So what they're saying is that open source is material support for terrorism, and that we should ban all open source cryptography tools... right? right!?!? that'll fix everything!
Forgone conclusion of an assertion that "everybody" is being spied on, and a slide that talks about the importance of http with logos of some major websites... Sad to say, but in a court of law that's a pretty weak set of evidence to show standing. (everybody agrees with us and look their presentation has our logo!) Granted I believe that Wikimedia does have standing, just that they fail to prove it here. On the other hand, the judge ruling that such circumstantial evidence can be proof would lower the bar in plenty of other cases to allow standing on more vexatious lawsuits. While it's disappointing to see the NSA continue to avoid any accountability by hiding any evidence of their abuses by exploiting national security exemptions to transparency, I can't exactly disagree with the courts deciding to not throw out the burden of proof requirement to show standing, as it would set a bad precedent.
Hopefully, they'll be able to find better more concrete evidence to present that will finally prove what we all know.
His arguments are hilarious.... "its bipartisan, we worked reeeaaallly hard on this, and the DOJ like it... waaahhhhh the legislature didn't consider my ideas!"
In this case its not factoring. Its solving the discrete logarithm problem.
Given C, find A and B where A^B = C. A is the "shared prime" so you have to solve log C / log A. Discrete logs are computationally expensive to calculate, even more so than factoring. (which is just brute force multiplication) This is why DH keys can be much smaller than RSA and still be relatively secure.
PGP doesn't necessarily use DH. SSL does for key exchange. both use RSA for identity verification (signing) and a block cipher for the actual data encryption.
DH was designed for the very reason of passing that block cipher key over an unencrypted channel, it packs secrets in a hard to reverse format that can be combined on the other end so that both sides come to the same conclusion, without every transmitting their own secret. Otherwise you have to establish an encrypted channel to exchange the key... You can do this with RSA, but in that case, the key for every key exchange session is the same. Break one session, break them all. DH allows a different key exchange each time, so if you crack one key, you crack only that session.
Primes are important for mathematical reasons. They have certain properties that make verifying results provable. For example (4^3)^2) => 4^3*2 (4^6) but, so would 2^6^2 (2^6*2 => 2^2^6 => 4^6), so it breaks the "provableness" (not a mathematician pardon the bad language) because multiple inputs can yield the same result. (That's a problem when it comes to signature verification when you need to prove knowledge of a specific secret)
The point being is that the prime is used with separate secrets to derive a key. prime + secretA + secretB. Like using rainbow tables for md5, one could (with enough computer power) generate all the possible derivations. Since its designed for insecure channels (ie, in order to share a secret over an untrusted/unencrypted connection), intercepting the intermediate keys (prime + secretA and prime + secretB), and checking them against the factored table gives you the secrets. do for both. then you can derive the "secret key" that allows you to decrypt subsequent chatter.
So to answer your question, its not so much as "crack" but rather "factor" all of the potential prime+randomPrime combinations ahead of time.
Well obviously Google will just have to comply with both laws simultaneously in all countries. Like golden keys for encryption, there is obviously a way for these brilliant people to fix this issue but they just choose not to. Clearly the law is always perfect, fair, and mindful of how technology works. /s
So we have to coddle our teachers now and protect them from big bad scary students who might not like them and hurt their feelings? Seriously, I've seen teachers deal with difficult students who didn't like them. Universally, the better approach was to engage these students. When teachers just resort to throwing there "authoritah" around to punish any student that doesn't fall in line, it tends to exasperate the problem. Vulgar or not, the proper response to some kids teacher diss track is more speech from the teachers, not to throw the book at the student to shut him up.
"First, the policy only states that Sprint/Nextel collects information about the phone’s location – not that it discloses this information to the government or anyone else."
Nice to see a court that doesn't buy into the bogus "Third party doctrine" and realizes sharing information with a company/provider shouldn't take away an individuals expectation of privacy.
"US Secret Service is a Federal Angency and any misuse of the Agencies name for advertisement or for whatever purpose is not allowed at all on the internet or otherwise"
The irony here is so strong it almost seems like its a parody... almost...
