Forgot your password?
typodupeerror

Comment: Bruteforce with hints - Re:No surprise there (Score 1) 263

by rbenech (#42082193) Attached to: After Weeks of Trying, UK Cryptographers Fail To Crack WWII Code
Actually, Having a real message (i.e. pass spellcheck) is quite easy to detect. It's getting there that's the hard part. It can take some time (time we have). Finding the one time pad key (where the key is as long as the message) is to use enough known messages to force a collision. Known plain text comparisons (like known plain text of similar pigeon messages). The governments might already have the exact message decoded by other means. Generate one time pads for the entire known text and see if you get a hit. Use statistical methods to create agents to process certain targets of known plaintext pairs. Having a message header or sign off pattern would be a great place to start!

Comment: Re:I hope this doesn't catch on. (Score 1) 183

by rbenech (#28858737) Attached to: Google Open Sources Wave Protocol Implementation

Also, destroying the competitive advantage of Exchange and Lotus Notes will have certain long-term strategic benefits.

True! But I can't wait to get waves + notes apps working together... I'm still curious about how waves resolve conflicting offline edits outside of the wave with just XML... hrm...

Lotus Notes can probably interact with the wave much more easily than Exchange's collection of apps (sharepoint - yuk). Notes 8 is built on Eclipse, so all you really need is someone to wire up the right kind of plug-in or extension and you should be able to interact with all those great Notes apps directly with the wave. That's the great equalizer of waves, a 'robot' can interact automatically to 'do the right thing' to get two very disparate systems to seem to work together. Watch the video to see how a the view can interact directly with Blog post replies...

Comment: Re:BAD summary (Score 3, Informative) 199

by rbenech (#28470751) Attached to: IBM Claims Breakthrough In Analysis of Encrypted Data

Actually, imagine being able to add two numbers together without knowing what those two numbers were and returning the total that you STILL don't know what the number is, but you have the cyphertext for it. You still need the key to decrypt the total.

Example in plaintext:

4 + 5 = 9

Example encypted (oversimplified):

D32JFS3 + 234DSF31 = 42SDF23

So the third party would receive D32JFS3 and 234DSF31 (not knowing they meant 4 and 5) and he would return 42SDF23 (not knowing it was 9)

The ablility to add two peices of cyphertext to get some (still unknonw) peice of cyphertext does not increase the "breakability" of the encryption because, just like the rosetta stone, you really need pairs of plaintext and cyphertext to do any real analysis. There may be some NEW attack methods on lattice based encryption techniques, but they are not yet widely known.

Critical Flaw Found in VNC 4.1 175

Posted by CowboyNeal
from the public-desktops dept.
jblobz writes "IntelliAdmin has discovered a critical flaw that allows an attacker to control any machine running VNC 4.1. The flaw grants access without the attacker obtaining a password. The details of the vulnerability have not been released, but their website has a proof of concept that allows you to test your own VNC installation for the vulnerability"

Genius is ten percent inspiration and fifty percent capital gains.

Working...