Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Infosec Thread: Yes, time to move off LastPass
 
  • Post
  • Reply
ExcessBLarg!
Sep 1, 2001

Mr Chips posted:

Can you explain the mathematics for the first bit for everyone else who's interested in understanding why?
Prime numbers exist above 10,000, so the claim that 9533 is the largest prime is pretty laughable. As for why, I'm not a Mathematician so I won't explain it in a rigorous way, but intuitively there's nothing particularly special about "10,000" to think that there aren't prime numbers larger than that.

As for why it's a problem, the security of RSA relies on it being "slow" and "difficult" for computers to factor composite numbers into their prime factors. But while computers are "slow" at doing that, they're still able to do it pretty well for numbers of sizes that we can comprehend. Eight-digit RSA keys are effectively trivial to factor. Back in the 90s, RSA-768 keys with 232 digits (116 digit prime factors) were considered secure. But an RSA-768 key was factored in 2009 and at some point (if not already) they will be factorable by folks with sufficient funding (governments, etc.). RSA-1024 (~300 digit keys) is still considered secure, but uncomfortable, with RSA-2048 (~600 digit keys) being recommended (to the extent folks still recommend RSA).

Wolfram MathWorld has a page on RSA Numbers, discussing different key sizes and when the RSA Factoring Challenge keys were broken.

* # ¿ Nov 24, 2015 17:22
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 3, 2024 13:37
  • Quote
ExcessBLarg!
Sep 1, 2001

Harik posted:

Do they have a justification for it, or is it just "Someone tried to be clever and now we need to be backwards compatible"?

Edit: It's because there's no good option to store metadata, so they need to keep the encrypted file length the same as the unencrypted length.
So they're trying to store an encrypted file without taking up any additional space from the unencrypted version? Presumably the key is derived from a user-input passphrase, but where do they store the IV and MAC? Do they have an IV and MAC?

Couldn't they store the additional metadata in extended attributes? Or do they need to be FAT compatible for USB sticks?

Edit: Oh, Dropbox. Why do they care about the exact file size again?

ExcessBLarg! fucked around with this message at 17:00 on Dec 28, 2016

* # ¿ Dec 28, 2016 16:58
  • Quote
ExcessBLarg!
Sep 1, 2001
 Wasn't this basically the consensus when Windows Defender came out ten years ago?

* # ¿ Jan 31, 2017 14:54
  • Quote
ExcessBLarg!
Sep 1, 2001

Kazinsal posted:

A buddy of mine used to distribute a PDF of their resume that was also an ISO of their hobby operating system that, upon booting, would open a PDF viewer with their resume in it.
PDF is child's play. Designed as an append-to-update format, compliant viewers are supposed to seek to the end of the file and find the pointer to the most recent xref table. This means you can basically put anything at the beginning of it. This is to say nothing of the vulnerabilities introduced by various extensions to the format that you can drive a truck through.

* # ¿ Feb 17, 2022 15:10
  • Quote
ExcessBLarg!
Sep 1, 2001

CommieGIR posted:

As you said, they exist to make money. By companies who already have exploitive practices. Why would this be different?
AWS is certainly for-profit, but Amazon does help organizations to try to reduce costs by evaluating their usage, promoting reserved instances, promoting newer instance types (which are cheaper per-cycle), and generally be more efficient.

Just taking reserved instances as an example, it can both be cheaper for the customer and generate greater profit for Amazon than on-demand EC2 pricing, because it enables Amazon to provision less overhead capacity since they have a more accurate usage forecast.

There's also a fundamental resource limitation problem. Amazon can built out datacenters quickly, but not as quickly as folks might need to scale out their instances. Pricing goes up when there's a resource crunch, so it's to everyone's benefit to utilize their services more efficiently.

* # ¿ Apr 21, 2022 20:47
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Infosec Thread: Yes, time to move off LastPass