Forgot your password?
typodupeerror

Comment: Re:Still relevant nowadays? (Score 2) 58

by thue (#47190209) Attached to: Mesa 10.2 Improves Linux's Open-Source Graphics Drivers

My impression is that basically all Linux distributions install the open source drivers by default. And in my experience, installing the proprietary drivers is messy.

And most distributions uses 3D in the window manager by default.

So I imagine that many more Linux users use the open source drivers (which in turn use Mesa) than uses the proprietary drivers.

The Courts

FCC Orders Comcast To Stop Labeling Equipment Rental a Service Fee 97

Posted by timothy
from the getting-mugged-is-just-a-toll dept.
An anonymous reader writes "The FCC denied an appeal by Comcast, which argued that its practice of charging customers separately for a DTA (digital terminal adapter) -- a converter box that allows cable subscribers with older televisions to receive digital channels, which the company said would be provided at no charge -- is not subject to rate regulation, because it is a service fee. The ruling was issued on March 19." Also from the article: "In an e-mail last week to the Star Tribune, Comcast vice president of corporate affairs Mary Beth Schubert said the case “involved a relatively minor dispute about the way certain items are presented on the rate card but has no effect on overall pricing.” But, [Michael Bradley, an attorney whose firm represented Minneapolis-area franchising authorities in the dispute] argued the FCC’s decision sets a strong precedent for transparency within the cable industry."

Comment: Re:FIPS 140-2 4.9.2. The Other Back Door. (Score 1) 168

by thue (#46624775) Attached to: NSA Infiltrated RSA Deeper Than Imagined

> 2^128 - 2^112 [...] it's significant, especially if you have a huge data center in Utah.

But 2^128/2^112=2^16=65536

As an upper limit, assume that you remove 100*2^112. But that will still only eliminate 100/65536=0.1% of the search space. Any key that is brute-forceable by NSA with those 0.1% removed is also brute-forceable without those 0.1% of the search space removed.

> What may be worse (I don't know) is the simultaneous equations that it creates that are invariant for keys from such a source. Maybe they could be used in a cryptographic attack to help solve the sorts of attack that try to build big systems of simultaneous equations to attack the key schedule.

Something like this seems slightly more likely. But assuming the bits were perfectly random before the removal of repeated blocks, for finite keys it still doesn't generate anything that couldn't have been generated by chance without the removal of repeated blocks.

Comment: Re:FIPS 140-2 4.9.2. The Other Back Door. (Score 1) 168

by thue (#46623443) Attached to: NSA Infiltrated RSA Deeper Than Imagined

I agree that the output is not random by the standard definition. And obviously a bad RNG.

But making a practical attack based on that seems unlikely to me.

> For the record, RdRand doesn't do this because I refused to put it in because it's a back door in the spec.

Wait what - you designed Intel's RdRand hardware RNG?

So, since there is a lot of paranoia about backdoors in that, is there a backdoor? :P

Comment: Re:On the record (Score 2) 99

by thue (#46360921) Attached to: 'Obnoxious' RSA Protests, RSA Remains Mum

For starters, they can come clean. All their press releases have been exercises in trying to say as little as possible, and be as misleading as possible whiile still not literally lying. For example, their non-denial of the $10,000,000 deal with NSA had half the press falsely reporting that RSA claimed there never any $10,000,000 deal.

Dual_EC_DRBG has been documented since 2006/2007 to be an insecure CSPRNG, even without the backdoor. I knew about it for example, and I do not even work in that field. The only way nobody at RSA Security (a huge company specializing in security) could not have heard about it is by putting their hands over their ears and yelling LALALA. And they didn't put 2 and 2 together about why NSA paid them $10,000,000 when the possible backdoor was discussed in the media and the cryptographic community?

I can accept that RSA Security might have been fooled in 2004. But they have not even tried to explain why they kept using Dual_EC_DRBG after 2006/2007. They have been caught with the hand in the cookie jar, and refuse to even try to defend themselves. Why should I try to invent explanations for their innocence for them?

> what evidence could RSA show us that would reinstate our trust

The point is that the circumstantial evidence is so hugely strong. This is not unfair - this is reality.

It is like finding you standing over a corpse in a pool of blood and a knife in your hand, with a $10 million payment to your account from the victims worst enemy. And you refusing to talk about how you got there, or why the victim's worst enemy sent you the $10 million. Do you think I have no right to make assumptions in that case?

"Well hello there Charlie Brown, you blockhead." -- Lucy Van Pelt

Working...