xizhi.zhu - Slashdot User

Comment: Chinese don't trust CNNIC (Score 1) 256

by xizhi.zhu on Wednesday February 03, 2010 @01:34AM (#31006542) Attached to: Mozilla Accepts Chinese CNNIC Root CA Certificate

the truth is that Chinese don't trust CNNIC, me included. if you search CNNIC on twitter, you'll find many Chinese talking about how to remove it permanently. what I want to add is that the we use SSL/TLS because we trust the CA, but now if the CA is not trusted, what do you think?

+ - Chinese version of GTalk NOT encrypted 0

Submitted by

xizhi.zhu

on Wednesday August 26, 2009 @02:02AM

xizhi.zhu writes "My friend just told me that the Chinese version of Google Talk is NOT encrypted, while the English version is encrypted. Then I tried it and found that's true. Also, one more strange thing is that the Chinese version (1.0.0.105) is higher than the English version (1.0.0.104)."

+ - 1024-bit RSA is safe at least until 2014? 0

Submitted by

xizhi.zhu

on Saturday August 15, 2009 @01:53AM

xizhi.zhu writes "Security researchers recently claim that 1024-bit RSA is at a small risk at least until 2014, and 160-bit ECC over a prime field is safe at least until 2020, based on the state-of-the-art in practical data of large scale integer factorization and elliptic curve discrete logarithm computation efforts."

Comment: This maybe not enough (Score 2, Interesting) 219

by xizhi.zhu on Friday August 14, 2009 @07:46AM (#29064215) Attached to: US Tests System To Evade Foreign Web Censorship

For a real success, they should be runnable for all email accounts, not only those using Gmail, etc. The reason is that China or Iran may simply block those providers (and it's true that China has blocked several services of Google). Also, encryption is needed, as China now filters all the traffic, including SMTP, POP3, IMAP. Moreover, it should be quite easy for the end users.

+ - Latest practical attacks on AES-256-> 0

Submitted by

xizhi.zhu

on Thursday July 30, 2009 @02:10PM

xizhi.zhu writes "As blogged by Schneier, there is another new attack against AES-256. This new attack can break AES-256 of 9 rounds at the time 2^39, AES-256 of 10 rounds at time 2^45, and AES-256 of 11 rounds at time 2^70. Note that the full AES-256 has 14 rounds. However, this attack requires the cryptanalyst to have access to plain-texts encrypted with multiple keys that are related in a specific way. Also, Schneier suggests AES-128 at 16 rounds, AES-192 at 20 rounds, and AES-256 at 28 rounds."
Link to Original Source

+ - More problems for SSL-> 0

Submitted by

xizhi.zhu

on Saturday July 25, 2009 @02:35AM

xizhi.zhu writes "More attacks against SSL/TLS would be presented in the Black Hat conference next week.

First, Moxie Marlinspike would extend his novel work on SSL Strip that new tools/tricks would be released against other SSL based protocols like imaps, pop3s, etc., ultimately providing highly effective attacks on SSL connections themselves.

Then, Alexander Sotirov and Mike Zusman would present their attack against Extended Validation SSL Certificate, a security-enhanced SSL certificate. They will show how any attacker who can obtain a non-EV SSL certificate for a website can perform completely transparent man-in-the-middle attacks on any SSL connection to that site, even if the website is protected is by an EV certificate and the users are diligently inspecting all information contained in the SSL certificates.

Besides, researchers from Carnegie Mellon found that for most times, the invalid certificate warnings one gets when visiting a secure web site are not useful. They found that as different browsers used different language to warn, they had different effects that 55% to 100% users ignored the warnings, among which FireFox 3 seems to be the best. They also found that people didn't really understand these warnings, e.g. many thought they could ignore the messages when visiting a site they trust, but that they should be more careful at less-trustworthy sites. Their finding would appear in the 18th USENIX Security Symposium next month."
Link to Original Source

Comment: Net does have influence in China, but not enough (Score 1) 204

by xizhi.zhu on Saturday April 11, 2009 @05:54AM (#27540903) Attached to: The Net — Democratic Panacea Or Autocratic Tool?

As a Chinese, I would say the Internet does have influence in China, and it's becoming more and more important for Chinese people. We have cases that some corruptions are exposed first over the Internet.
However, now the government is trying its best to control everything online, because it's currently an obvious threat to them. They've setup Internet filtering mechanisms, known as Great Fire Wall, to filter all the traffic in and out China. Also, they have a strict rule for web-sites in China, and they've already shut down many web-sites, especially blog providers, like Bullog.

+ - Nightmare might really kill you 0

Submitted by

xizhi.zhu

on Thursday April 02, 2009 @01:46PM

xizhi.zhu writes "At the end of last month, a Chinese man called Wenyan Li died in the detention house. The authority explained that he died during the night of March 27th at about 1:53, when he had a nightmare. It's the second interesting cause of death in Chinese detention house this year. In February, a 24-year-old man called Qiaoming Li died in another detention house because he had his head hit heavily on the wall when he was playing a hide-and-seek game."

Comment: the description is not complete :D (Score 3, Informative) 272

by xizhi.zhu on Friday March 13, 2009 @04:49AM (#27178613) Attached to: Chinese Subvert Censorship With a Popular Pun

more background is still needed :D besides the "grass-mud horse", another animal, "river crab" is also popular in China now, which is the enemy of the "horse". in Chinese, "river crab" sounds like "harmony", which is what the Chinese government use as an excuse to shut down websites they don't like.