Cap'n Refsmmat

The existence of free will does not necessitate that everything I attempt should succeed -- merely that I be freely able to attempt it. Suppose, then, I have free will, and I decide to murder my neighbor. Free will means I can take my gun over, aim it at him, and fire. Free will does not mean that God cannot stop the bullet in mid-air and prevent my neighbor's death, just like free will does not mean that I can travel at four times the speed of light if I want to. I am not concerned with God's goals. I am concerned with whether God is omnibenevolent. Should He value other goals at the expense of His benevolence, then we shouldn't go around calling Him omnibenevolent.

SETI was not cancelled. It has not been run by the government for years.

It need not negate God. It merely fails to provide evidence for His existence.

Spam subject line of the day: "A bookstore clogs next to the genocide"

If he can determine any IKn, he can determine any other IK. That is a weakness. you can use IK to permute a key as hella long as you want:-) but that changes Nothing: you get set of keys mathematically related each other & no so definitely that relations shall be so hard to calculate. See what I did there? Read the article on Wikipedia I linked to. Sickness of your cipher is leaving patterns in multiple blocks of ciphertext. Read the article I linked earlier.

So? In CBC mode, the next block depends on the previous ciphertext block, so a given block does not cipher to the same ciphertext every time. It is contingent upon previous blocks, which makes it far more difficult to make certain kinds of attacks. How does this relate to the generation of patterns? Since you're in the position to understand your cipher mathematically, perhaps you can answer this. Also, if the IK changes predictably, it's almost as good as not changing at all.

Well, if you've done all the mathematics of crypto analysis and demonstrated that your cipher is better, you should write that up and publish it. You should also create a mathematical description of your cipher, as other ciphers have. Also, you could try to make cross-platform code, since I cannot compile it on my Mac. Now, if I understand correctly, you transform the IK here (reformatted for clarity): for(int s=0; s++ < Num0fRounds;) { i=-1; while(abs(++i) < num_read) { unsigned int *Adr; if(lngth0fIK - i > 4) { Adr = (unsigned int*)(included_key+i); included_key[i] += included_key[*Adr % lngth0fIK]; } else included_key[i]+=included_key[*Adr%i]; } } However, the IK transformations do not in any way depend on the ciphertext, so you're again subject to problems with patterns. I'd suggest reworking your cipher to use the previous ciphertext block in mixing with the IK. Your IK mixing is deterministic, and you don't want that. Could you elaborate on the formula you use to turn this ping number into a key? I'd read the code, but this section is even more difficult to understand. You really should pick a formatting style and stick to it. Maybe try K&R C. I can actually think of a very simple scheme to generate entropy from this that makes far more sense to me. Here: Ping site and record time. Ping same site again and record time. If time 1 is greater than time 2, record this as 0. If time 2 is greater than time 1, record this as 1. Thus you get 1 bit of entropy for each, with no magic scheme. You should also hook up your RNG output to tests like these: http://www.fourmilab.ch/hotbits/statistical_testing/stattest.html

I just ran a test on a few websites. ping gave me a standard deviation of 1 ms or so. Not very random. Getting access to someone's Internet connection is trivial. The US government mandates that ISPs include facilities so that anyone's Internet connection can be tapped with a search warrant. You could even eavesdrop on the pings on an encrypted wireless connection, such as one you might use at home -- you don't need to know the content of the packets, just their timing, and WPA won't protect that from eavesdropping. So I could guess your keys even when you're using a secure connection at home, just by sitting outside with my laptop. Does your method do any mixing between blocks? Does the ciphertext of a future block depend on the ciphertext of previous blocks? If not, your cipher is vulnerable to the attacks described in the article I linked to, and will leave patterns in the data that can be easily analyzed. I'm not a professional cryptographer, so I can't do any more sophisticated cryptanalysis. But I can ask this: what benefits do you believe your method has over existing public-domain cryptographic systems, such as AES?

Do you believe Satan exists? If so, why does Satan exist to do evil things to us?

Science has a monopoly on hypotheses whose veracity can actually be determined. Other methods may produce the truth, but there's no way to know.

