Journal Paul Crowley's Journal: Open thread 6
You can reply to me by posting here. In particular, I'm happy to comment on the accuracy of the things people say about crypto on Slashdot if my attention is drawn to them here. Thanks!
You can reply to me by posting here. In particular, I'm happy to comment on the accuracy of the things people say about crypto on Slashdot if my attention is drawn to them here. Thanks!
Machines have less problems. I'd like to be a machine. -- Andy Warhol
Half off-topic (Score:1)
Where are all the apps using them? Seen anything coming out of the woodwork?
Re: (Score:2)
https://www.financialcryptography.com/mt/archives
I haven't heard anything about people starting to use it more, but it's not my area of expertise.
On topic (Score:1)
I asked someone who knows a fair bit if studios rereleasing a broken title would be a bad move as it would give a plaintext to attack aacs with.
here is their answer
"AACS encrypts the body of a movie using the AES (Advanced Encryption
Standard) cipher. AES is secure against known plaintext attacks, so
knowing a plaintext doesn't do you any good in attacking it."
where would be a good place to start understanding this? Is there a technical/academic paper/write-up of why AES is resistant to plaintext attacks?
Re: (Score:2)
SHA-1 (Score:2)
Well, there seems to be a whole front page article full of ill-informed comment here [slashdot.org]. I freely admit that I'm no expert in these things, but I have a reasonable background knowledge. So what's the status of SHA-1? "Cracked" can mean many different things. At worst, you might be able to construct a file with the same length and hash, but containing your choice of text. Slightly bette
Re: (Score:2)
http://www.schneier.com/blog/archives/2005/02/cryp tanalysis_o.html [schneier.com]
The attacker doesn't have total control over the files that collide by any means, but there are plenty of situations where that doesn't matter - if, for example, you're generating signed executable content, it's not hard to use this attack to build two files with the same SHA-1 hash such that one plays nicely and the other doesn't. However, the attack is still out of reach of our computi