramen (including artists who want to capture scenes of city life) have their cameras set to take pictures at quite a high rate. What number of FPS is too much? 1? 5? 30? When does taking lots of photos become taking video? I don't think that is a line you can reasonably draw.

Hell, the better data mining gets the easier it is to infer actions in between photos so even if you insist that photography be capped at once every minute or 15seconds eventually the same info will get out.

Comment: Re:Irrationally berserk: Seattle's 'Creepy Cameram (Score 1) 307

by logicnazi (#43194417) Attached to: Should We Be Afraid of Google Glass?

I doubt it.

There is every difference between respecting the usual social norms of looking away from private business, not staring at people etc... and recording what you see and sticking a camera in everyone's face and deliberately invading conversations, behavior and interactions obviously not meant to include you. The content captured may not be much different but the social reaction will be.

The reaction to google glass will be "Cool what's that thing" as long as those wearing it don't bring it into sensitive areas (lockerrooms) and don't shove it into other's buisness.

Comment: Re:Public Privacy?! (Score 1) 307

by logicnazi (#43194399) Attached to: Should We Be Afraid of Google Glass?

It is that the users will be granting privileged access to pervasive surveillance to a small number of corporations and a large number of government agencies, that most who will be doing it do not understand the consequences, and that they have not given most of their subjects the opportunity of informed consent.

Knowing that your picture might get taken is not a cause for concern any more than is getting bumped into on the sidewalk. Getting elbowed repeatedly everywhere you go, or having pervasive surveillance footage of you uploaded to a privately owned and government accessible database, is.

And that is different than now how? Right now ATM photo footage and security cam footage are probably accessible by a few large banks and security firms who have a cozy relationship with the government.

I'd much rather have an internet company with explicit privacy policy and public acknowledgement of any data shared with the government than the shady system that now governs the cameras that watch us in public.

Comment: Re:Public Privacy?! (Score 1) 307

by logicnazi (#43194377) Attached to: Should We Be Afraid of Google Glass?

Umm, so given that facial recognition is out of the bottle what is your preference. That everyone sees the big database or the government maintains it in secret using it's greater ability to make deals to amalgamate many small sources of info and tendency never to let any info go once it has it?

Even if they weren't uploaded to a big online database as long as people can post the photos they take of their own neighborhood somewhere better search technology will inevitably mean that is no different than one big online database.

The bomb will never go off. I speak as an expert in explosives. -- Admiral William Leahy, U.S. Atomic Bomb Project