Profile

Cover photo
Daniel Brue
Works at none of your business.
Lives in Why would anyone put where they live?
14,659 views
AboutPosts

Stream

Daniel Brue

Shared publicly  - 
 
 
Get your best paper, cut a circle and fold it, fold it so that the circumference falls on a fixed point inside. Repeat, using random folds. Now see the creases. This is how you paper-fold an ellipse. =)

Mathani creation
 http://mathani.tumblr.com/
1
Add a comment...

Daniel Brue

Shared publicly  - 
 
Lifehacker Australia: Why Patching Heartbleed Doesn't Fix The Security Time Bomb. http://google.com/newsstand/s/CBIw7ZOmrRo
1
Add a comment...

Daniel Brue

Shared publicly  - 
1
Add a comment...
 
How Heartbleed showed the importance of Perfect Forward Secrecy

That many of us may have to change our passwords for our online accounts is really inconvenient, but the possibility that one of our accounts is compromised is no where near the worst case scenario.

The worst case scenario is that the server's secret key may have been compromised. If this happens, there are some horrible consequences. An attacker could use that key to decrypt any connection made to the server, which would mean that any email, bank transfer, purchase, anything at all would be visible to someone with the server's secret key. If the server is not using Perfect Forward Secrecy, then an attacker could use the compromised key to decrypt any communication with that server, ever.

That's the value of PFS. It isn't a form of cryptography in itself; it's a key exchange protocol that helps to protect past communication. It doesn't keep a key from being compromised, and if a key is compromised, PFS doesn't prevent it from being used to spy on new encrypted connections. What it does do is protect the old connections. This may not seem immediately important, but consider that it is easy today to record all communications between two computers, and today we have reasons to believe this is a common practice. An attacker can copy all encrypted communication, even if he can't read it yet, and keep it for the day when the key is broken. Once that day comes, he could have years of back records on hand that are newly readable.

PFS prevents this scenario by using a new, random, per-session key that prevents past communications from being decrypted even if one of the party's secret key is compromised. 

To tell if your connection is using PFS, look at the connection details provided by your browser. PFS does not work with RSA, the method requires a key space based on an Abelian point group. It does work with discrete logarithms or elliptic curves, so if you see DHE or ECDHE, then the connection is using PFS.


#cryptography #security  
1
Add a comment...

Daniel Brue

Shared publicly  - 
 
Since it's suddenly International Change Your Password Week thanks to Heartbleed, EFF gives some good advice. Be careful of phishing emails asking you to change you password. Always use known links. 
 
Please be careful about phishing emails masquerading as Heartbleed password change notices. If you're unsure, you can type the URL for the site by hand or use a known good bookmark.
1
Add a comment...
 
US Census changes survey questions on health care in such a way that it won't be able to compare statistics before and after the Affordable Care Act.

This is either incredibly poor timing, or someone is really concerned about what an objective before-and-after picture of Obamacare is going to look like.
Changes to the Census Bureau’s annual survey on health insurance will make it hard to gauge any shift in the number of uninsured; an internal paper called the timing “coincidental and unfortunate.”
1
Add a comment...

Daniel Brue

Shared publicly  - 
 
 
The Proof of Pythagoras Theorem by Vector Method - dot product
1
Add a comment...

Daniel Brue

Shared publicly  - 
 
Heartbleed explained by XKCD
1
Add a comment...

Daniel Brue

Shared publicly  - 
 
Nice explanation of the Heartbleed bug in OpenSSL.
1
Add a comment...
Work
Employment
  • none of your business.
    present
Basic Information
Gender
Male
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Why would anyone put where they live?
Links