If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(ProPublica)   The US Government's National Institute of Standards "strongly recommending" against further use of their own cryptographic standard. Reason: NSA influenced the design leading NIST to conclude it can't be trusted   (propublica.org) divider line 52
    More: Sad, NIST, National Institute, NSA, NSA influenced, random number generators, computer security, encryption, Microsoft Windows  
•       •       •

2849 clicks; posted to Geek » on 15 Sep 2013 at 1:43 PM (49 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



52 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | » | Last | Show all
 
2013-09-15 12:31:42 PM
needs facepalm tag
 
2013-09-15 01:29:57 PM
The NIST standards for small contractors are just a tad looney.
 
2013-09-15 01:46:28 PM
And in the darkness bind them.
 
ZAZ [TotalFark]
2013-09-15 01:46:43 PM
A year after that, in 2007, two Microsoft engineers flagged the standard as potentially containing a backdoor.

40 years ago NSA intervened in the design of DES. Many people were suspicious. By the mid-1990s people understood that the NSA had in fact been trying to help.

Is today's NSA so trustworthy?
 
2013-09-15 02:01:50 PM

Valiente: And in the darkness bind them.


That was genius!  Works on so many levels.
 
2013-09-15 02:06:38 PM
Don't trust on-chip hardware random-number generators either. Stick to coin flips, polyhedral dice, or lava lamps.
 
2013-09-15 02:09:19 PM
Holy farking sheetballs. The govt is not monolithic. Next you'll be telling me there are gay republicans and pistol packin libs.
 
2013-09-15 02:15:16 PM

ZAZ: A year after that, in 2007, two Microsoft engineers flagged the standard as potentially containing a backdoor.

40 years ago NSA intervened in the design of DES. Many people were suspicious. By the mid-1990s people understood that the NSA had in fact been trying to help.

Is today's NSA so trustworthy?


Hi, I'm from the NSA and I see you post negative comments about the NSA on Fark.  Why don't you have a seat right over there.
 
2013-09-15 02:18:50 PM

Ivo Shandor: Don't trust on-chip hardware random-number generators either. Stick to coin flips, polyhedral dice, or lava lamps.


Box full of mosquitoes, with two lasers to illuminate & read a random point within the box.  If you fry a mosquito, it's a one.  Think of the computing power flying around our nation's patios alone.
 
2013-09-15 02:22:36 PM

ZAZ: A year after that, in 2007, two Microsoft engineers flagged the standard as potentially containing a backdoor.

40 years ago NSA intervened in the design of DES. Many people were suspicious. By the mid-1990s people understood that the NSA had in fact been trying to help.

Is today's NSA so trustworthy?


No. NSA's reputation has been coasting on securing DES against differential analysis (without revealing the then-secret technique of differential analysis) for a long time, and they've squandered it.

If by some miracle they were to turn the ship around 180 degrees and become that trustworthy again tomorrow morning, who in their right minds would believe it? It took years before the open world figured out differential analysis, and it took a few years after that for everyone to be convinced that men in black suits can indeed wear white hats. It's going to take much longer before we realize that even the blackest hat can be switched out for a lighter shade of grey. Losing a friend's trust is the best way to lose a friend... forever.

Our trust was misplaced; to gain a small, possibly immeasurable, increase in "security" from nonexistent and/or ineffective terrists (and all the billions wasted didn't even protect us from a few million bucks worth of damage in Boston), NSA has mortgaged its information security credentials for the next 40 years. In an information economy, its actions have also placed US economic security at risk by jeopardizing $BIGNUM in market cap at risk. The rest of the world is going to spend the next decade figuring out how to avoid US-based cloud computing platforms like the plague, and I'm not sure how to quantify the loss of productivity engendered by the loss of trust that software professionals have in each each other; how do teams conduct security audits of their own systems when everyone involved must now carry, in the back of their minds, the possibility that one or more of their fellow team members is a government mole?

/It's cost all US persons some of their civil liberties too, but it's not like we were using those anyways.
 
2013-09-15 02:23:27 PM

Ivo Shandor: Don't trust on-chip hardware random-number generators either. Stick to coin flips, polyhedral dice, or lava lamps.


Now we know why Fartbongo banned incandescent light bulbs!
 
2013-09-15 02:38:14 PM
Those Quantum Computers can break anything.
 
2013-09-15 02:40:07 PM
NIST must be the foreign entity Snowden leaked our secrets to.
 
2013-09-15 02:52:13 PM

PainInTheASP: Box full of mosquitoes, with two lasers to illuminate & read a random point within the box. If you fry a mosquito, it's a one. Think of the computing power flying around our nation's patios alone.


LOL. That would work if you had a 50/50 mix of air and mosquitoes.
 
2013-09-15 02:54:30 PM

SomeAmerican: Valiente: And in the darkness bind them.