Techdirt has not posted any stories submitted by icarusthecow.
(untitled comment)
A: "Not Wittingly"
(untitled comment)
(untitled comment)
(untitled comment)
Oh just you wait... this isn't even their final form...
I don't like it, but the case is weak.
Sad to say, but in a court of law that's a pretty weak set of evidence to show standing. (everybody agrees with us and look their presentation has our logo!) Granted I believe that Wikimedia does have standing, just that they fail to prove it here.
On the other hand, the judge ruling that such circumstantial evidence can be proof would lower the bar in plenty of other cases to allow standing on more vexatious lawsuits.
While it's disappointing to see the NSA continue to avoid any accountability by hiding any evidence of their abuses by exploiting national security exemptions to transparency, I can't exactly disagree with the courts deciding to not throw out the burden of proof requirement to show standing, as it would set a bad precedent.
Hopefully, they'll be able to find better more concrete evidence to present that will finally prove what we all know.
(untitled comment)
"its bipartisan, we worked reeeaaallly hard on this, and the DOJ like it... waaahhhhh the legislature didn't consider my ideas!"
Re: Re: Re:
Given C, find A and B where A^B = C. A is the "shared prime" so you have to solve log C / log A. Discrete logs are computationally expensive to calculate, even more so than factoring. (which is just brute force multiplication)
This is why DH keys can be much smaller than RSA and still be relatively secure.
Re: Passing Keys?
DH was designed for the very reason of passing that block cipher key over an unencrypted channel, it packs secrets in a hard to reverse format that can be combined on the other end so that both sides come to the same conclusion, without every transmitting their own secret. Otherwise you have to establish an encrypted channel to exchange the key...
You can do this with RSA, but in that case, the key for every key exchange session is the same. Break one session, break them all. DH allows a different key exchange each time, so if you crack one key, you crack only that session.
Primes are important for mathematical reasons. They have certain properties that make verifying results provable.
For example (4^3)^2) => 4^3*2 (4^6) but, so would 2^6^2 (2^6*2 => 2^2^6 => 4^6), so it breaks the "provableness" (not a mathematician pardon the bad language) because multiple inputs can yield the same result. (That's a problem when it comes to signature verification when you need to prove knowledge of a specific secret)
Re:
Like using rainbow tables for md5, one could (with enough computer power) generate all the possible derivations.
Since its designed for insecure channels (ie, in order to share a secret over an untrusted/unencrypted connection), intercepting the intermediate keys (prime + secretA and prime + secretB), and checking them against the factored table gives you the secrets. do for both. then you can derive the "secret key" that allows you to decrypt subsequent chatter.
So to answer your question, its not so much as "crack" but rather "factor" all of the potential prime+randomPrime combinations ahead of time.
For what its worth... there is another
Also uploaded by himself. Not DMCA'd as of writing this post....
Re:
(untitled comment)
Could have just stopped there and prevented himself from sounding like a toddler complaining that other kids get cookies too.
(untitled comment)
Seriously, I've seen teachers deal with difficult students who didn't like them. Universally, the better approach was to engage these students. When teachers just resort to throwing there "authoritah" around to punish any student that doesn't fall in line, it tends to exasperate the problem.
Vulgar or not, the proper response to some kids teacher diss track is more speech from the teachers, not to throw the book at the student to shut him up.
(untitled comment)
Nice to see a court that doesn't buy into the bogus "Third party doctrine" and realizes sharing information with a company/provider shouldn't take away an individuals expectation of privacy.
(untitled comment)
The irony here is so strong it almost seems like its a parody... almost...
Techdirt has not posted any stories submitted by icarusthecow.
Submit a story now.
Tools & Services
TwitterFacebook
RSS
Podcast
Research & Reports
Company
About UsAdvertising Policies
Privacy
Contact
Help & FeedbackMedia Kit
Sponsor/Advertise
Submit a Story
More
Copia InstituteInsider Shop
Support Techdirt