Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - First SHA1 Collision (googleblog.com)

ad454 writes: Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. We've summarized how we went about generating a collision below. As a proof of the attack, we are releasing two PDFs that have identical SHA-1 hashes but different content.

https://security.googleblog.co...

User Journal

Journal Journal: First SHA1 Collision

Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. We’ve summarized how we went about generating a collision below. As a proof of the attack, we are releasing two PDFs that have identical SHA-1 hashes but different content.

Comment clear USA customs/immigration in Canadian airports (Score 0) 191

That is what I do, especially when flying in from Europe and Asia, since the USA agents are much more friendly and reasonable in Canada.

However during the last few years, I refused to visit Australia, now that it is not possible to opt out of dangerous full body airport scanners there. At least in the USA I can get a safe full body massage alternative, which I always do instead of flooding the top 1mm of skin with harmful EM radiation.

Looking at the security theatre, censorship, and surveillance being done now in Australia, I don't see how you can say with a straight face that it is better for visitors than the USA is.

Comment No Dream Phone Yet from Any Manufacture (Score 2) 62

My dream phone is a large 7 inch 4G phablet, with stylus, wifi (IEEE 802.11ac or newer), HDMI (out), GPS+GLONASS+Galileo navigation, 1080p (or higher) OLED display, unlocked boatloader, and pre-installed with rooted LineageOS.

The large size still fits in my purse and eliminates the need to carry a separate tablet. Besides I mostly use my phone for web, email, and conferencing (with screen sharing) far more than for occasional phone-calls.

On the Android side, I am sick and tied of locked bootloaders, preinstalled crap-ware, and proprietary Android versions. Give me LineageOS, the Cyanogenmod successor, since it does exactly what I want without unnecessary crap, and is more secure than alternatives.

Comment Re:Fix the abuse, keep the program (Score 2) 271

...I've worked in outsourced IT environments -- everything takes twice as long and nothing new will ever be attempted in a company that has someone else running their iT, partially because change orders cost so much.

I have also experienced this first hand, where top developers, engineers, architect, cryptographers, and scientists each waste hundreds of hours per year dealing with "IT self service". If one had to add up all of the lost hours and productivity by these people, it would greatly exceed many times over, the savings companies like mine save by outsourcing their IT, which in our case was with ATOS.

BTW, outsourcing IT, should also include using flaky and insecure cloud services, especially Microsoft Office365, which created so many more issues compared to when we had our own corporate servers run by IT.

Comment Many countries prohibit turn right on red. (Score 1) 359

In most EU countries and other places, it is prohibited in general to turn right on red, where one has to wait for the lights to turn green, or right green arrow, before one can make a right hand turn.

https://en.wikipedia.org/wiki/...

Although when driving on the right, it is still faster to make a right turn then making a left turn, since one often has to wait for on coming traffic. I can't help but wonder if the time saving that UPS gets in reducing left turns in Europe is far less than in North America where turn right on red is allowed.

Comment qubit scalability is still unknown (Score 2) 89

Although this appears to be a great achievement, pending independent peer-review of course...

The fact is that that it is still a big unanswered question in physics as to how the number of qubits with superposition of their quantum states will scale in terms of time and energy. Many physicists think that this might scale scale exponentially.

So yes, we can expect to make quantum computers with a several (maybe even a few dozen) qubits with superposition of their quantum states; but if we need to double the time and energy as we add more qubits, it becomes impractical. Even if one find 10x or 100x improvements in obtaining superposition, if one does this with the large number of qubits needs to break classical public key crypto, such as RSA (via factoring), or DH/ECDH & DSA/ECDSA (via discrete log), it may take more time than the projected heat death of the universe and/or more energy than in the universe, especially with large key sizes.

Note that quantum computer systems such as those from D-Wave now have 2000 qubits, but these function without quantum superposition of their qubits, and hence cannot be used to break public key crypto. Mind you, even without superposition, D-Wave systems appear be to many times more efficient in computing some things compared to classical computers, such as for some types of simulations, so they are still useful in there own right.

Physicist should would find out how qubits scale, long before anyone is able to build one capable of breaking public key crypto. By then, there are a number of usable but less efficient (bigger & slower) quantum resistant public key alternatives which we can switch to, such as lattice based crypto, long before there is any quantum computer risk to Internet security.

In terms of science fiction risks to crypto, I am much more concerned about super-intelligent AI (or really clever human mathematicians) figuring out some shortcut to undermine trapdoor functions which public key crypto is based on, than I am with quantum computers.

And currently, the biggest risk to worry about are the countless security flaws and backdoors in modern hardware and software, such as Intel VPro/AMT, and organizations such as the NSA undermining crypto standards and protocols.

