stingwray

Don't know where you've been living in the UK, but our government official endorses and recommends you use AES (FIPS 197). IOC Personally I think you have to have a really big reason not to use AES, standards are there for a reason and you can't really argue that not having things like file formats and encryption standardized is a bad thing. Using other encryption algorithms that have different advantages, like a particularly low memory usage for an embedded device is an example of a good reason. Also everyone forget about ever creating your own algorithm, we all should know how that ends up!

The work that has gone into studying the algorithm is like studying the surface of the earth for Black Swans, two or three times, if there was a "backdoor" then it would have been found by now and would have been found very quickly. No one hashes things 2000 times, no one hashes anything twice, the definition of a good hash is a one way function, so after one hash you can't go back, doing it 2000 times isn't going to improve security and is just going to waste resources. Rainbow tables don't work again encrypted data because the key isn't stored anywhere hashed or not hashed to compare anything to. Decryption of a block of data happens whether you know the key or not, if its wrong you get garbage back out again. When you decrypt something successfully its not garbage, there are lots of ways to verify that decryption has been successful. So with nothing to compare to, you can't build a big lookup table to compare things against, this is hurt further by the fact that you can't build up a look up table for data, because now you need a table including every key encrypting every single piece of information. This is getting very big. Hashes are used on encryption keys because people are lazy and choose bad passwords. A hash will do a relatively good job of making a small amount of data, into a slightly bigger standard amount, which is what encryption algorithms want from a key (padding with 0's would be a bad idea). Hashing doesn't improve the security more than that, because an attack probably knows that they key was hashed before and what algorithm was used. They could use a rainbow table then to find out the original password, but given they are probably more interested in the contents of encrypted file than the original password, they are unlikely to do this. People are getting confused between a "backdoor" in an algorithm and a exploit in the math being discovered which reduces the amount of time to brute-force the algorithm. A backdoor is almost certain to have been discovered in testing of the algorithm. A method for reducing time however is a real possibility, but it won't be by much as again, a big flaw would have been picked up already. But this is why in a couple of years, NIST will have another competition to design the next symmetric key cipher to become a standard.

No more so than Windows or Linux, yes Objective-C is the default standard, but that is like C/C++ for Linux and Windows with the add on of C#. I don't know of any mainstream languages that you can't use on Mac, hell the Java VM is built into OS X. Also because of its BSD/UNIX roots, ported Linux OSS to Mac is often a lot easier than to Windows.

OS X is a brilliant platform to develop on, even if your developing not for OS X so I don't know what you mean by limiting? Its anything but. Actually you couldn't be more wrong, especially now that Apple have "entry" level laptops and phone if you want to put it that way. The Mac Pro and XServe are known to be very good value for money, that is unless you use Apple BTO where they will charge you through the roof for upgrades, but then most places do that. Yes you pay more than average slightly for an Apple product, but you get a hell of a lot more in features and quality than with a Windows Machine.

Salting does not improve the security of an algorithm, salting improves the quality of the key if it is a poor key, but not if it is already a good secure key. You can't add random bits all over the place, a salt may be random but it is required then to decode the content, AES supplies support for an Initialization vector which will be different each message, this is to prevent the same message being encrypted the same way every time. IVs are sent with the encrypted message in the plain-text, because it is secure to do so as they can't gain any information from the IV and the IV is required to decrypt the content.

Open source vs. Pen Test Tool? Your not even making sense, software engineering philosophy against a software category?

The broken was crap, systm was alright, some episodes were ok but I stopped watching a long time ago. Citizen Engineer is pretty good, so move onto something better (hopefully).

Yes

AES is the symmetric key encryption standard, given the amount of research the gone into proving its safety any backdoor that existed would have been found. The people you are talking to may work for the government but they won't be working for the part that deals with this kind of stuff. AES 128bit is still unlikely to be crackable with even large supercomputers that are none to exist. However I have broken into AES encrypted data before, but its simple because either the implementation had a fault or the key that was chosen was extremely poor.

Bournemouth is a doable day trip at the least, the trains going back are reasonably late as well so it wouldn't be a bad day. I'm quite happy to help organize somethings but accommodation isn't one of those things when I'm not going to be using it. I don't think the committee is the problem, more that getting anyone to be concrete on themselves is more difficult.

They aren't computer crime units by the sense that they deal with online crime, they deal with crimes which involve use of a computer, which given this is the information age is getting to be about nearly all crimes. As far as I am aware, there is no one currently designating with the job of handling online crime, the closest we have is GCHQ, but thats more like having a police department constantly watching CCTV footage all the time. You would hope that it wasn't something like that, but given the governments initiative to integrate every single system into one huge super database so that we can cut all the red-tape between departments thats most likely the cause. I wonder how long it will take to pay itself off? I hope you are enjoying the service that you are paying for!

I think you've chosen the wrong place to advertise, you should be trying to reach out to potential customers not people who are not going to hire you. Also you require a portfolio if your going to do web design. You don't even list your business address, so very few people will hire you because of that.

