Yes, that's how I usually explain programming to someone unexperienced with it. A computer programming language is usually more strictly defined, but depending on compiler and architecture results can differ in computer progamming as well.
Imagine a NSA Codebase, having to hold a million hacks for a million different moving targets, they would grind to a total halt. Implementation variety is defense by burdening the attacker with maintenance for a million little ecosystems.
Well, most modern cryptography is based on assumptions that can not be proven, so having different standards based on different assumptions is probably the only way to safeguard against if one of the assumptions would be proven false in the future.
To nitpick, afaik, its not that they cannot be proven, its that they have not been, and look very hard to prove, which is slightly different (not my area of expertise, but i assume this would be tied to p vs np)
I it not tied to P vs NP as far as I’m aware. But it is the same sort of situation: number theory assumptions that are completely unproven despite many attempts.
I was thinking, if you could definitively prove these assumptions are hard, that would prove P != NP, because if P=NP that would imply there would be an algorithm to solve these types of problems, since they are the type of thing that can be solved in polynomial time with the key, but cannot without a key. (I'm a bit out of my depth here)
Hash functions too. If P=NP then you can reverse a hash in polynomial time.
NP is the set of all functions that you can verify a solution to in polyomial time, and the solution of the inverse-hash function is just a plaintext that hashes to the right value, and obviously you can check if a plaintext is right in polynomial time by just hashing it and comparing the hashes. Thus reversing a hash function is in NP, so if P=NP it's in P.
There's some subtlety here in that "reversing" a hash function really just means coming up with a plaintext that generates the right hash, not the original one, but you can put any polynomial-time set of constraints on the plaintext and finding a plaintext that satisfies those constraints (and hashes to the right value) is still in NP, so the subtlety really doesn't save you much.
Edit:
Side point, but since we're talking quantum, we should really be saying BQP=NP not P=NP, BQP being the problems solvable in polynomial time on a quantum computer, it's a superset of P and a subset of NP, but we don't know if it's equal to either or both. I.e. P=NP implies BQP=NP, BQP != NP implies P != NP, BQP != P implies P != NP, but the reverse of all of those statements isn't known to be true.
Maybe it safeguards them from looking like they've screwed this up, but in terms of providing a concrete recommendation to system implementers, how does this safeguard anything? How does offering multiple algorithms in the PQC category help me make systems safer? What am I actually supposed to do here (how do I reflect this hedge in a system design)?
They didn't feel the need to provide multiple recommendations during the AES, or the SHA-3 process, even though Rijndael and Keccak used different constructions relative to RC6/TwoFish and SHA-2/Blake2. Why now?
The recommendations look clear to me: you should use CRYSTALS-Dilithium (unless you need smaller signatures, in which case use FALCON), but you should also be prepared to switch to SPHINCS+ on short notice if someone breaks CRYSTALS-Dilithium (or structured lattices in general).
So best practice would seem to be to implement both CRYSTALS-Dilithium and SPHINCS+, set CRYSTALS-Dilithium as the default, and provide a switch (config setting, whatever) to switch to SPHINCS+. If you have long-term keys, you should have both forms set up & ready to use.
> They didn't feel the need to provide multiple recommendations during the AES, or the SHA-3 process, even though Rijndael and Keccak used different constructions relative to RC6/TwoFish and SHA-2/Blake2. Why now?
SHA-3 was explicitly alternative reccomendation. The entire point was to come up with something that was not based on sha-2, because they were worried that the attacks on md5/sha1 could be extended to sha2 (which didn't really happen the way people were worried about). Even to this day, general advice is not to use sha3.
Less clear cut for aes, but at time of standardization (and even now afaik), triple des was considered secure, so its not like there wasn't a secure alternative.
These standards arent meant as implementation guides. You still need cryptography knowledge to securely use them.
You are selling the rights of registration rather than the ___domain itself. So yes you are buying the ___domain so long as you keep paying the registration fees and comply with the rules set by the ___domain registry.
Assuming you have the Decryption oracle is the same as assuming you have the key in your example, so you are just saying a OTP is vulnerable if you have the key. This is true for any encryption scheme that I can think of.
This is not generally true. You can easily imagine a cryptosystem where having a decryption Oracle does not give the key.
The fact that it is so easy to get the key given a decryption oracle for OTP just tells us that it’s really easy to show that it’s not CCA secure. The definition of CCA secure allows a decryption oracle with the same key as the challenge ciphertext.
Being a one-time pad makes it irrelevant if you get the key. So it’s CCA secure because you never reuse the pad. You’ve gathered no useful information, ie you’ve only gathered noise that has no use.
It is not CCA secure because an adversary with access to a decryption oracle may get the key that was used to encrypt a challenge ciphertext via the method I’ve described.
In the CCA experiment, the oracle uses the same key as the challenge ciphertext.
It isn’t secure against the attack because the oracle uses the same key.
