Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:Car analogy please (Score 1) 157

The actual multiplications are nowhere near as fast. A multiplication of an RSA-sized number takes thousands of cycles (see here), and modular arithmetic of that size is even slower. 44kHz corresponds to a sample per 45k 2GHz cycles, and Montgomery multiplication as in the link above takes up to two adds per bit if you do it quickly and insecurely, with each taking on the order of 100 cycles. An exponentiation of a 1024-bit message will need therefore around 100k (average-case) cycles i.e. 2.5 audio samples. This will go increase at least quadratically with key size, meaning that with 2048-bits you're looking at ten samples on average.

In any case, they are a reputable bunch, you'll notice Shamir (the S in RSA) in the author list.

Comment Re:why is this needed? (Score 1) 130

Note: I am not associated with the Tor project, just an interested observer. I happen to be implementing a similar protocol for something else.

Because it needs to be resistant to compromised nodes. The reason for this that hidden service connection details (though not the server IP obviously, since all of this happens through Tor channels) are stored in directory servers which are randomly assigned each day. The choices of directory server are derived from a pseudo-random string [1]

descriptor-id = SHA1(permanent-id | SHA1(time-period | descriptor-cookie | replica))

by taking taking hashes of the directory identity details and sorting, and then picking those that come after descriptor-id in the list.

The problem is that a malicious would-be directory can modify its own configuration so that its hash changes in order to gain responsibility for an arbitrary hidden service at some point in the future, since the descriptor-id values are predictable. This doesn't give them complete control, but they could perform DoS and traffic counting.

What was proposed last year, then, was to add a random element to the data being hashed so that it could not be predictable [2]. In order to prevent there being a single point of failure (both from a reliability and security point of view), it was proposed to use a distributed random number generator. The way that this works is that while the master directory servers agree on the list of relays, they also generate a random value and use a bit-commitment protocol [3] to commit to it before the final value is generated in order that the last server to vote can't just keep generating random values until it finds one that gives it control of a given service.

The way that this happens, then, is that during the first half of the day the directories will include committed values with their votes on the network status. During this time everyone should get a copy of the committed value, which is generated by hashing a random string [2]. Then, during the second half of the day, they reveal their chosen random values. The others can then hash the received value and compare it with what they were given before in order to make sure that they have not changed their random value in response to the other random values.

At the end of all this the revealed values get hashed together in a particular order and the resulting value is published and put into the descriptor-id by server operators and clients. You can't use one of those idQuantique etc. cards and call it a day because there's nothing to stop a compromised server from emitting random values that are favourable to an attacker, whereas this approach will still be unpredictable so long as at least one of the master directory servers is honest and takes part.

[1] Tor Rendezvous Specification
[2] Tor Proposal 250: Random Number Generation During Tor Voting
[3] Commitment scheme

Comment Re:jesus thats all it takes? (Score 1) 106

Sure, but it's not necessarily competing with R. There are a _lot_ of Matlabbers who don't use C interface yet still run uncomfortably lengthy simulations, and for them Julia is hugely advantagous. Static typing would be something of a turnoff when you're coming from something like Matlab where you don't think about types at all in most programs, especially faffing about in the REPL.

Comment Re:Devil's Advocate says... (Score 4, Informative) 88

Looking at the judgement, it seems that the issue was that TripAdvisor claimed repeatedly in their advertising that the reviews were true, genuine, and trustworthy, but that the investigator was able to post blatantly false reviews. From footnote 146,

A titolo meramente esemplificativo si riporta il testo di alcune di tali recensioni:

i) “Ci è piaciuto tantissimo!!! Ma non sono sicuro se era questo ristorante o el kebab che è lì vicino. I filtri di TA non funzionano qui si può scrivere qualsiasi cosa”, recensione rilasciata per il ristorante “Combal.zero” di Rivoli e pubblicata in data 6 settembre 2014;

ii) “I’ve never been here!!! This websites has NO filters so I can say anything about this Restaurant and everyone is going to believe it. Buonanotte”, recensione rilasciata per il ristorante “Osteria francescana” di Modena e pubblicata in data 6 settembre 2014;

iii) “È senza dubbio il miglior ristorante cinese di Milano. Ottima l’anatra, gran buffet, camerieri gentili. Fantastici filtri sulle recensioni come potete osservare! Cinque palle verdi”, recensione rilasciata per il ristorante “Pomodoro & basilico” di San Mauro Torinese e pubblicata in data 4 settembre 2014.

