Re: Claimed proof of the Riemann Hypothesis released
Perry E. Metzger wrote: Actual practical impact on cryptography? Likely zero, even if it turns out the proof is correct (which of course we don't know yet), but it still is neat for math geeks. Right. He constrains his proof to dealing with a specific subset of Dirichlet zeta functions, which means he's not proving GRH or ERH, the former of which would have some - mostly theoretical - implications on crypto in the sense that it would make a number of primality algorithms, previously running in assumed P, provably polynomial-time. Even if he proved GRH, I don't think the implications for crypto would be particularly great -- yes, things like Miller-Rabin would provably run in O(ln(n)^4), but AKS already runs in provably-polynomial time without dependencies on unproved theorems, and has been improved to comparable speed: O(ln(n)^k) | k=4+epsilon for certain cases, upper bound k=6+epsilon [1], possibly faster since the last time I looked. Cheers, Ivan. [1] See Crandall, Papadopoulos: On the implementation of AKS-class primality tests (March 2003) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: threat modelling tool by Microsoft?
- Original Message - From: Ian Grigg [EMAIL PROTECTED] Subject: threat modelling tool by Microsoft? Has anyone tried out the threat modelling tool mentioned in the link below, or reviewed the book out this month: http://aeble.dyndns.org/blogs/Security/archives/000419.php I played with it for a bit, short story: it crashed. Long version: it feel very clunky, and lacking in features. The output isn't very pretty either, and rather difficult to understand. Additionally, although it can find users easily (in fact it already does this) it doesn't import them without manual intervention. With a large userlist though I suspect that the user listing interface would become rather unusable. With that said, for a small installation it should be fairly usable, and certainly better than nothing. For a large installation though or a situation where depth of security analysis is necessary it will probably become unwieldly, and it seems likely to collapse under it's own weight. Joe - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Claimed proof of the Riemann Hypothesis released
On Wed, Jun 09, 2004 at 04:56:03PM -0400, Perry E. Metzger wrote: Actual practical impact on cryptography? Likely zero, even if it turns out the proof is correct (which of course we don't know yet), but it still is neat for math geeks. Also, the impact of such a proof is often that it represents a milestone in understanding a certain piece of theory, so in the long run the ideas used in the proof may be useful even if the result is no suprise, just as in the cas of factoring challenges, when the work done to come up with algorithms that can factor large integers may be important, and the fact that someone was able to factor an integer of a certain size may say something about the state of the art, even though nobody will actually give a hoot what the factors turned out to be. Of course, who knows about this particular case--apparently this guy has a history of premature announcements. --b. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Is finding security holes a good idea?
Cryptography readers who are also interested in systems security may be interested in reading my paper from the Workshop on Economics and Information Security '04: Is finding security holes a good idea? Eric Rescorla RTFM, Inc. A large amount of effort is expended every year on finding and patching security holes. The underlying rationale for this activity is that it increases welfare by decreasing the number of bugs available for discovery and exploitation by bad guys, thus reducing the total cost of intrusions. Given the amount of effort expended, we would expect to see noticeable results in terms of improved software quality. However, our investigation does not support a substantial quality improvement--the data does not allow us to exclude the possibility that the rate of bug finding in any given piece of software is constant over long periods of time. If there is little or no quality improvement, then we have no reason to believe that that the disclosure of bugs reduces the overall cost of intrusions. Paper:http://www.dtc.umn.edu/weis2004/rescorla.pdf Slides: http://www.dtc.umn.edu/weis2004/weis-rescorla.pdf -Ekr - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: TIA Offices Discovered
R. A. Hettinga wrote: From: Tefft, Bruce [EMAIL PROTECTED] ... Where Big Brother Snoops on Americans 24/7 By TERESA HAMPTON DOUG THOMPSON ... Although employees who work in the building are supposed to keep their presence there a secret, they regularly sport their DARPA id badges around their necks when eating at restaurants near the building. The straps attached to the badges are printed with DARPA in large letters. That's the main DARPA building. For driving directions, see the DARPA web site: http://www.darpa.mil/body/information/location.html It's not very surprising that folks there wear DARPA badges. Should we congratulate Hampton and Thompson on their discovery? Or should we chip in and buy them each a new tinfoil hat? Their full article may be found at: http://www.capitolhillblue.com/artman/publish/printer_4648.shtml I imagine parts of it are actually true. But then again, a stopped watch gives the correct time twice a day. More-reliable accounts of TIA are readily available. A useful compendium is: http://www.eff.org/Privacy/TIA/ including: http://www.eff.org/Privacy/TIA/20030520_tia_report.php http://www.eff.org/Privacy/TIA/20030523_tia_report_review.php http://www.eff.org/Privacy/TIA/20031003_comments.php et cetera. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]