But ping times will be relatively consistent -- if I ping example.com, I'll get around 50ms each time. So when I generate several different keys using this method, they'll be related in some ways, because they're generated from very similar numbers. This is known as a side channel attack and it potentially makes the algorithm useless in certain situations. For example, what if I'm in a country where the government controls the Internet service providers (like China)? What if I'm using public wireless Internet? What if I use this in a large corporate network and someone else on the network uses a security flaw to read my data? The data can be leaked very easily. Actually, your C++ is very difficult to understand, since the formatting appears to be random and there are no explanatory comments anywhere. From what I gather, though, your algorithm appears to just repeatedly XOR the file against the IK, along with adding the file to the IK and a few other things. That seems exceedingly weak; you'll still leave large patterns in the file. It looks kind of like ECB: http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 Not only do you leave patterns in the ciphertext that can be analyzed, you use a weak XOR algorithm that could be broken.

You can. There is a LaTeX tutorial that explains how to write mathematical formulas on SFN. However, as per rule 10 of the SFN forum rules, I'm moving this to Speculations, where it belongs, until you've actually proved your hypothesis.

eCryptfs is available under the GNU General Public License, and ciphers such as AES and Twofish are in the public domain (i.e. no license restrictions whatsoever). You have yet to explain how your cipher works. How does it use each key to generate ciphertexts? When you cipher each file with the IK, how does that process work -- is it a block cipher, using S-boxes? How does the key schedule work? Currently there are no known practical attacks against AES, so I'd trust it. Why do you consider ping times to be a source of entropy when they are relatively constant from a given location on the network? Under normal conditions, they deviate only slightly. Have you done statistical tests to ensure the randomness of this source? Have you compared it to, say, the built-in entropy gathering in Linux and OpenBSD, or the methods used by the Entropy Gathering Daemon? Ping times are also easy to observe by simply tapping one's Internet connection, so eavesdropping makes your cipher easy to crack. Oh, another question: How long are the IK and PK, in bits?

That sounds a lot like eCryptfs, although that uses pre-existing symmetric ciphers (AES, Blowfish, Twofish, 3DES, etc.) to achieve the same thing. In eCryptfs, there's a global passphrase which is used to derive a key, like your PK. Individual files are encrypted with unique keys, like your IK, and those keys are encrypted with the global key and stored in the first block of the file's ciphertext. So, the question is: Why did you need a new block cipher algorithm to implement this? How does your cipher do the actual ciphering -- is it like AES, Twofish, or the others? Or is it a unique cipher?

What benefit does that have over just using the PK? If a person can recover the PK and decode the IK, they can recover the plaintext. Does this method provide some resilience against key-recovery attacks that ordinary block ciphers do not have?

