×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Tor Blacklisting Exit Nodes Vulnerable To Heartbleed

cryptizard Re:Better yet (56 comments)

What does that have to do with anything? You could still learn the destination address, which is what Tor is trying to hide.

yesterday
top

Tor Blacklisting Exit Nodes Vulnerable To Heartbleed

cryptizard Re:Don't people encrypt over TOR anyway? (56 comments)

That's not really the point though, since you can always encrypt traffic using TLS. The point of Tor is to hide the end point you are communicating with from someone who controls the network that your computer is on, like a decentralized VPN. You could always gather traffic on both ends (client side and end point/exit node, called an intersection attack), but it is very unlikely that one party will have control of two separate networks like that. With this attack, you don't actually need control of the other end since you can just query the exit nodes directly and they will leak traffic information to you.

yesterday
top

Tor Blacklisting Exit Nodes Vulnerable To Heartbleed

cryptizard Re:The only thing that may be leaked in addition.. (56 comments)

The point is that, if you know the IP address of the exit node, you can use the heartbleed bug to examine it's outgoing traffic even if you don't have control of the network the exit node is on. This makes intersection attacks much easier because you only need to have data from one end. If I control a network where I see some Tor users, all I have to do is use this exploit on exit nodes until I see outgoing traffic that matches the traffic I see on my own network. I can then link that data to clients on my network and Tor is defeated. This attack is always possible if you control both the client's network and the end point they are communicating with (or some piece of the network between the exit node and the end point), but with this attack you don't need to actually control any part of the network on the exit side because you can just query the exit nodes directly and they will tell you themselves.

yesterday
top

How Amazon Keeps Cutting AWS Prices: Cheapskate Culture

cryptizard Re:AWS is NOT cheap (144 comments)

There are a lot of workloads where it makes sense. If you are doing research and you only need to use a lot of computing resources for a few weeks out of the year to run simulations or something, then it is much more economical to go AWS than have a giant cluster sitting idle most of the time.

3 days ago
top

How Amazon Keeps Cutting AWS Prices: Cheapskate Culture

cryptizard Re:Business class is a misnomer (144 comments)

Yeah I was kind of thrown off by them using the loaded term cheapskate. I would call that efficiency or austerity. Everyone was complaining that they were assholes when companies were flying around in private jets while at the same time laying off employees. Now we complain that they are cheap if they make their employees fly in coach with the rest of us proles.

3 days ago
top

How Amazon Keeps Cutting AWS Prices: Cheapskate Culture

cryptizard Of course it is tape (144 comments)

perhaps the reason Amazon's Glacier storage is so cheap is that maybe it might be based at least partly on tape, not disk

That is one of the stupidest things I have ever read. Of course it is using tape, why else would it take up to 24 hours to get your data when you request it? Everyone knows that is the whole point of Glacier, and the reason they can offer it so cheap. Nobody wants to deal with the hassle of having their own offsite tape library, so Amazon will do it for you with a convenience user interface. That is literally exactly what all of AWS is based on, doing something cheaper for you because they have the expertise and the facilities at scale.

3 days ago
top

Tor: If You Want Privacy or Anonymity, Stay Off the Internet This Week

cryptizard Misleading (2 comments)

The irony is, the those who have put the most effort into privacy and security are the most vulnerable.

I guess what the summary means by this is that only servers which have been upgraded to the version including the bug are vulnerable, but those people are not putting the most effort into security. If there are no known vulnerabilities in the version you are running now, it is better not to upgrade precisely so you don't get in situations like these. Or are you saying that Google doesn't put a lot of effort into their security?

about two weeks ago
top

Tor: If You Want Privacy or Anonymity, Stay Off the Internet This Week

cryptizard Perfect Forward Secrecy (2 comments)

Even worse, attackers can also retrieve cryptographic keys and passwords and use that info to decrypt any past or future web traffic.

This part is not strictly correct. Many TLS connections use ephemeral Diffie-Hellman key agreement which has perfect forward secrecy. This means that even if the long term secrets are leaked later, the session key cannot be recovered.

about two weeks ago
top

NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible

cryptizard Re:This idea is really BS (277 comments)

A factor of 10 in average password length you mean, of which security is exponential. That's nothing to sneeze at. It does seem to be relatively pointless compared to just encrypting the password file with a key stored in the TPM or derived from an administrator password at boot time though.

about two weeks ago
top

NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible

cryptizard Re:Special accounts not required (277 comments)

It's not "slightly wrong" in that it is lexicographically close to the password. It is a password that hashes to the same first few bits, which is unrelated to the relationship between their plaintexts.

about two weeks ago
top

NSA Infiltrated RSA Deeper Than Imagined

cryptizard Re:FIPS 140-2 4.9.2. The Other Back Door. (168 comments)

The 16 is just a lower limit. Almost every cryptographic RNG has a block size much, much larger so it's no big deal. Many applications rely on the fact that you will not get two blocks from an RNG that are the same so it seems like a good test to me.

about three weeks ago
top

NSA Infiltrated RSA Deeper Than Imagined

cryptizard Re:Thank goodness for open-source alternatives (168 comments)

Open-source doesn't help for shit in this situation. Dual_EC_DRBG was an open standard, all the details were public. The problem is that, with cryptographic algorithms, only a handful of people in the entire world are qualified to say whether something might or might not be secure. And even if there is a problem, it might go for years without being found.

about three weeks ago
top

Mt. Gox Questioned By Employees For At Least 2 Years Before Crisis

cryptizard Re:pierce the corporate veil (134 comments)

I didn't say that there wasn't some diversion, but if he really did take and spend over $500 million, they would have been doing more than "suspecting".

about three weeks ago
top

Mt. Gox Questioned By Employees For At Least 2 Years Before Crisis

cryptizard Re:pierce the corporate veil (134 comments)

Pretty unlikely that he spent over half a BILLION dollars without anyone noticing.

about three weeks ago
top

MIT Researchers Create Platform To Build Secure Web Apps That Never Leak Data

cryptizard Re:April Fools Comes Early? (90 comments)

Pretty sure you said brute-forcable which means just trying every key. As far as AES being weak, it is probably the most trusted cipher in existence. It has been around for over 15 years with the smartest cryptographers in the world trying to break it and no flaws have been found. Compare that to other ciphers like DES which researchers were skeptical of on day one and still took 20 years to break.

about three weeks ago
top

MIT Researchers Create Platform To Build Secure Web Apps That Never Leak Data

cryptizard Re:April Fools Comes Early? (90 comments)

First off, the encryption itself is still brute-forceable by a determined attacker with enough resources.

I realized you don't know what you're talking about right here. It would take until the heat death of the universe to brute force a 128-bit AES key.

about three weeks ago
top

Fake PGP Keys For Crypto Developers Found

cryptizard Re: x.509 WTF? (110 comments)

Now that all major browsers have transparent background updating, umm... all of them will remove the CA when Google, Mozilla, etc. do.

about a month ago
top

Getting Misogyny, Racism and Homophobia Out of Gaming

cryptizard Re:Further: (704 comments)

Even in their games, heterosexual interactions outnumber homosexual ones by a significant margin. So... you're whole point is moot.

about a month ago
top

Russian State TV Anchor: Russia Could Turn US To "Radioactive Ash"

cryptizard Re:And the US could turn Russia into vapor (878 comments)

The surprising thing on that chart is that the Netherlands are so close to the US despite being only a tiny fraction of it's size and having less than 5% of it's population.

about 1 month ago

Submissions

cryptizard hasn't submitted any stories.

Journals

cryptizard has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...