That was genius!  Works on so many levels.


I don't often get to do cryptography jokes that don't require cryptography to get a smirk, so thanks for complimenting my pretty good pun.
 
2013-09-15 03:08:07 PM

theorellior: PainInTheASP: Box full of mosquitoes, with two lasers to illuminate & read a random point within the box. If you fry a mosquito, it's a one. Think of the computing power flying around our nation's patios alone.

LOL. That would work if you had a 50/50 mix of air and mosquitoes.


Random isn't the same as having the same probability of getting 1 or 0.
 
2013-09-15 03:31:43 PM

I May Be Crazy But...: Random isn't the same as having the same probability of getting 1 or 0.


I guess it depends on your sample rate. You put 100 mosquitoes in a box and wait for one of them to be illuminated by a laser. If you sample once every 5 seconds, sure, maybe you'd get a 50-50 split. If you sample ten times a second, you're gonna have a lot of zeros filling up the buffer. And 1 random byte per second is an abysmal throughput.
 
2013-09-15 03:50:43 PM

BalugaJoe: Those Quantum Computers can break anything.


... maybe.
 
2013-09-15 03:52:45 PM
dilbert.com

I support the legally retarded accountant method of encryption
 
2013-09-15 04:24:25 PM
images.sodahead.com
 
2013-09-15 04:27:44 PM

Luckily, only the good side would have used this encryption back door. Not the bad people.


Thanks NSA!

 
2013-09-15 05:31:39 PM

BalugaJoe: Those Quantum Computers can break anything.


If I understand correctly, they cannot break properly implemented one-time pads (properly implemented one-time pads are unbreakable). And quantum cryptography would make using one-time pads more feasible (If I understand correctly)
 
2013-09-15 06:09:08 PM
At'sthay ywhay Iway encryptway allway ymay ensitivesay informationway ithway igpay Atinlay.
 
2013-09-15 06:13:05 PM

SithLord: ZAZ: A year after that, in 2007, two Microsoft engineers flagged the standard as potentially containing a backdoor.

40 years ago NSA intervened in the design of DES. Many people were suspicious. By the mid-1990s people understood that the NSA had in fact been trying to help.

Is today's NSA so trustworthy?


Hi, I'm from the NSA and I see you post negative comments about the NSA on Fark.  Why don't you have a seat right over there.


Oh look, the nanny state liberal-buttercup is here to save us from ourselves.
 
2013-09-15 06:24:01 PM

UsikFark: BalugaJoe: Those Quantum Computers can break anything.

... maybe.


It depends if the cat is dead or alive.
 
2013-09-15 06:37:36 PM

2wolves: The NIST standards for small contractors are just a tad looney.


NIST is incredibly good at its original purpose: writing common-knowledge shiat down in massive databases so that everyone can access them.  They are literally the best source for constants that aren't  quite important and universal enough to make the handbook of chemistry and physics.

For standards on active things like encryptions, code, and processing procedures?  Noooooooot so much.

/researcher
 
2013-09-15 06:53:33 PM

Valiente: And in the darkness bind them.


That was the root password (sans spaces) for the systems at a previous job of mine.
 
2013-09-15 07:09:30 PM
If you know what the output of the RNG will be, what does that make it?
 
2013-09-15 07:32:39 PM

Twilight Farkle: ZAZ: A year after that, in 2007, two Microsoft engineers flagged the standard as potentially containing a backdoor.

40 years ago NSA intervened in the design of DES. Many people were suspicious. By the mid-1990s people understood that the NSA had in fact been trying to help.

Is today's NSA so trustworthy?

No. NSA's reputation has been coasting on securing DES against differential analysis (without revealing the then-secret technique of differential analysis) for a long time, and they've squandered it.

If by some miracle they were to turn the ship around 180 degrees and become that trustworthy again tomorrow morning, who in their right minds would believe it? It took years before the open world figured out differential analysis, and it took a few years after that for everyone to be convinced that men in black suits can indeed wear white hats. It's going to take much longer before we realize that even the blackest hat can be switched out for a lighter shade of grey. Losing a friend's trust is the best way to lose a friend... forever.

Our trust was misplaced; to gain a small, possibly immeasurable, increase in "security" from nonexistent and/or ineffective terrists (and all the billions wasted didn't even protect us from a few million bucks worth of damage in Boston), NSA has mortgaged its information security credentials for the next 40 years. In an information economy, its actions have also placed US economic security at risk by jeopardizing $BIGNUM in market cap at risk. The rest of the world is going to spend the next decade figuring out how to avoid US-based cloud computing platforms like the plague, and I'm not sure how to quantify the loss of productivity engendered by the loss of trust that software professionals have in each each other; how do teams conduct security audits of their own systems when everyone involved must now carry, in the back of their minds, the possibility that one or more of their fellow team members is a government mole?