[Probably terrible] translation:

i) We liked it _so_ much! But I'm not sure whether it was this restaurant or the kebab shop nearby. TA's filter doesn't work...here one can write whatever they want

iii) It is without doubt the best Chinese restaurant in Milan. Excellent duck, big buffet, polite staff. These are fantastic filters of the reviews, as you can see! (note: the restaurant is named "Tomato & Basil" and so clearly not Chinese)

Comment Re:Systemic abuse can only be handled one way (Score 2) 54

The issue was that because people weren't getting headhunted the companies didn't need to compete as heavily on wages. If I recall correctly, when one of the deals fell through, Google compensated with a substantial payrise, which was used to justify the scale of the loss.

Comment Re:We're ignoring them... (Score 1) 406

The hijacking that you were thinking of (Ethiopian Airlines Flight 961) had survivors. According to that article, a significant number of the dead were those who didn't wait until leaving the plane before inflating their lifejackets, and as a result were trapped inside the plane when it flooded. 125 out of 175 died, with only 60 to 80 still in their seats.

Comment Re:Submitter has never applied to a real Universit (Score 1) 389

It's also not done in Australia either. The process here is that everyone puts their university/course preferences into a website. Then, at the end of the year after exams are marked (identical across the state), students are ranked and the system goes down the list and assigns people to university places. No wishy-washy essays or personality assessments, you get a number based on your marks and that determines what you get.

Comment Re:This wont work because... (Score 1) 482

Very interesting—thanks for the insight. I've kind of steered off-topic a bit, but it seems to me that how people behave in dance classes is interesting as a model because the approaches happen again and again and again, while the anxiety is for me quite similar in nature, and because what the girls have told me about their experiences sounds quite similar to my feelings trying to make approaches in spite of shy quiet geek boy tendencies.

Comment Re:This wont work because... (Score 1) 482

Interesting, I didn't expect the difference in local culture to be anywhere near that much. Perhaps we Australians are just oddballs. I can understand beginners being a bit squeamish about it, since it takes a while for it to become more sexually neutral; especially with Tango, since my understanding is that it isn't terribly forgiving of those with any real sense of personal space. Here though there is a tendency for women to lead more than you describe, as Australian men in general aren't terribly interested in dancing and so occasionally the imbalance can be truly catastrophic.

Comment Re:This wont work because... (Score 1) 482

I think there's more to it than that, though. Perhaps the reasons that you state cause the inhibitions that you mention, however it is not a rational "I must not do so because people will think this of me..." etc. etc., in my opinion, or at least if so it is more deeply ingrained, since the same phenomenon occurs in other areas. My anecdotal evidence: I dance as a hobby, and of all of the groups with which I have taken lessons, it has been invariant that essentially all beginning women, and even the majority of experienced ones, will never ask for a dance, and will quite happily (or not) sit on the sidelines all night waiting for someone to come to them.

When a friend of mine visited a club of a different style, she found herself in this situation again; no longer being able to offer years of experience, she suddenly had to start asking for herself, and to put it mildly found the experience freakishly traumatic. Another confided that in well over a year she had been able to bring herself to ask a dance of someone perhaps ten times. All this in a context where refusal without reason is viewed about as fondly as spitting in someone's face.

That's not to say that I (Australian male) don't find it difficult at times, and in the early days I felt the same utter terror that they did, but I knew perfectly well that I had to bite the bullet and do it anyway, because no-one was going to come to me. This is not the same as making romantic advances, but I find it interesting because to me the anxiety of rejection is similar, and the behaviour of the two sexes is similar, despite the fact that rational factors other than fear of rejection are not present—on the contrary, being preemptive is greatly endearing. It makes me wonder whether there really is a difference, or whether we're just stuck in this situation because for men there is no alternative to making the first move, and without that pressure most women lack any reason to put themselves through it.

Slashdot Top Deals

Do not meddle in the affairs of troff, for it is subtle and quick to anger.

Working...