The oracle is a tool used to formalize our definition. You’re right that the fact that OTP isn’t CCA secure doesn’t matter in practice because the key is only used for one message so such an oracle doesn’t generally exist.
If you look at the work related death rate among workers in the US the number is 0.035 per 1000 people. So if the deaths are work related, it is a huge number compared to the US at least.
If we assume 100% of deaths over this 9 year period work workplace accidents, then yes, this number is alarming. However there's just no way that all of those deaths were work related. We can't know the true number, since there's a lack of trust towards the number provided by the Qatari Government. In the U.S. there were 2,854,838 deaths [1]. The report you linked claims 5,333 of those deaths were work-related. That means 0.18% of deaths in the US in 2019 were not work related.
Now I concede that the U.S. has much better workplace safety guidelines, with OSHA and the like, compared to less developed nations. So that percentage would surely be much higher in Qatar, but how much higher? If we assume that 5% of deaths were work related in Qatar, then that 0.72 overall mortality rate becomes 0.036 per 1000 people, same as the US, with its much better workplace safety guidelines, while assuming a 29x greater percent of deaths being workplace related.
You're forgetting that those non-Qataris are almost all migrant workers, so the population is extremely skewed towards relatively healthy 20-50 year old men. Also, people aren't just worried about directly work related deaths, but about bad living conditions in general.
Yes, there’s no way to know if those deaths are work related because Qatar’s government, despite its modern health care cannot figure out a cause of death for all their migrants. It’s even harder to know if these deaths are work related because Qatar has a verified history of arresting journalists and deleting the interviews where they try to find out the truth.
Does any of that strike you as a problem?
Or heck, do you ever think that Amnesty International is better equipped to make statements than you are?
I think it would be pretty easy to enforce a quota among the Nobel Prize cadidates, your example really does not apply to that. The question is more about whether it is a good or a bad thing.
Should there be correct proportions of each race? Gender? Sex? Nationality? City/Village? Each combination of the above?
Is it discriminatory that there are 0% of the candidates that have the name Karen? When clearly the percentage of the population with the name Karen is not 0?
One of Sweden's biggest grocery stores / supermarkets, Coop [1], is keeping all their 800 physical stores closed today, since their payment system is not working because of an IT-attack somewhere in their supply chain [2]. Connected to this attack?
Most definitely, googling "Coop" "Kaseya" gives a few articles showing they've implemented it for parts of their organizaiton since at least 2009.
Patients in Region Skåne were also unable to access their journals on Friday afternoon (possibly unrelated) and Coop's competitor ICA's apothecary company Apoteket Hjärtat seems to be affected by Kaseya/REvil attack also.
But that was my point exactly. Sure, you can live in Sweden without even knowing how cash looks like so it is cashless in a way. But, if the cash register is not functioning then you are done* with or without cash in your pocket.
* I'd wager that if you know the prices and keep track of what you sell, you'd be fine recording the transactions after the fact.
I wouldn’t be surprised if it’s illegal to accept payment without offering a receipt with all of the correct info, which among a bunch of things include a unique incrementing receipt number.
> Yes but how does the cashier know what the price is?
My understanding was that it was just payment processing that was affected, not the point of sale systems. The scanners and things probably work fine, and I think they could accept cash payments without issue. It’s just not worth it when almost no customer pays with cash.
In my country (Switzerland), while they have massively invested in cashless solutions, a lot of places are still accepting cash, and I think it is a good thing. One of the big retailer (Coop) has self-checkout machines that accept and give back cash (you can insert 200CHF~216USD at a time if you want).
Jordan (head of SNB) is not going to let cash go and even kept the CHF 1000 bill under EU pressure. Thank God.
What urks me is the obvious "never let a crisis go to waste" where we have visa etc marketing that cash might spread Corona.
Yes, I've put CHF 200 in coop register before. Funny, they don't care but if I scan a tiny bottle of alcohol I need to wait for someone to approve it...
The thing is I was in Coop yesterday when the attack started and they had at least two payment methods working fine. Swish and cash.
They likely closed to avoid issues with rejecting customers who didn't get the message. Or perhaps just to be on the safe side because they didn't know who the attack was aimed at.
I dont think this is necessarily due to 'cashless' as much as general computerization. Stuff like prices, article numbers and inventory are likely all digitized nowadays, so even if people could pay with cash I imagine they'd still be keeping closed.
Why isn't the local shop's systems autonomous - the should sync to the company central, sure, but they shouldn't need constant connection to lookup prices.
I think that this is the case, from the reporting it seems like it’s just their payment infrastructure that is affected. Likely they could handle cash transactions just fine. It’s just that the vast, vast majority of Swedish customers don’t use cash anymore, so it’s not worth it to keep the stores open until it’s fixed.
Going cashless is extremely common for customers in Sweden. They would get so few customers (everyone would just go to the next grocery store), and the aggravation it would cause from customers who haven't heard the news and can't pay probably just makes it not worth it to have them open. Take the loss, fix the issue, reopen all the stores when it's done.