/It's cost ...


Subtle.
 
2013-09-15 07:47:04 PM

Invisible Dynamite Monkey: Valiente: And in the darkness bind them.

That was the root password (sans spaces) for the systems at a previous job of mine.


Which one?  What was the server name?
 
2013-09-15 07:54:38 PM

CBob: If you know what the output of the RNG will be, what does that make it?


The output doesn't have to be a constant value. It's already broken if you expect that the values are 128-bit random values but they are only random in 32 bits. Breaking the former would need a few thousand years, the latter would take a few minutes. The same applies if your RNG's output is limited to a fraction of its expected variability - e.g. it can produce 2^32 different numbers and then it starts over. The bad thing is that these problem are hard to test with a blackboxed generator, you need to look into the code and do some math to see its limitations.
 
2013-09-15 07:56:57 PM
Manual typwriter, one time pad from a randomly chosen book common in all libraries.

/problem solved
//digital world - screwed.
 
2013-09-15 08:09:10 PM

Sgeo: BalugaJoe: Those Quantum Computers can break anything.

If I understand correctly, they cannot break properly implemented one-time pads (properly implemented one-time pads are unbreakable). And quantum cryptography would make using one-time pads more feasible (If I understand correctly)


One time pad is a magic trick. The pad is basically a key that's is as long as the plaintext. Each message you send eats up the pad. Both the sender and receiver need matching pads. Which are as long as the messages you are sending...so the new problem is how do you send the pad to someone?

It essentially time shifts the encryption. (If you want to be 100% sure). This is why WWII spies would generate them in base before being shipped out behind enemy lines. Then they could radio each other securely, until they ran out of pad. (You can't send pad encrypted with pad and come out ahead)
 
2013-09-15 08:38:09 PM
I switched to encrypting all of my text. ROT13 is old and probably not strong enough, so now I use DOUBLE ROT13.
 
2013-09-15 08:43:07 PM

Epicanis: I switched to encrypting all of my text. ROT13 is old and probably not strong enough, so now I use DOUBLE ROT13.


And it's so easy you're using it RIGHT NOW.
 
2013-09-15 09:03:34 PM

Valiente: SomeAmerican: Valiente: And in the darkness bind them.

That was genius!  Works on so many levels.

I don't often get to do cryptography jokes that don't require cryptography to get a smirk, so thanks for complimenting my pretty good pun.


i.qkme.me

Bravo, sir...well played.
 
2013-09-15 09:14:35 PM

theorellior: PainInTheASP: Box full of mosquitoes, with two lasers to illuminate & read a random point within the box. If you fry a mosquito, it's a one. Think of the computing power flying around our nation's patios alone.

LOL. That would work if you had a 50/50 mix of air and mosquitoes.


Well, that would rule out Minnesota.  The ratio is far too high until at least November.
 
2013-09-15 09:16:43 PM

Just another Heartland Weirdass: Holy farking sheetballs. The govt is not monolithic. Next you'll be telling me there are gay republicans and pistol packin libs.


To be fair, the pistol packing libs are only doing it because they're afraid of gay Republicans.
 
2013-09-15 09:54:39 PM

MrHappyRotter:

At'sthay ywhay Iway encryptway allway ymay ensitivesay informationway ithway igpay Atinlay.
Opay chopoose opop topalk.  Fopewer fopolks nopow opit.
 
2013-09-15 10:07:13 PM

Sgeo: BalugaJoe: Those Quantum Computers can break anything.

If I understand correctly, they cannot break properly implemented one-time pads (properly implemented one-time pads are unbreakable). And quantum cryptography would make using one-time pads more feasible (If I understand correctly)


A better name for "quantum cryptography" would be "quantum tamper detection".  It allows you to transmit information and verify using physics that nobody could possibly have read it, because Heisenberg says so.  You transmit a one-time pad over this system, then if the system verifies that nobody else was listening, you transmit the encrypted data (key XOR data).  You could actually put the encrypted data out publicly on 4chan rather than over the quantum system if you like; it wouldn't matter at that point, as long as the key was first transmitted securely.  It could also be later, once your spies have infiltrated your enemies' bases.

There is still an unsolvable problem: man-in-the-middle attacks.  Someone could step in the middle between you and your target, intercepting and blocking your traffic.  She writes down the key, then sends it securely to your target.  Neither you nor your target notice a problem, because the message was transmitted without tampering (to the other quantum device).  In short, you still have to verify that you're sending the secret data to the correct destination and not to an attacker.  Mathematics and physics cannot solve this problem - it's fundamental to cryptography in general.
 
2013-09-15 10:25:08 PM

Sgeo: BalugaJoe: Those Quantum Computers can break anything.

