Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Leap Towards a Career in Ethical Hacking with 60+ Hours of Prep Toward CISM, CISA, & More Certification Exams at 95% off ×

Comment Re:White Noise (Score 1) 130

And then you have a machine with a digital input that is actually fed digital music. And, oops, you are screwed. The problem here is that for one user that knows what he is doing, this is fine. As a general solution, this falls flat on its face. The actual solution would be something like the Intel RDRAND instruction, but unfortunately that is a compromised design that you cannot trust. ("Compromised Design" means they can swap out the actual secure implementation for a compromised one and the design prevents detection of this attack.)

Comment Re:pseudo+pseudo=true? (Score 2) 130

Exactly. You add points of attack, but _all_ have to be compromised for the attack to succeed. If, for example, you have one of the compromised Intel CPUs with a bad RDRAND generator (not detectable except with in-dept analysis of the physical chip), then even one other system feeding you good entropy makes you secure again.

Comment Re:Cannot be taught right (Score 1) 361

Do you have any examples where it has been harmful in the long run to learn to use some overly simplistic tools, languages, etc?

Like are there kids who never learned to ride a bicycle because they had training wheels? Is there a CS equivalent to that? I can't image there is one.

That is exactly the problem. With training-wheels, you still learn the real thing, and the wheels can eventually be removed for almost all people. The simplistic things being taught in "hour of code" and cretinized programs like that are more like keeping people in a baby-stroller as preparation to learn how to ride a bike. There is no way they will learn anything useful or anything about what the skill really is about that way. The harm comes from both people that select to go into this direction and ones that select to stay away because of a fundamentally wrong impression of what the field is about. You end up with a lot of people that after all do not want to be in this field when they see what is really about and others that would have been good and enjoyed it, but were turned away early.

Comment Re:coding and CS (Score 1) 361

Same experience here. I find that many things I code today need advanced algorithms and data-structures, estimates, and the occasional proof. Coding on advanced difficulty-level cannot really be done unless you also have a solid CS background. And that is where the money is, because you become very hard to replace.

Comment Cannot be taught right (Score 1) 361

CS can be taught academically, in worse or better versions. Coding cannot really be taught at this time. We do not know how to do it. Like most advanced skills it needs about 10'000 hours of practice to become reasonably good at it, and most of that time people need to spend in self-directed study by themselves, practicing on a variety of projects, tools and languages. The "learn coding quick" bullshit-meme of today is really "learn some very restricted form of coding very badly" and it harms a lot more than it helps.

Comment Re:pseudo+pseudo=true? (Score 4, Informative) 130

No. The title is bullshit. This is about generating very hard to predict pseudo-random numbers, because you have to guess a large, distributed state and distributed seeding values.

As there is zero need for "true random" numbers in crypto (you only need "not guessable fro an attacker"), this is still a significant improvement.

Side note: Whenever something "mainstream" reports about random number generation, they get it wrong. It seems that non-experts routinely have no clue what is important here and what not. As for crypto, the philosophical question what "random" means is completely immaterial. Crypto just cares whether an attacker can somehow find out the "random" number or not and how difficult it is if it is possible. There is no need for "true" random numbers anywhere in crypto.

Slashdot Top Deals

The best laid plans of mice and men are held up in the legal department.