I never said it was. What I said is that factoring is in NP (not NP-hard), so if it's not in P, then it must be the case that P!=NP.

On the other hand, as you said, if it turns out that factoring is in P, then it's still possible that P!=NP (i.e., there may be another problem that is in NP but not in P).

I'd be interested in a reference, if you find one.

As far as I know, this is an open question (see this for a lot of references) -- so maybe I should have said:

Still, the other point stands -- proving that breaking RSA is not in P (or that factoring is not in P) implies proving P!=NP.

That doesn't mean anything; the same is true for classical algorithms.

That's hardly surprising if you understand what proving anything like that would entail. Hell, to prove you can't break ECC or RSA with a classical computer you'd have to prove P!=NP, since discrete log and factoring are in NP. (To see why, just note that fast factoring would break RSA, so to prove you can't break RSA you have to prove that fast factoring is impossible, which means that you have to prove that factoring is not in P -- but since factoring is in NP, you'd also be proving P!=NP).

Note, however, that proving that ECC or RSA are breakable does not require a proof of P=NP or P!=NP -- for example, you don't need fast factoring to break RSA.

Exactly. The maintainer of the /dev/random driver explained this and a lot more about this paper here.

SecureRandom has the benefit of being the standard way of generating random numbers for use in cryptography in Java. Why do it differently when you can do it the standard way (where you can re-use the code later, if opportunity arises)?

On the other hand, "use /dev/random instead" is not good advice for people who already have working code (possibly in libraries) that uses SecureRandom. The solution given in that blog post is very simple: "Add this class to your android project and stick PRNGFixes.apply(); on your main acvitity's onCreate()." That's a guaranteed fix regardless of whether you're starting a new project or already have working code, and will fix code in libraries you might not even realize are using SecureRandom.

It's much easier and foolproof to fix SecureRandom than to find and change every piece of code (including libraries which many people have no control over) that uses SecureRandom.

Chill out, man. The original point is not that it's "unlikely" that humans will sustain a civilization for 10,000 years more, only that that's "optimistic". The (admittedly pessimistic) idea that the current civilization will collapse was used to write a story about the hypothetical civilization that will come after this one. That's all.

(By the way, "civilization" usually implies "having a writing system", so it's weird to say "civilization that writes". In the same vein, you should understand "every civilization with written records" in the author's quote to mean "every civilization that we know about because we have records about them", not "every civilization that had writing").

That's completely mistaken. We don't find a wide distribution of neutrino velocities because it takes very little energy to make a neutrino go very close to the speed of light (this happens because neutrinos have *very* little mass). This means that there's a very small probability for a neutrino to have a small velocity relative to anything else -- you just have to sneeze at it (that is, interact with it in almost any way) to send it flying away at close the speed of light. So it's *expected* that you'll never actually see a slow neutrino.

That's just bullshit. It's true that General Relativity doesn't fit at all with Quantum Mechanics, but there's *no* compelling evidence at all against Relativity (either General or Special). There's *no* known experiment that gives a conclusive result that's different from what Relativity predicts. People are working on other theories because General Relativity doesn't fit with Quantum Mechanics, not because there's evidence against Relativity.

You forgot this:

You don't receive some software derived from software previously licensed under BSD. Let B be the set of all things you can do with/to the software.

You do receive some software derived from software previously licensed under GPL. Let G be the set of all things you can do with/to the software.

B is the null set, therefore B is a strict subset of G.

Hence, G has a more liberal license than B.

In the end, the discussion of "which license is more liberal" is silly. Each license yields different freedoms to different groups of people. Use whatever works for you, don't use what you don't like. Advocate licenses you'd like other people to use. Just don't oversimplify the discussion with simplistic logical fallacies.

There's nothing wrong with tracking prior public keys. That's a good option for knowledgeable users, but it's a no-starter for people who know nothing about cryptography.

See for example what would happen when a key is compromised or just lost. In this case you have to warn everyone that your key will change. Now think of how often will people receive the message "hey, my email key has changed, so the warning you'll get is not a MITM attack", and how soon will people start clicking "accept" without bothering to check whether it's legitimate?

The idea of certificates is that the end user only has ONE job: to decide which CAs he or she will trust. Even that has proven to be too much for the end user: almost no one even knows you can choose which CAs they want to trust, everyone trusts the browsers or the OSs to make this choice for them. Any solution that requires MORE decisions from the user is a step back.

When connecting for the first time, SSH shows the public key fingerprint of the host you're connecting to. If you don't bother to check it, you're leaving yourself wide open to a MITM attack (and in this case, the attacker doesn't even need access to any certificate authorities).

Your proposed email system that blindly accepts every public key upon first connection is even worse than using CAs -- with certificates, you can at least choose which authorities you want to trust.

You're delusional. Alckmin is right-wing for Brazilian standards, but his social programs would be considered borderline socialist in the USA.

Just look at how Obama is accused of being socialist for Obamacare, which is not even universal healthcare.

That's a nice view, but I don't see how it's ultimately defensible. You seem to be arguing that anything that prevents anyone from expressing their ideas any way he or she wants is against the "abstract principles" of free speech.

How do you reconcile your position with the idea that people shouldn't be allowed to talk during movies? As far as I can see, banning a troll from a website is like removing a loud person from a theater -- people are in the site to discuss site-related stuff, and the troll is disrupting that.

Don't try to trivialize Sony's rootkit fiasco, it was not just a matter of a company releasing an unpopular product and then recanting.

What Sony did was possibly illegal. "Possibly" only because they were never convicted -- they settled all the lawsuits -- but in many states there are specific laws against covertly installing spyware (a lot of states have a very similar piece of legislation called "Consumer Protection Against Computer Spyware Act", here are the ones for Texas and California, for example).

Not to mention that the rootkit opened vulnerabilities in the systems where it was installed (more details on Wikipedia). The federal government didn't sue, but the Department of Homeland Security made very clear that what Sony did was unacceptable.