Comment I would consider purchasing a Note 8, if... (Score 1) 212

Samsung could clearly and verifiably show what the real issue is with the Note 7, which they have not done yet. And then show that it was completely solved and safe in the Note 8.

Plus ship the Note 8 with a fully unlocked Bootloader, so that we can easily install crapware-free ROM's such as CyanogenMod.

There are a lot of good things to like about the Samsung Galaxy Note series, including phablet size, stylus, and display.

Comment Re:I for one (Score 3, Informative) 275

So what do we do about Neptune then? It certainly hasn't cleared its orbital path of Pluto.

If you look at the orbits of Neptune and Pluto in 3D, they never really cross.

In fact due to 3:2 resonance between them, the closest they ever get to each other is 18AU, about the distance of Earth with Uranus.
https://www.quora.com/Will-Nep...

So yet, Neptunes orbit is considered cleared.

Note that small bodies in rensonace and in Lagrange points are considered excluded from the planetary "clearing" requirement, since they are not in the way of the planet's orbit.

Comment Re:I for one (Score 1) 275

I for one will not recognise it. Reinstate Pluto, you right rotten rat-bastards, then we'll talk.

Give it up!

It makes no sense to let small dwarf planets like Pluto, which are too small to have sufficient gravity to clear their neighbourhoods, to be called planets without having to add many more other dwarf planets in the solar system.

Eris is 27% more massive than Pluto, should it be a planet as well? And there is likely even more massive undiscovered objects further out in the solar system. And there are many dwarf planets much smaller than Pluto, such as Ceres with similar properties including signs of recent geological activity.

Comment Outer Space Treaty (Score 1) 275

What about the Outer Space Treaty which prevents ownership of by celestial objects by nation states?

https://en.wikipedia.org/wiki/...
The treaty explicitly forbids any government from claiming a celestial resource such as the Moon or a planet. Art. II of the Treaty states that "outer space, including the Moon and other celestial bodies, is not subject to national appropriation by claim of sovereignty, by means of use or occupation, or by any other means". However, the State that launches a space object retains jurisdiction and control over that object.[4] The State is also liable for damages caused by their space object.

This means that that at best a space nation would have to consist of one or more "grouped" space stations, which would cost many tens if not hundreds of trillions of dollars, and still likely not be entirely self-sufficient and independent from Earth. Even with all that, a space station would likely not be considered a nation, any more than a cruise ship or oil platform is currently.

If you want you own country, it would be far easier and cheaper to claim some rock in the middle of the ocean, away from any 300 nautical mile national exclusion zone, or better yet just buy out or take over a poor failing state.

Comment Aw how cute... (Score 2, Insightful) 24

Some lawyers and researchers at Stanford still think that the USA is a democracy which follows the rule of law, especially for its surveillance apparatus and unaccountable agencies (CIA, NSA, Homeland Security, ...).

I do hope that no one bursts their bubble, it would be like telling small children that there is no Santa.

Comment wake me when end-to-end crypto is supported (Score 1) 87

End-to-end crypto solutions on the client side, such as S/MIME & PGP have existed for nearly 20 years.

But for Android users, there is simply no decent e-mail app in which supports this type of required security in Google Play store, while also supporting office365 (required for work), tablet mode, and threaded message viewing.

Stock mail app, Gmail, Outlook, Touchdown, Nine, etc., none of these apps meet of these criteria. And don't mention Samsung Knox, which is only available with stock Samsung ROM on its hardware, and won't install or work with custom ROM's on its hardware such as cyanogenmod.

I very much prefer Android over iOS, but wished there was at least one decent and secure android mail app which meet my criteria, the way that iOS stock mail app does. Not to mention having the extremely handy in-app file attachment preview of pdf, word, powerpoint, excel, etc. which iOS stock mail app provides.

If any decent Android mail app ever does go on sale, I would be happy to pay up to $100 for it, especially for something close to iOS stock mail app. Since this would be a bargain compared to switching back to iOS just for decent mail.

Comment Skype for Business sucks... (Score 4, Informative) 109

The Android version does not support screen sharing, so it is useless for presentations.

The Mac and iOS versions are not stable and crash numerous times during meetings. (My record is >20 crashes in less than an hour with both clients.)

The HTML version is also too limited.

Even the Windows versions suffers from login issues, not present in the other ports, especially if you log in through a ADFS (Active Directory Feberation Services) corporate portal and have security restrictions.

In the end I cannot believe how bad Lync was and Skype for Business is, compared to any other alternative, including GoToMeeting, WebEx, etc.

If only, we were not forced to use this steaming pile of Microsoft meeting software at work.

Slashdot Top Deals

Brain off-line, please wait.

Working...