stipes
- Karma
- 25
- Created
- April 7, 2010 (16y ago)
- Submissions
- 0
I'm a grad student at UC Berkeley working on usable security. In the past, I've worked on privacy enhancing technology, anonymity systems, anti-censorship, and Internet routing.
I (sometimes) blog at http://cthomp.net.
Agreed. As a point of comparison, it looks like you can get 650 million/s on a cg1.4xlarge instance [1] (Amazon's GPU computing instance with 2x Tesla Fermi M2050 GPUs), and it looks like they cost $2.10/hour per…
Your numbers show that SRP-SHA1 is about 50000 times better than salted SHA1. Not great, better than nothing (at least for those of us without dictionary-targetable passwords).
Down-thread [1], someone claims to have found SRP to be about 172 times slower than SHA1 on CPU due to the modular exponentiation and other overhead. Some numbers run by zaroth (down-thread) [2] show that we could see…
My guess? The team was solid. Since they found something else (i.e., something better), they probably are.
The design of BitCoin only includes very weak anonymity. A medium-to-large scale network analysis could most likely break any anonymity people thought they had.
Yes, in general write to /dev/random with the write permissions is how entropy gathering daemons and the like work. It gets added the input and mixed in. However, that doesn't fix the issue of how a snapshot restore…
Part of the problem is the conflict of transparency and security here. Fixing the wholesale reuse of RNG state would most likely require modifying the guest so that it is aware of being restarted from a snapshot so it…
I did some research work last semester on crypto inside VMs. One of our initial readings was Yilek's work on attacking VM crypto through VM snapshots http://cseweb.ucsd.edu/~syilek/ndss2010.html
Whoops. The protocol you described is actually secure against that, since your login passes the preimage to the server for hashing and then comparison.
This increases the password space (assuming a cryptographically strong hash), but if the datastore is compromised, an attacker can just bypass the client hashing (by changing JavaScript, etc) and just pass in the hash…
I believe Koza has several patents for things he has discovered using Genetic Programming / Algorithm techniques.
Well, as true decentralized bootstrapping is still an open problem (as far as I know), I'll give them a bit of a pass on that. It's an interesting idea, but I'd agree that there are possible ramifications of repeated…
Bodybuilders would tend to go for the 100% method, not the 80/20. Although reading through some responses to the book on bodybuilding forums is an entertaining way to spend an hour.
I would personally say that even if nearly everything in the book fails for me, it was a good enough read to be worth $15 (roughly what I would pay for a novel, let's say).
He isn't CEO anymore...
I'm more familiar with the term "Computer Engineer" applied to hardware design folks, and "Software Engineer" with human programming. Am I nuts? Aside from the nitpick, the point is a good one. Thanks for the essay.
AGPL is the license that closes the service provider loophole. Normal GPL only applies if you are delivering binaries---providing a service is considered "in-house" use.
Thus the reason the AGPL was created, although hardly anyone uses it (to my knowledge).
I much prefer this treatment: http://rjlipton.wordpress.com/2010/06/26/stating-pnp-without... However, it is more of a "p vs. np for non CS theory people".
The article is rather sparse on technical details. The homepage for LOCKSS is http://www.lockss.org/lockss/Home. It appears to use some sort of Byzantine fault tolerance in its auditing system (to detect the fault and…
There's a good wiki on Starting Strength at http://startingstrength.wikia.com/
I was surprised by the lack of mention for PlanetLab and Emulab.
TLS/SSL can cache the session in order to actually improve performance and scalability. Otherwise you'd have to redo the exchange each time you made a request. My guess is that the level of caching you'd want TLS/SSL to…
I read this back as a private preprint. Definitely well designed (a good fit for USENIX, where it will be published). They had to overcome some significant technical hurdles in order to get it to be properly backwards…
My initial reaction to the title was that winning a professional level soccer game by more than five points does cause a loss of sorts: the physiological taxation that such effort causes could easily decrease the…