Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Some background facts (Score 1) 221

This isn't quite correct- factoring isn't known to be NP-Hard (and so proving it's in P wouldn't necessarily prove P=NP).

I never said it was. What I said is that factoring is in NP (not NP-hard), so if it's not in P, then it must be the case that P!=NP.

On the other hand, as you said, if it turns out that factoring is in P, then it's still possible that P!=NP (i.e., there may be another problem that is in NP but not in P).

Comment Re:Some background facts (Score 1) 221

I'd be interested in a reference, if you find one.

As far as I know, this is an open question (see this for a lot of references) -- so maybe I should have said:

It may be that proving that ECC or RSA are breakable does not require a proof of P=NP or P!=NP -- for example, it's not known that you need fast factoring to break RSA".

Still, the other point stands -- proving that breaking RSA is not in P (or that factoring is not in P) implies proving P!=NP.

Comment Re:Some background facts (Score 1) 221

There is no mathematical proof that any cipher (other than the one-time pad) is resistant to all as-yet-unknown quantum algorithms.

That doesn't mean anything; the same is true for classical algorithms.

That's hardly surprising if you understand what proving anything like that would entail. Hell, to prove you can't break ECC or RSA with a classical computer you'd have to prove P!=NP, since discrete log and factoring are in NP. (To see why, just note that fast factoring would break RSA, so to prove you can't break RSA you have to prove that fast factoring is impossible, which means that you have to prove that factoring is not in P -- but since factoring is in NP, you'd also be proving P!=NP).

Note, however, that proving that ECC or RSA are breakable does not require a proof of P=NP or P!=NP -- for example, you don't need fast factoring to break RSA.

Comment Re:Incorrect and irresponsible headline (Score 5, Informative) 240

Their analysis that the linux rng is insecure under this (rather contrived) model rests on an _incorrect_ assumption that Linux stops adding to the entropy pool when the estimator concludes that the entropy pool is full.

Exactly. The maintainer of the /dev/random driver explained this and a lot more about this paper here.

Comment Re:How does this get fixed? (Score 1) 183

SecureRandom has the benefit of being the standard way of generating random numbers for use in cryptography in Java. Why do it differently when you can do it the standard way (where you can re-use the code later, if opportunity arises)?

On the other hand, "use /dev/random instead" is not good advice for people who already have working code (possibly in libraries) that uses SecureRandom. The solution given in that blog post is very simple: "Add this class to your android project and stick PRNGFixes.apply(); on your main acvitity's onCreate()." That's a guaranteed fix regardless of whether you're starting a new project or already have working code, and will fix code in libraries you might not even realize are using SecureRandom.

Comment Re:xkcd is overrated (Score 2) 187

Chill out, man. The original point is not that it's "unlikely" that humans will sustain a civilization for 10,000 years more, only that that's "optimistic". The (admittedly pessimistic) idea that the current civilization will collapse was used to write a story about the hypothetical civilization that will come after this one. That's all.

(By the way, "civilization" usually implies "having a writing system", so it's weird to say "civilization that writes". In the same vein, you should understand "every civilization with written records" in the author's quote to mean "every civilization that we know about because we have records about them", not "every civilization that had writing").

Comment Re:Speed of light violation implication? (Score 3, Interesting) 46

This explanation is insufficient. If neutrinos were indeed massive particles we'd see a wide distribution of their velocities, just like we can observe slow and fast protons, slow and fast electrons, slow and fast everything that moves slower than c.

That's completely mistaken. We don't find a wide distribution of neutrino velocities because it takes very little energy to make a neutrino go very close to the speed of light (this happens because neutrinos have *very* little mass). This means that there's a very small probability for a neutrino to have a small velocity relative to anything else -- you just have to sneeze at it (that is, interact with it in almost any way) to send it flying away at close the speed of light. So it's *expected* that you'll never actually see a slow neutrino.

There is already too much evidence against Relativity Theory as it presently is.

That's just bullshit. It's true that General Relativity doesn't fit at all with Quantum Mechanics, but there's *no* compelling evidence at all against Relativity (either General or Special). There's *no* known experiment that gives a conclusive result that's different from what Relativity predicts. People are working on other theories because General Relativity doesn't fit with Quantum Mechanics, not because there's evidence against Relativity.

