Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Practical? (Score 1) 72

I want crypto that has a good chance of outlasting the heat death of the universe

Why, are you Doctor Who and got the key to unraveling space and time or something? And even if someone should bother, do you really care if crypto-archaeologists find your tin foil hat conspiracies or pr0n collection (I was considering saying love letters and gf sex video, but it's /.) many thousand years from now when you and everyone who ever knew you is countless generations dead? I do care about 20 or 50 years from now but unless we make significant progress towards immortality in that time, I hardly care what happens after I become worm food.

Comment Re:For variable values of "practical" and "relevan (Score 1) 72

Not a lot you can do?

Anything that requires signatures is vulnerable to forgery if the signer's certificate specifies SHA1.

An attacker could forge:

1. Software signatures - to slip malware into a software vendor's distribution channels.

That requires a second pre-image attack, not just a collision attack. (What gweihir called "two-sided" rather than "one-sided"... though that is not standard terminology).

2. SSL certificates - to MITM web connections to phish, steal data, or distribute malware.

Also requires a second pre-image attack.

3. Personal digital signatures - to fabricate documents, including emails, transaction, orders, etc that are normally trusted implicitly due to the signature

This one can be done with a collision attack. You generate two different documents which hash to the same value, but have different contents. The PDF format, unfortunately, make it pretty easy to generate documents which look sensible and have this property. It's not possible with more transparent formats (not without a second pre-image attack).

4. Subordinate CA certificates - to create trusted certificates which permit all of the above

The problem lies with #4.

This can only be done with a collision attack if the CA is really, really stupid. Proper CAs should include chain-length restrictions in their certificates. That way even if you can create two certificates which hash to the same value, one of which has the keyCertSign bit set to true (which the CA would refuse to sign) and one of which does not (which presumably you can get the CA to sign), it wouldn't matter because if you used the former to generate other certs, no one would accept them due to the fact that your chain is too long.

The only solution is to discontinue the use of SHA1 internally and to revoke trust for all CAs that still use SHA1.

I certainly agree that any CA still issuing certificates with SHA1 should not be trusted. Any existing certs based on SHA1 should be scrutinized, but most of them are still secure.

Better crypto has existed for a long time---the standard for SHA2 was finalized in 2001, well over a decade ago.

Absolutely. Of course, I say that as the maintainer (ish) of an open source crypto library that still uses SHA1. In systems that weren't originally designed for digest agility, it's often hard to retrofit. Today's news is a nice kick in the pants, though.

Comment Re:What should happen and what will happen (Score 1) 72

The second to last Yahoo security breach was so bad in part because the passwords were hashed with a completely unsalted MD5 https://nakedsecurity.sophos.com/2016/12/15/yahoo-breach-ive-closed-my-account-because-it-uses-md5-to-hash-my-password/. The lack of salting would have been by itself a problem even when MD5 was still considered secure.

Actually, even with salting, no standard cryptographic hash function is appropriate for password databases. You can squeak by if you iterate the hash function enough times, but even that is pretty weak, since it means that an attacker with lots of GPUs -- or, even worse, special-purpose hardware -- can perform hashes so much faster than you can that the key stretching you obtain is minimal.

The state of the art in password hashing is algorithms like Argon2, with parameters that are tuned to require significant amounts of not just CPU time, but RAM and threads. Argon2, tuned to require, say, 10ms of time on four cores and 256 MiB of RAM, is going to significantly strengthen passwords. The RAM requirement means a GPU with 4 GiB of RAM can only test 16 passwords in parallel, making GPU-based cracking essentially useless, since what GPUs provide is huge parallelism. Custom ASICs would do better, but would still run into bottlenecks on the speed of the RAM. Making really fast cracking hardware would require either huge amounts of RAM, or large amounts of extremely fast RAM. Either way, big $$$.

Even better, if at all possible you should use a hash that is keyed as well as salted. Doing that requires having some place to store the key that won't be compromised by the same sorts of attacks that compromise your password database. In most cases that's hard to do. Argon2 will accept a key so you can get both sorts of protection, though if you can be really, really certain that no attacker can ever get the key, then you can use a standard cryptographic hash function in a keyed mode, e.g. HMAC-SHA256, though I'd still recommend using a purpose-designed password hash (e.g. Argon2) in case your key is compromised.

Comment Re:The magic is dead. (Score 1) 86

Computing is pretty much ubiquitous nowadays. When I first got into computing back in grade school around 1981-82, computers were just this incredibly awesome thing.

And no matter how fast technology goes there's a diminishing return, like the difference between CGA, EGA and VGA is never coming back no matter how much people talk about 4K, 10 bit, HDR, Rec. 2020 and so on. Doubling from 1MB to 2MB meant more than 1GB to 2GB. The last time I was genuinely floored by new hardware was in 2002 with Morrowind when I installed a new GPU with hardware T&L. Suddenly the grass looked like grass, the sea looked like sea, things started to have realistic textures and shadows and whatnot. Sure in sum we've come far since then, but never in huge leaps like that. That and modem -> DSL was also huge, but of course not as huge as getting Internet in the first place.