Phone Losers of America, cracks me up all the time.

The police are not interested because as far as I know, there is currently no department which deals with online crime again. We had a unit, it got merged into SOC, they didn't want to do it so it stopped. We created another unit and then recently they lost all funding. I wouldn't compare multinationals to civil servants, they are completely different. 2 week downtime is very very plausible, especially with the exceptionally poor management and the large multinationals hiring all the smart people. If it's much bigger than you are saying, I would expect the press to be picking up on it, at any rate it'll be interesting to see how this unfolds.

Interesting and worrying if it is true.

What? And you don't think that Microsoft takes Open Source and sells it? I'd check your $400 quote, $30 for Snow Leopard and I tell you what, I'm quite happy to spend a little more on average to only have one operating to choose from, none of this Basic Home Business Ultimate crap. The reason why I use OS X is that it gives me a Unix environment which is great for developing in and takes away all of the hassle that comes with it. Yeah sure Apple could do better in places, but then the same can be said for Microsoft and all the Linux distributions. Personally I would spend $30 a year on a Linux operating system that worked as well as OS X on my MacBook Pro. I think Microsoft has complete ruined the OS market place with its 6 year development cycles, bombarding the user with different versions and charging through the roof for it. It might even be so shot to pieces that it'll never recover. I also think the article is fair, without OS X having been around, Linux would still be very very long away from what it is now. Apple turned into something that people desired, yet wouldn't always spend the money on, Linux has given them an option of trying something different from Windows, without which Apple they wouldn't no what else was out there. Ask the average Joe on the street what he has heard of, Windows, OS X or Linux, the later will rarely be mentioned.

I'd be going if it was Berlin, but couldn't agree more on Paris.

I would think you would be very lucky to get a car share, it doesn't look like there is going to be a huge attendance, best start looking at trains, planes and not automobiles. No base level of skill, just require a healthy appetite for learning. You could bring your desktop, however I don't know where you would leave it, we will be traveling by public transport for the majority of time, so you would have to carry it around as well. Plus we are likely to want to be mobile depending on the activities we get up to. So laptops best me thinks.

Trains out of London suck generally for getting away, I know if I want to get the last train back to the country from Victoria for me its 9pm, no one can do anything before 9pm, thats only half a day. Living in the Docklands I'll be about all the time, served by a good night bus luckily, last time I went I only just managed to catch the last tube home and even that was by sheer fluke. OpenTech should be good to meet people, don't have to worry about the talks too much and we can just do stuff there to see what its like. I'm sure we can always go AWOL if it is really crap this year.

Just read this, given the amount of poorly secured data on the internet, I'm surprised this doesn't happen more often to be honest. I have to say I lol'd when I read they blamed the competitors for not buying the data because they talked to the wrong people. I hope they had the sense to say no because they'd be in more trouble being found with the data then doing the job itself.

I'll be hitting 2600 as well, not been that many times before, first friday of the month always seems to be busy for me. Then I'll be at Open Tech, possibly helping out. It was good last year and its not too 'tree hugging hippies', there were some good talks, but a lot of stuff was repeated. Hopefully with help it'll become something to be proud of if they keep improving. I'll keep the rest of the weekend free, so hopefully we can go and do some geeky things.

You can also use regex's to return the last eight characters, only matching on a string which has at least eight characters. if ($line =~ m/(.{8})$/) { print "'$1' is the last eight characters of the string!\n"; } else { print "The string didn't have eight characters!\n"; }

Where it really starts to get funky, is when you have AES which is a block cipher, but you can run AES in different modes, one of being a stream. Cryptography is a really interesting subject, but because of the pitfalls in implementing an algorithm even (see entries to the NIST hash competition), design and implementation is best left to the professionals for production environments.

When block ciphers do their stuff, they generally do it to a single block at a time, with no reference to previous or successive blocks, this allows them to decrypt content at any part of the file, which is useful for stuff like full disk encryption. Block size has little effect on the security of an algorithm and as Sparda has mentioned, the biggest effect is that cipher text will have a size which is a multiple of the block size which can hold all the plain text. Key size generally determines how secure the algorithm is, in very very simple terms. This is because good algorithm design should only have one weakness, which is a Brute Force Attack. The key size determines the number of possible keys and therefor the amount of time to do a BFA. Obviously there are a number of other factors when you get into it, but thats a good high level overview.

Right below: No you are trying to show off, as Vako said, most of these speed tests you can fiddle in many ways and if not by purpose then you stumbled on a bug. Your other screenshots are easy to fake. All you have been doing is claiming you have this speed. Perhaps you should re-read your posts to work out where you are in your story. I'll talk to you however I like thanks, its evident that you don't know much. I don't have a problem with helping people out, I have a problem with how people go about asking for help. I try to reply with more than the owner gave, so if they gave crap then I'll give crap in return, they give good thought out content, they'll get a good reply from me. People posting threads like this one always makes me think if I want to stay. This community seems to have a few exceptional individuals and a sea of idiots. The forum seems to have been pretty slow for a while anyway.