Comment Re:A great win for FreeBSD (Score 1) 457

You forgot this:

You don't receive some software derived from software previously licensed under BSD. Let B be the set of all things you can do with/to the software.

You do receive some software derived from software previously licensed under GPL. Let G be the set of all things you can do with/to the software.

B is the null set, therefore B is a strict subset of G.

Hence, G has a more liberal license than B.

In the end, the discussion of "which license is more liberal" is silly. Each license yields different freedoms to different groups of people. Use whatever works for you, don't use what you don't like. Advocate licenses you'd like other people to use. Just don't oversimplify the discussion with simplistic logical fallacies.

Comment Re:My SSH warns me if the fingerprint changes (Score 1) 104

There's nothing wrong with tracking prior public keys. That's a good option for knowledgeable users, but it's a no-starter for people who know nothing about cryptography.

See for example what would happen when a key is compromised or just lost. In this case you have to warn everyone that your key will change. Now think of how often will people receive the message "hey, my email key has changed, so the warning you'll get is not a MITM attack", and how soon will people start clicking "accept" without bothering to check whether it's legitimate?

The idea of certificates is that the end user only has ONE job: to decide which CAs he or she will trust. Even that has proven to be too much for the end user: almost no one even knows you can choose which CAs they want to trust, everyone trusts the browsers or the OSs to make this choice for them. Any solution that requires MORE decisions from the user is a step back.

Comment Re:Certificates prevent encrypt email (Score 1) 104

SSH currently will do a key exchange using the first-time approach without a certification authority and we should use the same system for end to end email encryption.

When connecting for the first time, SSH shows the public key fingerprint of the host you're connecting to. If you don't bother to check it, you're leaving yourself wide open to a MITM attack (and in this case, the attacker doesn't even need access to any certificate authorities).

Your proposed email system that blindly accepts every public key upon first connection is even worse than using CAs -- with certificates, you can at least choose which authorities you want to trust.

Comment Re:Wow, just wow. (Score 1) 406

That's a nice view, but I don't see how it's ultimately defensible. You seem to be arguing that anything that prevents anyone from expressing their ideas any way he or she wants is against the "abstract principles" of free speech.

How do you reconcile your position with the idea that people shouldn't be allowed to talk during movies? As far as I can see, banning a troll from a website is like removing a loud person from a theater -- people are in the site to discuss site-related stuff, and the troll is disrupting that.

Comment Re:Beware Internet Echo Chambers (Score 1) 611

Don't try to trivialize Sony's rootkit fiasco, it was not just a matter of a company releasing an unpopular product and then recanting.

What Sony did was possibly illegal. "Possibly" only because they were never convicted -- they settled all the lawsuits -- but in many states there are specific laws against covertly installing spyware (a lot of states have a very similar piece of legislation called "Consumer Protection Against Computer Spyware Act", here are the ones for Texas and California, for example).

Not to mention that the rootkit opened vulnerabilities in the systems where it was installed (more details on Wikipedia). The federal government didn't sue, but the Department of Homeland Security made very clear that what Sony did was unacceptable.

Comment Re:Windows Right? (Score 5, Informative) 140

The terms "closed platform" and "walled garden" have a very specific meaning, and it doesn't apply to Windows. From Wikipedia (my emphasis):

A closed platform, walled garden or closed ecosystem is a software system where the carrier or service provider has control over applications, content, and media and restricts convenient access to non-approved applications or content. This is in contrast to an open platform, where consumers have unrestricted access to applications and content.

It's obvious that Microsoft has absolutely no control over what software can be run on Windows. Compare that to Apple's iPad, where you can't install anything that's not approved by Apple (unless you jailbreak it first). That makes iOS a "walled garden".

Now, maybe we agree that it was foolish for Microsoft to enable any kind of "autorun" feature. The point is that in an "open platform" (that is, one where the user has complete control over what can be run on it), the user must also have enough power to do dumb things like running an unknown program from a pendrive that was just plugged in. How easy it should be for the user to do that is another discussion.

Slashdot Top Deals

"The value of marriage is not that adults produce children, but that children produce adults." -- Peter De Vries