On Dec 31 2008, 1:52 pm, "Ezekiel" <somewh...@xxxxxxxxxxxxx> wrote:
> I'll use an example from earlier this morning. As some may already know,
> researchers were able to generate MD5 hash collisions in only 3 days using a
> cluster of PS3s. All kidding aside, this could be done in hours or minutes
> on a botnet.
I'm not sure that's a glowing endorsement of Windows. However, there
are grids such as World Community Grid that will do this nicely.
> In the industry that I work in, this is relevant. If I worked
> at my own shoe-shine stand like some of the "advocates" here do then I could
> understand why someone wouldn't care.
Most of the Linux advocates in this group don't have an income that
depends on software royalties. They work as consultants, operators,
system administrators, often combining OSS software such as Linux with
proprietary software. Many use both Windows and Linux, as
workstations and as servers. They have enough experience to have some
very strong preferences.
Unfortunately some would rather engage in personal attacks rather than
address actual issues. The WinTrolls who post in this group are even
worse. They prefer to quote Microsoft's "Fast Facts" and then when we
actually look at the referenced surveys and trace back to the original
tests that sing the praises of Linux, Unix, and OSS - they claim we
are lying.
> Assuming that there might be some technical people here who might actually
> want to (heaven-forbid) actually "DISCUSS" something relevant I posted a
> scenario where an ISO image could be compromised and a link to a recently
> published research paper that suggests that md5 may be vulnerable to a
> pre-image attack required to do this sort of thing. This is brand new
> research and the paper was published just a few months ago.
RSA encryption has two primary vulnerabilities. First, it depends on
two prime numbers. If you have some content that you already know,
such as a generated message, and you have several fast computers - you
can crack the key in a few MIPS years. Remember that a 2Ghz Pentium
can crank out about 4-8 mips/years per day.
The other vulnerability is how the keys are managed, passed, and
stored. For example, if you get a key from Microsoft or Verisign, the
keys are stored in a public repository that is controlled by a private
company who is in now way regulated by any act of congress. Your key
could be voluntarily turned over to law enforcement agencies without
even a warrant, because the CAs are working as unpaid informants. The
same key could be used by thousands of users, making it more
attractive to those who would wish to crack the commonly used key.
There are even some publishers who use the Microsoft issued private
key used for testing software. It's a private key that everybody
knows and most Windows PCs running XP or Vista will accept. In effect
it's a public "back door".
> Instead of "DISCUSSING" the COLA idiots immediately attack as if I somehow
> claimed that this had already been done. The moron who calls itself Peter
> Kohlman started off his discussion by pretty much throwing every insult in
> his arsenal at me and then claiming that this is "impossible."
Very unfortunate. There are way too many COLA advocates resorting to
personal insults, when there are good arguments against the standard
"Fast Facts" cases made by WinTrolls. A true penquinista should try
to review the case being presented and identify the impacts that
Microsoft has "deemphasized" in the original. For example; the
assumption that if you use a UNIX web Server that you will also need a
separate Novell Netware server and that Unix/Linux will only support
as many users as the same sized NT 4.0 server (ROI Unix vs NT).
Some are harder to refute. For example, the counter surveys that only
count browsers that accept ActiveX controls - surprise, Linux is 0.1%
of that market. Or counters that only count IP addresses - but Linux
hides behind NAT firewalls shared with Windows users - surprise, Linux
is only 3% of that "Market". The surveys that actually count uniquely
identified users (persistent cookies) generally don't get published,
the information is highly confidential and when it is disclosed, the
reports are expensive (up to $5,000 per viewer).
I would ask Linux advocates to argue based on available information.
Argue for the technology rather than resorting to personal attacks. I
would invite the WinTrolls to do the same. It seems like the
WinTrolls like to bait Linux Advocates into personality attacks to add
"noise" to a thread where someone has made a good case.
Look at the favorite targets like Roy Schestowitz, who essentially
captures a bunch of good articles about Linux, usually around a common
theme (search engine results), and provides some choice quotes with
each cite, and a 1 line personal comment. Yet they claim that Roy is
some sinister evil character - because he knows how to use vi to
generate these things in 3-5 minutes and can generate 20-30 of them in
a day.
It seems the more effective you are as a Linux advocate, the more
personal the attacks by the WinTrolls become.
> I sure hope that Kohlman contacts these cryptographic researchers and let's
> them know this is "impossible." After all - if Peter Kohlman 'proclaims'
> that this is impossible then it shouldn't even be discussed.
All crypto keys can be cracked, the question is how much information
is required to crack it, and how long does it take. DES and AES are
very effective cryptography keys, but need to be passed using a
private key encryption such as RSA or PGP. Since the DES or AES key
can be any 64 bit or 128 bit sequence, it's hard to know whether
you've cracked the right key.
> He has spoken
> and published research papers should all be burned because they are a waste
> of time. Internet slime and Roy Schestowitz's personal ass-licker Peter
> Kohlman has proclaimed it to be "impossible" so why should anyone listen to
> those cryptographic experts.
And there you go with your personal ad-homonym attacks. If you want
people to discuss the technology with you, you have to stop acting
like a redneck who's just finished a gallon of Jack Daniels.
> As usual other clowns from the "COLA gang" jump in to support Peter. First
> we have Chris Ahlstrom who jumps in, attempts to insult me, claims that I
> made a "real whopper" then runs without even attempting to defend his
> position.
At this point, your personal attacks will have turned off most
readers, so they won't actually read anything technical that you, or
anyone else responding has to say.
|
|