I just looked over my Kindle's order history and, well, this year was surprisingly productive... 16 Terry Pratchett novels. I recommend all of them. Jesus: Apocalyptic Prophet of the New Millenium, which is Bart Ehrman's take on the New Testament. Ehrman is a well-known Biblical scholar, and he thinks Jesus was the first in a line of apocalypticists in Christianity -- that is, Jesus' primary message was that the world was going to end soon and the Kingdom of God would come to Earth. Interesting book because it challenges your preexisting notions while justifying its positions very well. Anatomy of an Epidemic: Magic Bullets, Psychiatric Drugs, and the Astonishing Rise of Mental Illness in America, by Robert Whitaker. Central thesis: psychiatric drugs make mental illness worse, not better. My verdict: not as insane as you'd think, once you've finished reading. I posted a review of this earlier this year. When Prophecy Fails, a classic work of psychology. Psychologists infiltrate a group whose leader believes she receives messages from aliens; they must prepare for the destruction of Earth, where the close followers will be transported off Earth in the nick of time by the aliens. This is the book largely responsible for popularizing the idea of cognitive dissonance, and it's fascinating. The story could be better told -- it's written by social scientists proving their hypothesis, not journalists writing a good story -- but it's fascinating and hilarious. Amusing Ourselves to Death: Public Discourse in the Age of Show Business, by Neil Postman. You might not agree with all of its conclusions, but it's still interesting (and relevant, despite being a decade or two old). Packing for Mars: The Curious Science of Life in the Void, by Mary Roach. A fun overview of spaceflight, but skimps on the spaceflight and emphasizes the "fun," dealing more with Roach's adventures in writing the book than in hard facts about space. Do Androids Dream of Electric Sheep?, by Philip K. Dick, which is the book that spawned Blade Runner. Dark but gripping, and thought-provoking. I crammed a collection of George Orwell's essays in here. Read this essay at the least: it's Orwell on "Politics and the English Language". It is doubleplusgood. Carrying the Fire: An Astronaut's Journeys, by Michael Collins, the First Man to Watch Two Other Guys Land on the Moon. Interesting stories of the space program (bonus points for this radio transcript: "YOUNG: I got the farts again. I got 'em again, Charlie. HOUSTON: Okay, you have a hot mike." [i.e. "your microphone is on"]). The Technology of Orgasm: "Hysteria," the Vibrator, and Women's Sexual Satisfaction, by Rachel Maines, because, well, you can't pass up a book with that title. Short version: For thousands of years, men thought women were incapable of orgasm, and cured female "hysteria" (restlessness, irritability, etc.) with genital "massage". Eventually someone discovered that this could be done by machine, and suddenly their female patients kept coming back. Stalling for Time: My Life as an FBI Hostage Negotiator, by Gary Noesner, who was chief hostage negotiator for quite a few years. The incidents are interesting, but this book is rather light otherwise. Some good stories, but not much else. American Gods, by Neil Gaiman, to whom I say: er, what just happened? Lamb: The Gospel According to Biff, Christ's Childhood Pal, by Christopher Moore. Perhaps one of the best novels I've ever read, and it's even better if you know a bit about Jesus and you don't mind blasphemy. It's the narrative of Jesus' life, as told by his childhood friend, who is a smartass. Moore sticks well to New Testament narratives, but there's that inconvenient gap between Jesus' birth in Luke and his preaching career twenty years later. Moore fills it in with his own hilarious story. Go, buy the book. Bloodsucking Fiends, by Christopher Moore. A woman is turned into a vampire against her will, for the amusement of another vampire. An aspiring writer who works the night shift at Safeway comes to her aid. Roughly as hilarious as Lamb, but shorter and with no Biblical references. Homicide: A Year on the Killing Streets, by David Simon. This is what happens when a Baltimore Sun journalist spends a full year hanging out in the homicide department with unrestricted access to everything. It was published in 1991, but it is still fascinating, while gritty and somewhat disturbing as well. Very good overall. The Mind's Eye, by Oliver Sacks, which I am in the midst of. Not as good as Sacks' older books, I think; you just start getting interested in the case when he moves on to the next chapter and the next patient. Primates and Philosophers: How Morality Evolved, an interesting journey into the world of science and morality. It's an unusual format: the first portion of the book is an essay by Frans de Waal, who works with primates and explains how they show evolved moral behavior. The rest of the book is five essays by other philosophers and scientists, who build on some of de Waal's points and criticize others. Fascinating, but requires your constant attention or you'll get lost. That gives me more than 30 books read, and I currently have around $80 of Amazon gift card credit to spend on more Kindle books. Funny, I don't feel like I read that many books...

I'm afraid I don't understand your description of the cipher. Is this a block cipher or a stream cipher? Can you explain how its internals work? As for collection of entropy... isn't that a job for a CSPRNG, not the cipher itself? For example, you could use the operating-system provided random number APIs, which on some systems are designed to be cryptographically secure.

It's also a result of the dry air absorbing moisture from your mucus membranes and respiratory tissues, drying them out and making them vulnerable. You'll also be getting static shocks from everything you touch.

If you want dry air, you're really dependent on your local weather. You can probably get a dehumidifier installed in any central-air system, or install them by your radiators if you use those. That's more effective than hoping that the local weather is always dry. Really dry air isn't always good, though, since it encourages dry skin, irritates the respiratory system and encourages static shocks to build up.

I've died in a dream. Shot through the heart by someone in a tree outside my window. To the best of my knowledge, I'm still alive.

Ah, fixed now. Very odd; there's a firewall rule to redirect port 80 to port 8008 on localhost so the webirc client can listen to it, but it looks like the firewall forgot and I had to restart it. Perhaps something happened when we ran that upgrade a few days ago... edit: hah! not even the Incredible Hulk can get past Shorewall!

Hm. I see the same thing. I'll try to track down the issue.

When edit time was unlimited, we had several members who got angry and blanked the content of all of their posts, which naturally makes conversations very confusing. Deletion would be similar. You can always report posts and someone will take care of them -- we're not bothered, unless you start reporting posts because you misspelled "hippopotamus" and can't edit it any more, so you want it deleted to start over.

Generally, such behavior suggests to me an ulterior motive, because I'm always suspicious. swansont has warned you against posting Politics discussions in the Lounge to circumvent the restrictions there.

I don't think you can justify allowing evil things to happen by claiming that the victims shouldn't suffer while they contract smallpox and have their fingers chopped off with rusty spoons.