Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment Re:He's right... if his job is to *prevent* terror (Score 4, Insightful) 509

If his job is to prevent terrorism, he's right... he can't do that without a substantial surveillance dragnet that tramples the 4th Amendment.

He can't do it with that dragnet, either. All this NSA dragnet shit was in place for YEARS at the time of the Boston Marathon bombing, and it wasn't worth shit.

-jcr

Comment Re:Very Smart Move (Score 1) 178

It depends on the implementation. As I recall, the Intel ones are basically just a pair of flipflops in an unstable configuration for each bit. They're intended to be something that toggles between 0 and 1 at some frequency that you can't easily determine (and which isn't the same for each bit). However, as they're digital circuits, they do respond to heat. Hopefully, they don't respond in a way that makes the readings more predictable, but it would take a lot of analysis to be sure of that.

Comment Re:Still won't fix monopolies (Score 1) 153

In the UK, this is referred to as Local Loop Unbundling (LLU), and it was promised to bring in more competition. It does, to a degree, but installing the equipment at the exchanges is very expensive. They're also BT was forced to separate its wholesale and retail businesses into separate business units, and provide the lines at the same price to competitors as they provide to their retail business unit. There are several problems with this though. If you buy broadband via this latter option, you need to pay line rental to BT Retail, which is stupidly expensive (around £15/month, and then calls on weekdays cost more than I pay from my prepay [no line rental] mobile phone) and bumps up the profits of BT Retail. There's then no requirement for BT Retail to make any profit on broadband, and so they can afford to undercut competitors who actually need to make a profit.

Comment Re:kind of ruins the point....... (Score 1) 308

A good paper is not necessarily a paper that will win a Nobel prize. If you're just sitting there and thinking really hard, hoping for inspiration to strike, then you'll have difficulty doing this. For everyone else, you always have intermediate results that give you something useful and it's incredibly valuable to share these with the wider community so you don't end up with everyone doing the same work in secret. If you can't manage to publish at even this rate, then you are being far too secretive about your work to justify an academic position.

Oh, and it's not once a year, it's once a year on average, over four years. So if you work on a big project for 2-3 years and then get a flurry of papers out at the end, then that's fine too.

Comment Re:meeses (Score 1) 361

I used to have one that detected the motion of the ball by shining a light down the a cylinder that the ball rolled. This made it very accurate, but it had the down side that in bright sunlight enough light got through the white plastic to permanently trigger the sensor, so it never saw an occlusion and thought that the ball was stationary. A nocturnal mouse.

Comment Re:Scottish Independance (Score 1) 208

Given the northward flow of tax money in the UK currently, Scottish Independence would mean that the government of the rest of the UK could immediately end all of the austerity cuts. Meanwhile, the Scottish government would be trying to get comparable handouts from the EU (likely vetoed by Spain so that Catalan independence doesn't get any inspiration), or watching the economy tank. All of the benefits that Scotland gains from large proportions of the military being stationed there in peacetime would evaporate, as would the public sector contracts that have been helping to bootstrap the Scottish IT industry over the last few years.

Comment Re:So, same as the Linux Kernel (Score 1) 178

You might want to check your facts. A few things:
  • The new FreeBSD randomness framework allows whitening algorithms (Yarrow, Fortuna, whatever) to be plugged in easily, along with multiple sources.
  • Linux initially trusted RDRNG unconditionally to provide streams of random numbers, then backtracked to only using it as an input to whitening. FreeBSD only ever used it as an input to the PRNG and now has a more generic framework for doing so.
  • Neither the new, or the old, FreeBSD random number generation framework is vulnerable to the attack published in October (and covered on Slashdot) on the Linux random number generator.

Comment Re:Weird stance. (Score 2) 178

Trust in a random number generator is not a binary thing. All of the current hardware RNG implementations produce some entropy. The question is how much entropy you trust them to produce. If it gives 256 bits of entropy, then you can just use it as your random number source and be done with it. One that produces 16 bits of entropy is very useful as one (but not the sole) source to an algorithm like Yarrow of Fortuna, but would be a disaster if you used it as the random number generator without such an algorithm in the middle.

Comment Re: what's that going to accomplish? (Score 2) 178

It is quite unlikely that the hardware RNG is compromised. It is, however, quite likely (and there have been experiments to show this for some RNG implementations) that it doesn't give as much entropy as advertised.

The big problem is that it's very hard to get good entropy early on in the boot process (when things like TCP sequence numbers and sometimes when SSH server keys are initially generated). You can use a hash of the kernel, but that's shared between other machines with the same kernel. You can use the time, but that's likely known to the attacker (and in some embedded systems will always be the same on every boot, until it queries an external source and corrects it). You can use interrupt times, but the ones from the disk / flash are likely to be similar, if not the same, across boots of the same kernel and the early network ones are susceptible to attack by people on the local network.

The hardware RNG definitely gives you some entropy, and so using it to stir the pool for Yarrow helps a lot here. Later on, there is a lot more entropy. As you start to get disk access patterns based on system use and network connections from a variety of sources, interrupt times give quite a lot of entropy. It still helps to mix in the hardware RNG, however.

As I said in another post, it's quite unlikely that the hardware is intentionally compromised (although it's a nice attack, so I wouldn't guarantee that future versions won't be), but it's very likely that it provides less entropy than advertised. This makes it fine for input into a PRNG like Yarrow of Fortuna (I think Fortuna made it into FreeBSD 10, if not it should be in 10.1), but not adequate for general use. The point of a PRNG algorithm like Yarrow is to generate an unpredictable sequence of numbers from some source entropy seed, which can change over time. As long as you have enough entropy, you will get a cryptographically secure sequence of pseudo-random numbers. All this work is doing is saying 'we trust the hardware to give us some entropy, but we don't trust it to give us all of the entropy that we need'.

Comment Re:Very Smart Move (Score 1) 178

This work has been ongoing for about a year, since long before the NSA stuff came out. The consensus has been for a while that some hardware random number generators give very good entropy, but some are very poor and it's difficult to tell without querying them a few million times and plotting the distribution which one you have. Add to that, some of them appear to be influenced by the temperature, and as Stephen Murdoch's attack on Tor showed influencing the temperature of someone else's server is not always as difficult as you'd think.

It seems quite unlikely that the hardware RNGs are tampered with, although it would be a very neat hypothetical attack if you could influence a specific RNG in such a way that you could reduce the entropy to, say, 16 bits within a larger space and only you be able to determine what the real space was, but it's very likely that some of them are quite bad. Adding Yarrow[1] makes you a bit safer, because there will be other entropy sources mixed in and so even a relatively poor RNG helps stir the pool.

[1] Or some other whitening algorithm - Yarrow is the default, but there are some newer ones that are better, at the cost of a footprint that is not desirable for embedded devices, and FreeBSD 10 now includes a framework to make it easy to plug in the one you want.

Slashdot Top Deals

If you hype something and it succeeds, you're a genius -- it wasn't a hype. If you hype it and it fails, then it was just a hype. -- Neil Bogart

Working...