mrsbrisby - Slashdot User

Comment Re:So you think RSA is broken? (Score 1) 179

by mrsbrisby on Wednesday December 10, 2008 @09:21AM (#26058869) Attached to: DNSSEC Advances in gTLDs; Bernstein Intros DNSCurve

And I'm not sure what you mean by "breaking TCP"...

Breaking TCP presently requires guessing sequence numbers reliably or a MITM attack. Both are extremely uncommon outside of LANs.

This isn't true... the best known attacks against RSA are just to factor the modulus.

What isn't true? Breaking RSA is easier than breaking RSA and TCP? (note "also" in my original phrasing)

255-bit ECC is probably slower than 1024-bit RSA for verifies, however.

Not just probably, definitely. That's probably why dnscurve uses Curve25519 (very very fast DH), which is significantly faster than RSA at similar key-strengths.

They can get new ciphers rolled out to browsers, and degrade to RSA for browsers that haven't implemented them. These problems are considerably worse for DNS servers and routers.
On the other hand, with DNSSEC, we're talking about using RSA in a new standard; its performance and size are already problematic at the current strength, and will get cubically worse at greater strengths.

Agreed. We already have excellent information about how long it takes to roll out a new protocol (and stop supporting the old protocol): A-fallback for MX records, Path-MTU discovery problems, ECN, and SSLv2 are things that we still have to deal with today, and MX records were introduced over twenty years ago.

It's evident that new protocols need to be carefully designed to be compatible with existing systems, and that the existing systems will be around for a long time. DNSSEC simply isn't compatible with DNS.

So saying "These problems are considerably worse for DNS servers and routers", I believe is woefully understated. These problems are the most important factor here, on a live, moving, Internet.

Submission + - Safest Seat on a Plane: How to Survive a Crash (popularmechanics.com)

Submitted by

Ant

on Thursday July 19, 2007 @10:54PM

Ant writes: "Popular Mechanics shares a short article on an exclusive look at 36 years' worth of National Transportation Safety Board (NTSB) reports and seating charts to determine the best way to live through a disaster in the sky. Move to the back of the Airbus (Boeing too?). Seen on Boing Boing."

Submission + - Cisco says FTP feature in IOS is a hacker backdoor

Submitted by

dark_15

on Monday May 14, 2007 @09:51AM

dark_15 writes: "'Cisco says a flaw in the FTP server utility in its IOS router/switch software could be used as a backdoor by attackers. IOS FTP, which comes disabled by default in IOS, is used to upload IOS software images and other software to routers and switches remotely. However, Cisco says attackers could exploit a vulnerability in the FTP server to gain access to the file system of an IOS-based router or switch and affect configuration settings.'

More details on this advisory can be found here"

Submission + - Hybrid Cars to Get More Realistic Mileage Ratings

Submitted by

Skidge

on Monday May 14, 2007 @09:39AM

Skidge writes: "Wired is running a piece showing the drastically reduced mileage ratings for hybrids after the upcoming changes in gas mileage calculations by the EPA. While the cars themselves aren't changing, plugging these new numbers in to the equation makes a hybrid much less cost effective: "The two top-selling hybrid vehicles, the Prius and Honda's Civic Hybrid, will lose 12 and 11 miles per gallon respectively from their city driving estimates." The new values come from more realistic testing; the old, over-inflated ratings were higher in part because the cars idled a lot, allowing the hybrids to completely turn off their engines. The new ratings should be more in line with what hybrid drivers are actually seeing."

Teachers Fake Gunman Attack 863

Posted by samzenpus on Monday May 14, 2007 @09:33AM from the stop-crying-teacher-would-never-really-kill-you dept.

Anti_Climax writes "Staff members of an elementary school staged a fictitious gun attack on students during a class trip, telling them it was not a drill as the children cried and hid under tables. It'll be interesting to see what happens to these teachers after the charges brought against students in recent months."

Submission + - Norway Moves Towards Mandatory use of ODF and PDF

Submitted by

Andy Updegrove

on Monday May 14, 2007 @09:19AM

Andy Updegrove writes: "Norway has become the latest European country to move closer to mandatory government use of ODF (and PDF). According to a press release provided in translation to me by an authoritative source, Norway now joins Belgium, Finland, and France (among other nations) in moving towards a final decision to require such use. The Norwegian recommendation was revealed by Minister of Renewal Heidi Grande Roys, on behalf of the Cabinet-appointed Norwegian Standards Council.If adopted, it would require all government agencies and services to use these two formats, and would permit other formats (such as OOXML) to be used only in a redundant capacity.Reflecting a pragmatic approach to the continuing consideration of OOXML by ISO/IEC JTC 1, the recommendation calls for Norway to "promote the convergence of the ODF and OOXML, in order to avoid having two standards covering the same usage."According to the press release, the recommendation will be the subject of open hearings, with opinions to be rendered to the Cabinet before August 20 this summer.The Cabinet would then make its own (and in this case binding) recommendation to the Norwegian government.
http://www.consortiuminfo.org/standardsblog/articl e.php?story=20070513180219689"

Submission + - Where do you get your IT news?

Submitted by whiggy on Monday May 14, 2007 @09:14AM

whiggy writes: I am a network admin in a small company with predominantly MS systems and some Linux. I am attempting to organize myself in order to be more productive. One of the things on my list is to keep up with the latest technology trends, of course. I have several sites in my bookmarks that I visit daily but I am just curious what other good resources are out there. We are a MS shop with some Linux. What are your favorite sites (or other resources) you get your morning news from? Which ones are the "must haves" (other than /.)?

Slashdot Top Deals