Forgone conclusion of an assertion that "everybody" is being spied on, and a slide that talks about the importance of http with logos of some major websites... Sad to say, but in a court of law that's a pretty weak set of evidence to show standing. (everybody agrees with us and look their presentation has our logo!) Granted I believe that Wikimedia does have standing, just that they fail to prove it here. On the other hand, the judge ruling that such circumstantial evidence can be proof would lower the bar in plenty of other cases to allow standing on more vexatious lawsuits. While it's disappointing to see the NSA continue to avoid any accountability by hiding any evidence of their abuses by exploiting national security exemptions to transparency, I can't exactly disagree with the courts deciding to not throw out the burden of proof requirement to show standing, as it would set a bad precedent.
Hopefully, they'll be able to find better more concrete evidence to present that will finally prove what we all know.
His arguments are hilarious.... "its bipartisan, we worked reeeaaallly hard on this, and the DOJ like it... waaahhhhh the legislature didn't consider my ideas!"
In this case its not factoring. Its solving the discrete logarithm problem.
Given C, find A and B where A^B = C. A is the "shared prime" so you have to solve log C / log A. Discrete logs are computationally expensive to calculate, even more so than factoring. (which is just brute force multiplication) This is why DH keys can be much smaller than RSA and still be relatively secure.
PGP doesn't necessarily use DH. SSL does for key exchange. both use RSA for identity verification (signing) and a block cipher for the actual data encryption.
DH was designed for the very reason of passing that block cipher key over an unencrypted channel, it packs secrets in a hard to reverse format that can be combined on the other end so that both sides come to the same conclusion, without every transmitting their own secret. Otherwise you have to establish an encrypted channel to exchange the key... You can do this with RSA, but in that case, the key for every key exchange session is the same. Break one session, break them all. DH allows a different key exchange each time, so if you crack one key, you crack only that session.
Primes are important for mathematical reasons. They have certain properties that make verifying results provable. For example (4^3)^2) => 4^32 (4^6) but, so would 2^6^2 (2^62 => 2^2^6 => 4^6), so it breaks the "provableness" (not a mathematician pardon the bad language) because multiple inputs can yield the same result. (That's a problem when it comes to signature verification when you need to prove knowledge of a specific secret)
The point being is that the prime is used with separate secrets to derive a key. prime + secretA + secretB. Like using rainbow tables for md5, one could (with enough computer power) generate all the possible derivations. Since its designed for insecure channels (ie, in order to share a secret over an untrusted/unencrypted connection), intercepting the intermediate keys (prime + secretA and prime + secretB), and checking them against the factored table gives you the secrets. do for both. then you can derive the "secret key" that allows you to decrypt subsequent chatter.
So to answer your question, its not so much as "crack" but rather "factor" all of the potential prime+randomPrime combinations ahead of time.
Well obviously Google will just have to comply with both laws simultaneously in all countries. Like golden keys for encryption, there is obviously a way for these brilliant people to fix this issue but they just choose not to. Clearly the law is always perfect, fair, and mindful of how technology works. /s
"Make no mistake: The bandwidth used by Netflix is paid for."
Could have just stopped there and prevented himself from sounding like a toddler complaining that other kids get cookies too.
So we have to coddle our teachers now and protect them from big bad scary students who might not like them and hurt their feelings? Seriously, I've seen teachers deal with difficult students who didn't like them. Universally, the better approach was to engage these students. When teachers just resort to throwing there "authoritah" around to punish any student that doesn't fall in line, it tends to exasperate the problem. Vulgar or not, the proper response to some kids teacher diss track is more speech from the teachers, not to throw the book at the student to shut him up.
"First, the policy only states that Sprint/Nextel collects information about the phone’s location – not that it discloses this information to the government or anyone else."
Nice to see a court that doesn't buy into the bogus "Third party doctrine" and realizes sharing information with a company/provider shouldn't take away an individuals expectation of privacy.
"US Secret Service is a Federal Angency and any misuse of the Agencies name for advertisement or for whatever purpose is not allowed at all on the internet or otherwise"
The irony here is so strong it almost seems like its a parody... almost...
Techdirt has not posted any stories submitted by icarusthecow.