Readit News logoReadit News
ivlad commented on Safe curves for Elliptic Curve Cryptography [pdf]   eprint.iacr.org/2024/1265... · Posted by u/sebgan
genewitch · a year ago
This is the first time in nearly 30 years I've ever heard the claim that you only need 18-20 qubits for something like a 256 bit key.

I've only ever seen the claims of 1:1 key bit to qubits. Aren't there existing claimed quantum computers with 20 qubits? Isn't Canada's machine an order of magnitude more qubits?

ivlad · a year ago
I am sorry, I should’ve read it twice before posting. I meant, QC to attack longer keys should be bigger proportionally. Number of operations is logarithmic. Silly me.
ivlad commented on Safe curves for Elliptic Curve Cryptography [pdf]   eprint.iacr.org/2024/1265... · Posted by u/sebgan
red_admiral · a year ago
RSA needs 4k (or 16k) keys because, with index calculus, these sizes reduce to a subproblem where you effectively need only 2^128 (or 2^256) time rather than the 2^{4k} for brute-force.

I think, but I may be misremembering, that you could apply Shor's algorithm to speed up index calculus by going for the subproblem directly? In this case RSA would fall too.

I note that the NSA recommendations are "move to post-quantum crypto", not "go back to RSA" so I infer that they think RSA-4096 might still be vulnerable.

ivlad · a year ago
I am not NSA, but I think their idea is something along the “once Shor’s algorithm is practical for key sizes of hundreds of bits, it’s only a matter of a few years of engineering effort to make it feasible for thousands bits long keys”. In other words, there is no sufficient safety margin for larger keys.
ivlad commented on Safe curves for Elliptic Curve Cryptography [pdf]   eprint.iacr.org/2024/1265... · Posted by u/sebgan
tptacek · a year ago
This is deeply silly.
ivlad · a year ago
… because?

Edit: yes, I read it and it is.

ivlad commented on Safe curves for Elliptic Curve Cryptography [pdf]   eprint.iacr.org/2024/1265... · Posted by u/sebgan
bvrmn · a year ago
It's hilarious foil-hat level shit here: https://blog.trailofbits.com/2019/07/08/fuck-rsa/#comment-91...
ivlad · a year ago
He is not wrong on the main claim, which is “All ECC (X25519-P521) will be broken by private sector quantum chips before RSA-2048 due to the physical limitations of stabilizing qubits.”

Shor’s algorithm is polynomial, however the number of qubits required is in order of O(log(n)^2), where n is the length of the key. Because ECC keys are much shorter (e.g., 256 to 521 bits) than RSA (2048 to 4096 bits), a smaller quantum computer would be needed to attack ECC.

ivlad commented on The New Internet   tailscale.com/blog/new-in... · Posted by u/ingve
ivlad · a year ago
IPv6 + transport mode IPsec + opportunistic encryption with TOFU or other topologies of trust (including WoT, DNSSEC and PKI). All that is standard, most of it is available and only requires configuration (and, ideally, being turned on by default).

There is very little use for companies like Tailscale in this setup, it’s scalable and works.

ivlad commented on CrowdStrike will be liable for damages in France, based on the OVH precedent   thehftguy.com/2024/07/25/... · Posted by u/charlieirish
xxs · a year ago
Well, it'd be a lot easier if most US entities understood that M/d/yy(yy) format is rare, or that default to Frankenstein degrees is pretty much the same/awkward (even Microsoft reset their weather widget to F on regular basis).

The root of issue, not understanding local laws/culture, is very similar - surrounded by a vast market/culture (US +Canada) dulls your senses for the rest of the globe.

ivlad · a year ago
I acquainted with a guy at a conference in US and he was genuinely surprised I had no idea, how long US mile is. I explained him, we use metric system and his response was “but don’t you learn *the standard* system in ache school?” I did not know, how to respond.
ivlad commented on The six dumbest ideas in computer security (2005)   ranum.com/security/comput... · Posted by u/lsb
dvfjsdhgfv · a year ago
> The cure for "Enumerating Badness" is, of course, "Enumerating Goodness." Amazingly, there is virtually no support in operating systems for such software-level controls.

Really? SELinux and AppArmor have existed since, I don't know, late nineties? The problem is not that these controls don't exist, it's just they make using your system much, much harder. You will probably spent some time "teaching" them first, then actually enable, and still fight with them every time you install something or make other changes in your system.

ivlad · a year ago
> You will probably spent some time "teaching" them first

SELinux works well out of the box in RHEL and its derivatives since many years. You comment shows, you did not actually try it.

> fight with them every time you install something or make other changes in your system

If you install anything that does not take permissions into account, it will break. Try running nginx with nginx.conf permissions set to 000, you will not be surprised, it does not work.

ivlad commented on The six dumbest ideas in computer security (2005)   ranum.com/security/comput... · Posted by u/lsb
crngefest · a year ago
Well, my experience working in the industry is that almost no company uses good security practices or goes beyond some outdated checklists - a huge number wants to rotate passwords, disallow/require special characters, lock out users after X attempts, or disallow users to choose a password they used previously (never understood that one).

I think the number of orgs that follow best practices from NIST etc is pretty low.

ivlad · a year ago
> disallow users to choose a password they used previously (never understood that one)

That’s because you never responded to an incident when user changed their compromised password because they were forced to only to change it back next day because “it’s too hard to remember a new one”.

ivlad commented on The six dumbest ideas in computer security (2005)   ranum.com/security/comput... · Posted by u/lsb
lobsang · a year ago
Maybe I missed it, but I was surprised there was no mention of passwords.

Mandatory password composition rules (excluding minimum length) and rotating passwords as well as all attempts at "replacing passwords" are inherintly dumb in my opinion.

The first have obvious consequences (people writing passwords down, choosing the same passwords, adding 1) leading to the second which have horrible / confusing UX (no I don't want to have my phone/random token generator on me any time I try to do something) and default to "passwords" anyway.

Please just let me choose a password of greater than X length containing or not containing any chachters I choose. That way I can actually remember it when I'm not using my phone/computer, in a foreign country, etc.

ivlad · a year ago
Dear user with password “password11111111111” logging in from a random computer with two password stealers active, from a foreign country, and not willing to use MFA, incident response team will thank you and prepare a warm welcome when you are back to office.

Honestly, this comment shows, that user education does not work.

ivlad commented on Microsoft AI spying scandal: time to rethink privacy standards   spectrum.ieee.org/online-... · Posted by u/walterbell
capital_guy · a year ago
> You choose to have Gmail

Disagree with this. self hosting email is notoriously difficult. Gotta give the data to somebody. Plus, your work email is either going through MSFT or GOOG, 99% of the time

ivlad · a year ago
This is a lie created by webmail providers. There is nothing difficult in self hosting email, abd ensuring email delivery.
i

u/ivlad

KarmaCake day260January 1, 2015View Original