Follow Slashdot stories on Twitter


Forgot your password?

Comment Re:FTFT (Score 1) 140

Aren't those the type-of calling of sizeof and therefore needs parenthesis?

To me even asking that question is indication, that you should include parenthesis. If the author or any of the readers are unsure if parenthesis is required or not, it is better to use parenthesis more often than strictly required. In other words, you can omit the parenthesis only if you know for sure, it will work and that everybody who will read it, also understand the rules.

Comment Re:FTFT (Score 1) 140

the IV is not considered secret.

Of course not. After all, most cipher modes sent the IV directly on the wire. However it is only sent once the data has been encrypted. If the adversary knew the IV before you encrypted the data, the adversary could influence the content of the data based on her knowledge about the IV, and break the encryption that way. If you are using a cipher mode, which requires the IV to be random, then you must choose a random IV after the data to be encrypted has been set in stone, and no sooner than that. SSL was broken due to encrypting data in CBC mode, where the data was not yet known, when the IV was chosen.

Comment Re:FTFT (Score 1) 140

As long as keys are never re-used it doesn't matter if the IV is predictable or not.

That depends a lot on the mode. CBC mode is vulnerable to plenty of attacks, if the IV is predictable. And what predictability means in this context has taken some people by surprise. If the end of the stream of data is not set in stone once you start encrypting, does that mean the IV is predictable? The way CBC has been used in SSL did have a weakness because of that. The cipher blocks sent across the network are used as IV for successive blocks. But once you have sent a cipher block, it is no longer unpredictable. And if the adversary can influence the next data block once he has seen the previous cipher block, CBC can be exploited.

This is the same tradeoff as when using block ciphers in counter mode.

It is true that counter mode is one of those modes, that do not require unpredictable IVs. In fact you can just use a counter to generate your IV. But if you do not choose IVs carefully, counter mode is one of the weakest modes, you can choose. If you ever reuse an IV, you have effectively reduced the encryption to a multi-time pad. CBC mode with a constant IV would be more secure than that.

The thing is, that counter mode is actually a stream cipher, which operates by generating a stream of bits, which is XORed with the message. All ciphers constructed in this way are vulnerable, if the IV is reused. That is exactly the problem with WEP.

I have seen at least one published article recommending the use of counter mode for storage encryption. It did not explicitly say you should use the sector number as IV, but it was hinting, that's what you were expected to do. Additionally using sector number as IV has been common practice in storage encryptions. Any storage encryption following that practice would be broken if an adversary was able to get the data which has existed at one logical sector number at two different points in time. Ways that could happen includes:

  • Wear levelling on a flash/SSD medium.
  • Remapped sectors on a harddrive.
  • Access to earlier versions due to slight difference in alignment of write head.
  • Encrypted data stored on an untrusted host or accessed over an untrusted communication path.
  • Adversary with physical access to copy the encrypted media more than once.

Submission + - Google Books case dismissed on Fair Use Grounds

NewYorkCountryLawyer writes: In a case of major importance, the long simmering battle between the Authors Guild and Google has reached its climax, with the court granting Google's motion for summary judgment, dismissing the case, on fair use grounds. In his 30-page decision (PDF), Judge Denny Chin — who has been a District Court Judge throughout most of the life of the case but is now a Circuit Court Judge — reasoned that, although Google's own motive for its "Library Project" (which scans books from libraries without the copyright owners' permission and makes the material publicly available for search), is commercial profit, the project itself serves significant educational purposes, and actually enhances, rather than detracts from, the value of the works, since it helps promote sales of the works. Judge Chin also felt that it was impossible to use Google's scanned material, either for making full copies, or for reading the books, so that it did not compete with the books themselves.

Comment Re:HTTPS on Slashdot (Score 1) 335

There is absolutely no reason that I'm aware of not to think the certificate authorities weren't compromised from the very beginning.

Even if you had compromised a CA, there would be a huge risk of being exposed the very first time you abused it. You have to send a legitimate certificate to the site owner, otherwise they would not be able to setup their https site in the first place. However a CA cannot abuse the legitimate certificate because they don't know the corresponding secret key. So in order to do any abuse, you have to forge another certificate.

Now there are two certificates each of which is definitely visible to a small set of legitimate users. If certificate pinning was widespread, then that would be enough to guarantee exposure. We just need a standard for chaining the legitimate certificates over time, such that certificate pinning can work well when the legitimate certificate is replaced with a new legitimate certificate before the old has expired. Ideally it would be designed in a way, that does not require cooperation from the CAs, because they might be afraid of losing control, if such a chaining was readily available.

It is useful and important to focus on as strong security against passive attacks as possible, even if it doesn't improve security against active attacks. Strong security against passive attacks will mean active attacks are needed in more cases, and it also means it is hard to make those active attacks well targeted. And systematic active attacks is both difficult to pull off and also easily detected. Additionally widespread deployment of cryptography, which is only resilient to passive attacks is easier, since it does not rely on key distribution.

It is just important to ensure that you still do use methods secured against active attacks, when the extra security is really needed. Additionally protocols must be designed such that an active attack is required to find out if a connection was protected against them. If you can passively tell if a connection is secured against active attacks, then passive security is practically worthless.

Comment Drinking Water Isn't So Easy As You Think (Score 3, Interesting) 247

When I was a kid I did Unicef collection every Haloween. We got an orange cardboard coin box at school, and collected donations to it along with our trick-or-treat. Unicef used these funds to build water wells for people in Africa who had only access to contaminated surface water.

A decade or two later, we found that many of these wells accessed aquifers that were contaminated by arsenic. And that thus we kids had funded the wholesale poisoning of people in Africa, and that a lot of them had arsenic-induced cancers that were killing them.

OK, we would not make that mistake again, and today we have access to better water testing. But it caused me to lose my faith that we really do know how to help poor people in the third world, no matter how well-intentioned we are.

And we had better not go around curing disease withoput also promoting birth control. Despite what the churches say, and the local dislikes and prejudices. Or we'll just be condemning more people to starve.

Comment Re:Er, wait, what? (Score 5, Insightful) 140

Well, nuclear reactions that we can turn off like laser-initiated fusion are a lot nicer than the alternatives. The inside of your car engine is a raging inferno shot with electric sparks and compressed with inexorable steel cylinders. That doesn't keep you from going on a nice drive with your sweetie.

Submission + - Aereo required to testify about non-public patent info

NewYorkCountryLawyer writes: In ABC v Aereo, a copyright infringement action against Aereo, the Magistrate Judge has overruled Aereo's attorney/client privilege objection to being forced to divulge non-public details about its patented technology. In his 15 page decision (PDF) he ordered the continued deposition of the company's CTO and CEO about their patent applications. My gut reaction is that this sets a very dangerous precedent, giving the big copyright plaintiffs yet another 'in terrorem' device to use against technology startups — the power to use the lawsuit as a chance to delve into a defendant's non-public tech secrets.

Slashdot Top Deals

In any formula, constants (especially those obtained from handbooks) are to be treated as variables.