If I understand correctly, they cannot break properly implemented one-time pads (properly implemented one-time pads are unbreakable). And quantum cryptography would make using one-time pads more feasible (If I understand correctly)


You might.. you might not.
 
2013-09-15 11:18:11 PM

Twilight Farkle: ZAZ: A year after that, in 2007, two Microsoft engineers flagged the standard as potentially containing a backdoor.

40 years ago NSA intervened in the design of DES. Many people were suspicious. By the mid-1990s people understood that the NSA had in fact been trying to help.

Is today's NSA so trustworthy?

No. NSA's reputation has been coasting on securing DES against differential analysis (without revealing the then-secret technique of differential analysis) for a long time, and they've squandered it.

If by some miracle they were to turn the ship around 180 degrees and become that trustworthy again tomorrow morning, who in their right minds would believe it? It took years before the open world figured out differential analysis, and it took a few years after that for everyone to be convinced that men in black suits can indeed wear white hats. It's going to take much longer before we realize that even the blackest hat can be switched out for a lighter shade of grey. Losing a friend's trust is the best way to lose a friend... forever.


images1.wikia.nocookie.net
 
2013-09-16 12:06:01 AM

Kittypie070: SithLord: ZAZ: A year after that, in 2007, two Microsoft engineers flagged the standard as potentially containing a backdoor.

40 years ago NSA intervened in the design of DES. Many people were suspicious. By the mid-1990s people understood that the NSA had in fact been trying to help.

Is today's NSA so trustworthy?

Hi, I'm from the NSA and I see you post negative comments about the NSA on Fark.  Why don't you have a seat right over there.

Oh look, the nanny state liberal-buttercup is here to save us from ourselves.


And here comes the authoritarian brigade. What kept you?
 
2013-09-16 01:23:59 AM

Ivo Shandor: Stick to coin flips, polyhedral dice, or lava lamps.


Government coins!?  LOL. You're so naive.  I have it on good authority that polyhedral dice were invented by a government agent as well.  You have no idea how deep this rabbit hole goes...
 
2013-09-16 01:45:52 AM

Sgeo: BalugaJoe: Those Quantum Computers can break anything.

If I understand correctly, they cannot break properly implemented one-time pads (properly implemented one-time pads are unbreakable). And quantum cryptography would make using one-time pads more feasible (If I understand correctly)


If you could change the quantum fabric, you could break the advantages of quantum cryptography. And just what do you think HAARP is for?
 
2013-09-16 03:18:07 AM

doglover: Subtle.


real_headhoncho:
[images1.wikia.nocookie.net image 200x220]


i.imgur.com
 
2013-09-16 03:30:31 AM

PainInTheASP: Ivo Shandor: Don't trust on-chip hardware random-number generators either. Stick to coin flips, polyhedral dice, or lava lamps.

Box full of mosquitoes, with two lasers to illuminate & read a random point within the box.  If you fry a mosquito, it's a one.  Think of the computing power flying around our nation's patios alone.


Starwars Mosquito Defense System
 
2013-09-16 07:02:15 AM
I have been thinking lately ...

1. Generate a pair of random bit string to serve as the key and IV.

2. Interpret the "IV" as a program that performs bit-wise operations key and plain text. Also generate a negating program that negates the operations performed to decypt the text encrypted with the "program" (IV).

3. Distribute the cyphertext + IV. This allows anyone to encrypt plain text, but only allows those with access to the key and generated decrypter program to decrypt it.

4. If each party does this, the keys never need be exchanged. Each just gives the other their generated session-specific "program" that the other uses to encrypt data to them. The other party then decrypts using their "program" and key.

Just random thoughts. I would love someone who actually know about this stuff to explain the flaws. Knowledge is power.
 
2013-09-16 07:40:46 AM

Twilight Farkle: Our trust was misplaced; to gain a small, possibly immeasurable, increase in "security" from nonexistent and/or ineffective terrists (and all the billions wasted didn't even protect us from a few million bucks worth of damage in Boston), NSA has mortgaged its information security credentials for the next 40 years. In an information economy, its actions have also placed US economic security at risk by jeopardizing $BIGNUM in market cap at risk. The rest of the world is going to spend the next decade figuring out how to avoid US-based cloud computing platforms like the plague, and I'm not sure how to quantify the loss of productivity engendered by the loss of trust that software professionals have in each each other; how do teams conduct security audits of their own systems when everyone involved must now carry, in the back of their minds, the possibility that one or more of their fellow team members is a government mole?


and Snowden is the "traitor"
 
2013-09-16 10:19:19 AM

Invisible Dynamite Monkey: Valiente: And in the darkness bind them.

That was the root password (sans spaces) for the systems at a previous job of mine.


Why do you think I quoted it?
 
Displayed 50 of 52 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report