Follow Slashdot stories on Twitter


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - 1024-bit RSA is safe at least until 2014?

Submitted by
xizhi.zhu writes "Security researchers recently claim that 1024-bit RSA is at a small risk at least until 2014, and 160-bit ECC over a prime field is safe at least until 2020, based on the state-of-the-art in practical data of large scale integer factorization and elliptic curve discrete logarithm computation efforts."

Comment: This maybe not enough (Score 2, Interesting) 219

by xizhi.zhu (#29064215) Attached to: US Tests System To Evade Foreign Web Censorship
For a real success, they should be runnable for all email accounts, not only those using Gmail, etc. The reason is that China or Iran may simply block those providers (and it's true that China has blocked several services of Google). Also, encryption is needed, as China now filters all the traffic, including SMTP, POP3, IMAP. Moreover, it should be quite easy for the end users.

+ - Latest practical attacks on AES-256->

Submitted by
xizhi.zhu writes "As blogged by Schneier, there is another new attack against AES-256. This new attack can break AES-256 of 9 rounds at the time 2^39, AES-256 of 10 rounds at time 2^45, and AES-256 of 11 rounds at time 2^70. Note that the full AES-256 has 14 rounds. However, this attack requires the cryptanalyst to have access to plain-texts encrypted with multiple keys that are related in a specific way. Also, Schneier suggests AES-128 at 16 rounds, AES-192 at 20 rounds, and AES-256 at 28 rounds."
Link to Original Source

+ - More problems for SSL->

Submitted by
xizhi.zhu writes "More attacks against SSL/TLS would be presented in the Black Hat conference next week.

First, Moxie Marlinspike would extend his novel work on SSL Strip that new tools/tricks would be released against other SSL based protocols like imaps, pop3s, etc., ultimately providing highly effective attacks on SSL connections themselves.

Then, Alexander Sotirov and Mike Zusman would present their attack against Extended Validation SSL Certificate, a security-enhanced SSL certificate. They will show how any attacker who can obtain a non-EV SSL certificate for a website can perform completely transparent man-in-the-middle attacks on any SSL connection to that site, even if the website is protected is by an EV certificate and the users are diligently inspecting all information contained in the SSL certificates.

Besides, researchers from Carnegie Mellon found that for most times, the invalid certificate warnings one gets when visiting a secure web site are not useful. They found that as different browsers used different language to warn, they had different effects that 55% to 100% users ignored the warnings, among which FireFox 3 seems to be the best. They also found that people didn't really understand these warnings, e.g. many thought they could ignore the messages when visiting a site they trust, but that they should be more careful at less-trustworthy sites. Their finding would appear in the 18th USENIX Security Symposium next month."

Link to Original Source

Comment: Net does have influence in China, but not enough (Score 1) 204

by xizhi.zhu (#27540903) Attached to: The Net — Democratic Panacea Or Autocratic Tool?
As a Chinese, I would say the Internet does have influence in China, and it's becoming more and more important for Chinese people. We have cases that some corruptions are exposed first over the Internet.
However, now the government is trying its best to control everything online, because it's currently an obvious threat to them. They've setup Internet filtering mechanisms, known as Great Fire Wall, to filter all the traffic in and out China. Also, they have a strict rule for web-sites in China, and they've already shut down many web-sites, especially blog providers, like Bullog.

+ - Nightmare might really kill you

Submitted by
xizhi.zhu writes "At the end of last month, a Chinese man called Wenyan Li died in the detention house. The authority explained that he died during the night of March 27th at about 1:53, when he had a nightmare. It's the second interesting cause of death in Chinese detention house this year. In February, a 24-year-old man called Qiaoming Li died in another detention house because he had his head hit heavily on the wall when he was playing a hide-and-seek game."

Comment: the description is not complete :D (Score 3, Informative) 272

by xizhi.zhu (#27178613) Attached to: Chinese Subvert Censorship With a Popular Pun
more background is still needed :D besides the "grass-mud horse", another animal, "river crab" is also popular in China now, which is the enemy of the "horse". in Chinese, "river crab" sounds like "harmony", which is what the Chinese government use as an excuse to shut down websites they don't like.

Time to take stock. Go home with some office supplies.