| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 1999/1/14-17 [Computer/SW/Security] UID:15232 Activity:high |
1/13 Irish lassie makes encryption breakthrough:
URL: http://www.msnbc.com/news/231690.asp
\_ Who cares? The only people who use encryption are pinko commies
and perverts with something to hide . . . and dirty foreigners.
It's no surprise that a foreigner came up with this. I wouldn't
be surprised if she turns out to be a commie.
\_ Gee. If that 16-year-old girl were a Cal student instead,
would you guys say the same thing?
\_ It would depend on whether or not she was a hottie.
\_ She was rather plain but I'm sure soda geeks would be all
over her.
\_ Has it been subjected to any serious peer review? Bruce
Schneier points out that smart people are wont to invent bad
ciphers when they ignore peer review...
\_ It was submitted to a school science fair. (or fare? wtf is the
online dictionary?)
\_ /csua/bin/webster
\_ I would be really interested to see an alternative crypto
algorithm that is "10 times faster than RSA". Unfortunatly
the most technical detail provided by the URL is that she used
2x2 matrices.
\_ Is there a philcrypt? I'll bet that Phillip could kick her
ass without even trying . . .
\_ cnn reported that an unknown American student known only
as "Phillip" appeared at her home in Ireland and kicked
her ass. Witnesses reported that he didn't even work up
a sweat.
\_ There's better info at:
http://slashdot.org/comments.pl?sid=99/01/13/0931237&cid=500
Summary: no big deal
\_ How long does it currently take to encript one piece of email?
If it only takes 1ms or so, it isn't a big deal even if it's ten
times faster, right? How many pieces of email can you send in
one second?
\_ Currently, public-key encryption is too slow to use even for
email -- that's why programs like pgp encrypt your mail using
ordinary private-key encryption, and then use RSA to encrypt
the key.
\_ So how slow is it? Say for a 10KB text email that someone
types up, approximately how long does it take?
\_ How about a 30GB file? Or a few terrabytes? With the rise in
ecommerce and the movement of large amounts of financial data
on the net, this is a serious possibility for a large corp. or
a government. Could also be plans for that new jet fighter. A
marketting campign. Or the Pres. ordering a hit on a foreign
national. Smaller delays are always a good thing if the cost
is zero.
\_ If it's even only "as good as" existing methods, it would be
a great thing, seeing as how
1. It is OUTSIDE the US
2. it is not patent or copyright protected.
\_ My impression was that her "method" was just a speeedup
to RSA, which would mean that you still have to pay
RSA to use it.
\_ I read some pseudo tech stuff from the MIT guys she worked
for and ripped off the core ideas from. It isn't RSA.
\_ Can you give a URL, please? |
| 1999/1/14-17 [Academia/Berkeley/Ocf] UID:15233 Activity:kinda low |
1/13 Does anyone know where to find that program that tracks who
fingers you, like OCF did a few years back?
\_ Masterplan - the finger detector
http://www.netspace.org/~ldb/masterplan.html
Perhaps a little crusty, but anyone tried it? -slow
\_ Haha, there isn't any
\_ So they wrote the program by themselves and locked away
the source code?
\_ Yes. -alanc- (aka finger@ocf)
\_ Check our ~yuen/misc/plan that I got from Andrew Choi six years
ago. It creates ~/.plan as a pipe and monitors when someone
reads it. --- yuen
\_ Go to UCB Excess & Salvage & buy all the former OCF
apollos and you'll find the source code on one of
them.
\_ if you care that much, freebsd fingerd logs the "target" of
the finger request in /var/log/daemon.log. grep your name
in /var/log/daemong.log. --jon
\_ actually, daeomn.log only shows remote finger requests, but
then that is implied by fingerd. --jon
\_ Check our ~yuen/misc/plan that I got from Andrew Choi (achoi)
six years ago. It creates ~/.plan as a pipe and monitors when
someone reads it. Cool! Don't know if it still works on this
incarnation of soda though. --- yuen
\_ Doesn't work on multiple-machine clusters like
EECS, OCF, or most ISP's.
\_ FreeBSD finger does a silly check of your .plan to see if it
will fit on one line or not; which is fine, but then it
"rewinds" the file to display the whole thing. You can't back
up in a pipe (named or otherwise), so it barfs. I'll fix that
in source one of these days and compile a new finger binary;
will post when it works --dbushong |
| 1999/1/14-17 [Politics/Domestic/California/Arnold, Industry/Startup] UID:15234 Activity:nil |
1/13 Company to offer free long-distance phone calls:
http://www.hotcoco.com/eveningstories/rob18910.htm |
| 1999/1/14-17 [Computer/SW/WWW/Server, Computer/HW] UID:15235 Activity:low |
1/13 I'm thinking of buying a RedHat Secure Web Server (it only cost $61
now at Frys). Here is my question. Must the secure server be on the
internet (persistent connection)? Can I install it on multiple machines
or is it single machine based (ie. I need a special certificate thingie
from the trusted site for each machine)?
\_ You can use one certificate for multiple machines provided that
they each have identical IP and FQDN. Beyond that it gets
pretty dicey. But this setup will allow you to round
robin to a large number of machines.
In general you want a web server to be persistantly
connected otherwise people won't use it. --appel
\_ You can use one certificate for multiple machines provided
that they each have identical IP and FQDN. Beyond that it
gets pretty dicey. But this setup will allow you to round
robin to a large number of machines. In general you want a
web server to be persistantly connected otherwise people
won't use it. --appel
\_ Ah, gotcha, so if I purchase a secure server, I can't install
it on many different servers because the secure server needs
some special certificate thingie from certified RSA sites right?
Why is the following server (with RSA license) so cheap $61????
<DEAD>necxdirect.necx.com/cgi-bin/auth/ifilelnk_q?key=0000131917&nonce=guest<DEAD>
\_ To use HTTPS you need to purchase a certificate from companies like
Verisign/Thawte/etc. The RedHat secure server is really a FALSE
ADVERTISEMENT. It is like advertising a new car that costs $5000.
After you purchase it, the manual, with fine print, says you must
purchase transmission and engine, sold separate for another $10,000.
\_ Generate them yourself with SSLeay! The user will then have
add the CA (you) to the list of trusted CAs
\_ is R.S.W.S. JUST a web server, or is it basically
"install this CDROM, and you get a black box that does web serving"?
(except technically, it's a clear box, but anyways...) |