Become a fan of Slashdot on Facebook


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Comment Re:Errr... no. (Score 1) 68

I've been tossing the idea around lately that something like a blockchain could be used as part of a larg-scale PKI - once you announce your public key and it gets several confirmations, then it would be hard for someone to announce that your key is something else after the fact and your not necessarily trusting a company or the government to do so.

But how do you prevent someone else from announcing before you.. or what incentive would their be for miners to mine... still plenty of issues not solved - but it could fix part of the problem.

Comment Re:Bahahaha (Score 2) 68

The irony is that the mathematical foundations of bitcoin create a solid record of legitimate ownership that may be more ironclad against fraud than many of the systems employed by businesses today.

Tell that to the members of the Mt. Gox exchange.

Mt Gox had nothing to do with the blockchain... The reason that Mt Gox couldn't "go get the money back" *is* that the blockchain says its not their money any more. Which it isn't because someone went and spent it!

Comment Re:wtf! (Score 3, Insightful) 68

Perhaps you giggled because you don't understand it? There hasn't been any flaws with bitcoin itself and the block chain that caused coins to be spent by someone who didn't know the ECC private key... Loss-of-currency has occurred with poor third party implementations, e.g. using ECDSA and selecting the same value of k for multiple signatures (similiar to the mistake made by sony and the ps3) or Mt Gox which was either just outright fraud by the company or a severe implementation error.

The block chain is fairly effective at deciding "what came first" and after several confirmations becomes fairly infeasible for a bad actor to change - I don't know of any weaknesses provided your computing pool is large enough that no person controlls 50%. Well, or a quantum computer solving the discrete logarithm...

Comment Outage.. (Score 4, Interesting) 377

I unplugged the wrong thing in a datacenter once which took 20k domains offline. Traced the cable from the machine to the wall 2 or three times before pulling too..

They didn't have any cable management and only one border router..

Didn't lose my job, I was a very young sysadmin who was learning but good at what I did.. everyone kinda shrugged it off as a lesson learned.

Comment Re:Could you hire an IT security person? (Score 1) 562

No. Sorry. Government-only backdoors do not exist. They're by definition public. At the very least, they are public enough that every OTHER government will have the keys to it, too.

Not necessarily, Dual_EC_DRBG's potential back door lies in being able to choose the parameters of the protocol - namely choosing two points on the eliptic curve P and Q such that they know e where eP= Q. The only other way to "discover" this back door key would be solving the discrete logarithm problem which is the hardness assumption thats being used in the first place.

"The most important thing in a man is not what he knows, but what he is." -- Narciso Yepes