Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:this is a deflection (Score 1) 192

No, CRC would make a terribly bad content identifier.

Of course, it would. Precisely for the reasons I outlined.

First of all, a usual 32-bit CRC is too short: by birthday paradox

I didn't say anything about 32 bits. You can make it any power of 2. It's effectively just a remainder of dividing by an irreducible polynomial in an extension field of F_2. I wasn't suggesting using it.

I was saying that Linus was being flippant by ignoring a problem with a trivial solution and he doubled down by claiming that the only functionality he was looking for was something which needs less than cryptographic-level randomness. But what he ended up saying was tantamount to saying that the functionality he needed might just as well be achieved with CRC (no, not 32... probably 128, but certainly with 256). He was basically saying he needed a large enough pointer to be unique across all data which we can expect to be conceivably computable in the next X years. And he was completely ignoring the fact that this created a vector of attack on searchability.

Btw, birthday "paradox" collision is not enough to hinder searchability, so they are not a concern.

a longer CRC is not fast.

It scales linearly with the size of the signature. It's just polynomial division. And dividing by a polynomial of a degree that's twice as high would take exactly twice as long. So (a properly implemented) CRC-128 should take 4 time as long as CRC-32.

You don't have to believe me on the following, but (1) I have a math PhD, (2) I do write a lot of code and (3) I've implemented functions based on these algorithms. So just take it easy with the hyperbole.

Comment Re:this is a deflection (Score 1) 192

Don't confuse possible and feasible. It's not proven that the discrete log problem has no linear-time solution. But there is no known linear time solution, so we rely on this problem remaining unsolved in order to trust our encryption.

It's a little harder to say in one sentence why creating simultaneous hashing solutions is not feasible, but (at least at the moment) it is considered to be an unsolved mathematical problem. Or, at least, so claimed the post which announced the sha1 collision experiment (here: https://tech.slashdot.org/stor...). To make it easier to understand why that is, a 1-bit will change X bits in sha-1 and Y bits in md5. Where, ideally, X and Y have a mean centered around half the length of the signature and have a high variance. X and Y should also be independent (as random variables). By comparison, a 1-bit change will produce a 100% predictable 1-bit change in CRC.

Comment this is a deflection (Score 0) 192

This:

There's a big difference between using a cryptographic hash for things like security signing, and using one for generating a "content identifier"

is really a non sequitur. It's also a truism. Of course, there is a difference. If all you cared about was a "content identifier", you'd use CRC. But the reality is that you really want a secure content identifier (the one which does not provide a vector of attack on your system through spoofing of identifier through a simple calculation). Without it, you have a system in which it is trivial to create a haystack in which any one particular piece of content becomes a need to hide. All you need is to modify as many pieces of content as possible to collide with the one you want to be difficult to find.

The real answer he should have given is that any content which incorporates its md5 becomes unassailable because there is no known vector of attack to produce simultaneous md5 and sha1 collisions.

Comment Re:Bayesian theorem (Score 2) 49

Snide aside, the Bayes theorem is rudimentary and foundational to probabilistic inference. If someone did want to learn about it more, looking up biography of Thomas Bayes would tell them much less than just looking up the (fairly trivial) theorem and seeing for themselves how it could be used for inference from probabilities.

Comment Re:give them green cards (Score 1) 271

It's sad too, when I asked Dmitry what it was like in Russia. He just said, quite darkly, "They don't have video games my friend." (He knew I was a gamer, so he was teasing me, but also drawing a real contrast.)

This caricature is out of date that I tend to doubt the whole story. It's hard to imagine that anyone thought that someone could fall for this. "My friend"? This is the caricature part because no one talks like that outside of a hollywood movie.

Another guy talked about living in Germany before the wall came down.

To put it in perspective, the Soviet Union was officially dissolved 25 years ago. It only existed for 73 years. So your references are getting more and more dated.

It's quite inspiring to see a new Chinese citizen say "Today I learned I have the right to own a gun! That no one can take it from me, and that nobody can stop me from saying president XYZ is a @!#?@!"

You are sooooo full of shit. No one but no one talks like that. The fact that you came up with some Chinese, Korean, Russian and Indian names does not add to your credibility as much as you think. You may done your homework, but you have failed the shibboleth.

Comment Re:give them green cards (Score 1) 271

Why should they not have a right to vote for mayors and city councils of the communities where they live for an extra 5-6 years that it takes them to get green cards?

This is a general civics question and I suggest you do a Google search on it. While there are a few countries that allow non-citizens to vote in small local elections, it is generally a bad idea to allow such significant foreign influence.

Think about it a bit more. You'll realize that you replied in too much of a rush. I wasn't advocating for non-citizens to get voting rights. I was advocating for their path to citizenship to be as long as everyone else's instead of what it is now (roughly twice as long). C'mon though. Before knee jerking into "you just don't get it" mode, think about how much a person should know about the world to make an informed judgement and to propose a simple and yet innovative solution to how to solve a social problem. Do you really think it comes out of a place of not understanding civics?

What is your field?

I get asked regularly if I would require a sponsorship, so I think it should be self-evident. I just tacitly pass on such "opportunities".

Comment Re:give them green cards (Score 1) 271

I can only speak for the software industry, but if you are an H1B Software Engineer who is being treated unfairly, I can point you to multiple companies in my local area that are hiring smart people and will sponsor you. There's no reason to put up with bad working conditions or lower salary.

You are talking about what should happen to the best of them. What about those who are not the best, but who are still pretty good? Or even just Ok? Why should they not be on equal playing field with their colleagues at work? With their neighbors in the community where they live? You do realize that we are creating a class of people who think they must be better just to get equal treatment and who, once they get all their legal right, will retain a degree of bitterness towards those who "had it easy"? If we want these people among us for their skills, we either recognize them us legal alien residents (which they are in every form but the law) or they will never see us as fellow citizens.

Comment Re:What field are these abused H1B visa workers in (Score 1) 271

They are subject to the same labor protection laws as everyone else.

Oh? I had no idea that all programmers face deportation within 6 months if they get fired.

What idiotic manager would hire a less qualified software engineer for 10% less?

What idiotic manager would not hire an employee of equal skill, but who can be pressed to work longer hours without compensation, over a citizen who can simply change profession if gets tired of this type of environment?

Slashdot Top Deals

Practical people would be more practical if they would take a little more time for dreaming. -- J. P. McEvoy

Working...