Comment You appear to be advocating... (Score 1) 102

You appear to be advocating for a technical solution for fascism. The problem is, the fascists have better rubber hoses. Also, if it can't be turned off, then it can be used to grief people; if you can get them to turn it on, whether by owning their account or by tricking them, and they can't turn it off, that's beyond inconvenient.

Comment Re:Left and right (Score 1) 86

I don't see any such change, unless you're counting skepticism on the right about the hard-to-pin-down effect of carbon on weather, even when we observe warming (are we all going to die of thirst, or are we going to drown?)

Yes, that is the effect of CO2 on weather. We are going to die of thirst, or drown. That's why they call it a chaotic system.

Meanwhile the left hates technology just as much as it did in the Seventies, and has even started hacking away against pure research itself, as evidenced by their crusade against astronomy - a discipline whose vested interest is in a totally clean environment - first in Arizona, and more recently in Hawaii.

I can't figure out WTF you're talking about in AZ, in fact it looks like astronomers there are winning victories to fight light pollution. The thing in HI is not left vs. science. To the extent that any of the people involved are lefties (which sure, some of them are) they have been whipped into a froth by right-wing politicians. And the battle ties into a fight for the land which the Hawaiian natives, frankly, have not given up fighting. Remember, it's not like they simply chose to join an empire.

If Trump accomplishes just one thing, let him find a way of locking these little weasels out of the court system so we can get human progress moving again.

Be careful what you ask for, you just might get it, and if Trump makes it harder for people to fight larger entities in the courts, you are not going to enjoy the consequences. No one who will has time to post on Slashdot. They are all off fucking a Russian model or something.

Comment Re:A lot of negativism is totally gratuitous (Score 1) 86

But the author seems to be a frustrated SJW who couldn't resist a totally irrelevant slam at current US immigration policy, even though nobody has ever accused VASIMR developer Franklin Chang-DÃaz of having sneaked across the border on foot.

If such things make you angry, perhaps you should consider what about them puts you on the defensive.

Comment Re:Shift from offering products to exploiting user (Score 1) 86

Now, it's our job to get vocal, get active, and take our Democracy back,

It has never been a Democracy. It was always an Oligarchy. The rich white men (mostly slaveowners) who were running the country wanted to keep running the country, and wanted to get the Monarchy out of it. But they didn't want every plebe to have a voice, that would be madness!

It's our job to get vocal, get active, and get Democracy. Abolish the electoral college, as well as the practice of denying felons the vote. That only creates more incentive to find those who are politically inconvenient guilty of a felony.

Comment Whose "Perspective"? (Score 1) 163

If my "perspective" counters yours, should I have the right to remove yours?
If an American Internet website creator allows public access without registration (newspaper, social, journal, blog, whatever) then the 1st Amendment applies and they have no right to restrict what visitors to their sites post.

This should be obvious from the fact that a Christian baker was fined (put out of business?) for refusing to bake a homosexual, a lifestyle diametrically opposed and forbidden by the Christian faith (Lev 18:22, Lev 20:13).

A better name for "Perspective" is "BigBrother", for that is exactly how it will be used. The current massive suspensions and cancellations on Twitter and YouTube demonstrate that very well. Google, Twitter and Facebook only wants an echo chamber that repeats socialist dogma.

Comment Re:pushing things underground (Score 1) 163

This is evident in how many Republicans have submitted themselves to Trump, who is hardly a model of a good Christian.

Who cares how much time Trump spends praying so long as he appoints conservative Supreme Court justices and doesn't shove trannies into your bathrooms or force Christians to bake gay wedding cakes?

Comment Re:Weak/nonexistent punishments for faulty notices (Score 1) 55

All patent applications are signed under penalty of perjury. However, the US Patent and Trademark office disbanded its enforcement department in 1974. So, you can perjure yourself on a patent application with impunity.

Unless it's testimony in a criminal case, or the perjury trap in front of a grand jury, or something they want to prosecute like lying on your tax form, the Federal government is in general lassiez faire about perjury, or even encouraging of it with their reluctance to prosecute, especially perjury committed by a so-called intellectual property holder.

Comment Re:Stop accepting takedown notices from BSers (Score 1) 55

That's the beauty of cutting them off from the automated submission system after a very low threshold of bogus submissions (by percentage, quantity, or a combination).

It doesn't matter if they have an ulterior motive, they're shut down and have to pay a premium going forward... which means if they want to keep it up they'll be paying Google to employ extra verifiers and nobody else is affected.

Slashdot Top Deals

Today's scientific question is: What in the world is electricity? And where does it go after it leaves the toaster? -- Dave Barry, "What is Electricity?"

Working...