This office needs a parking garage.
Why the fuck are americans always building 2 dimensional except for their buildings???
Yeah, right? Looks like you need a car to get from your parked car to the entrance.
Even our local grocery store that is probably ¼ of the size of a typical Walmart (Edeka center in Germany) has a 2 story parking deck and another underground parking garage under the literal store.
Edit: To answer to your comment: This has theme park level parking. They should install a round trip subway under or surface tram at the place
I wouldn't be surprised if there's literally a parking lot shuttle.
Because they have the space. It’s hard for us Europeans to understand. In places where they don’t, they certainly go below ground - look at Microsoft’s parking garage in Redmond.
It's an abundant resource curse; land is the resource that is wasted.
So the question, then, is why build up at all. I'm guessing since this is the NSA lowering surface area for security was a factor.
My office complex is nearly 1 km from one end to the other and a whopping three stories tall, and the third floor is much smaller than the bottom two. If you count the parking lots, it's almost twice as big.
Daniel Bernstein at the University of Illinois Chicago says that the US National Institute of Standards and Technology (NIST) is deliberately obscuring the level of involvement the US National Security Agency (NSA) has in developing new encryption standards for “post-quantum cryptography” (PQC).
This sentence is basically all.
TL;DR: NSA accused of doing that thing that it's been doing for decades, again.
So I wrote a long-ass rundown of this but it won't post for some reason (too long)? So TLDR: this is a 17,600-word nothingburger.
DJB is a brilliant, thorough and accomplished cryptographer. He has also spent the past 5 years burning his reputation to the ground, largely by exhaustively arguing for positions that correlate more with his ego than with the truth. Not just this position. It's been a whole thing.
DJB's accusation, that NSA is manipulating this process to promote a weaker outcome, is plausible. They might have! It's a worrisome possibility! The community must be on guard against it! But his argument that it actually happened is rambling, nitpicky and dishonest, and as far as I can tell the other experts in the community do not agree with it.
So yes, take NIST's recommendation for Kyber with a grain of salt. Use Kyber768 + X448 or whatever instead of just Kyber512. But also take DJB's accusations with a grain of salt.
Honestly at this point... I'd be surprised if they are seriously undermining encryption. NIST and NSA need encryption to work to protect the government itself ... they're to my knowledge not staffed by idiots, and a lot has changed since the 90s and early 2000s. Encryption is a core portion of security in 2023.
Can you try clearing your browser cache and cookies first? It's fine here
another way, archive.org could help you
Paywalled for me too (or rather, it requires "registration" which is basically the same thing - I'm not opposed to paying for a good article but I am opposed to giving them my personal details).
Ya think?!
Really. I hope everyone saw this coming. The process has also been weirdly slow. I'm not sure why everyone is waiting up for NIST.
Thankfully, PQ HTTPS is just around the corner now, and I imagine other TLS-based protocols won't be far behind.
Quantum computers are not even close yet. Maybe some day though.
but quantum resistant encryption are important even now despite that because of store now, decrypt later of long-term sensitive information
That is the problem with encryption. It only provides security over a period of time. Always better to keep data on your own hardware in your own place.
Quantum is also more of an issues for public key crypto. Symmetric key crypto is different.
Could you explain more on that last point? Sounds really interesting.
Asymmetric key exchange works by utilising a complex math equation involving massive exponents that is easy to run to get an answer, but very hard to use that answer to get the numbers you started with.
With traditional computers, you essentially need to try every combination of numbers through trial and error to get the starting values.
Quantum computers are almost purpose built for this kind of math and can solve those types of problems exponentially faster than traditional computers.
However, for a symmetric key, there isn't an exchange that can be attacked, both sides already know the key.
There is still a quantum attack against symmetric key crypto like AES, but it just reduces the effective key size by half. If you use long enough keys (256 bits) you're still fine.
Others know a lot more about this then I do. The short answer is that some problems that are hard to solve now can be easily solved with quantum computers. Factorization of large integers is one of those things that is easily solved and public key crypto is based on that sort of problem. Hence the panic. Symmetric key crypto is not.
I think it comes down to just because quantum computers can solve some problems easily it does not mean they can solve all problems easily. Each situation needs to be looked at.
This office needs a parking garage.
Why the fuck are americans always building 2 dimensional except for their buildings???
Yeah, right? Looks like you need a car to get from your parked car to the entrance.
Even our local grocery store that is probably ¼ of the size of a typical Walmart (Edeka center in Germany) has a 2 story parking deck and another underground parking garage under the literal store.
Edit: To answer to your comment: This has theme park level parking. They should install a round trip subway under or surface tram at the place
I wouldn't be surprised if there's literally a parking lot shuttle.
Because they have the space. It’s hard for us Europeans to understand. In places where they don’t, they certainly go below ground - look at Microsoft’s parking garage in Redmond.
It's an abundant resource curse; land is the resource that is wasted.
https://en.wikipedia.org/wiki/Resource_curse
So the question, then, is why build up at all. I'm guessing since this is the NSA lowering surface area for security was a factor.
My office complex is nearly 1 km from one end to the other and a whopping three stories tall, and the third floor is much smaller than the bottom two. If you count the parking lots, it's almost twice as big.
This sentence is basically all.
TL;DR: NSA accused of doing that thing that it's been doing for decades, again.
So I wrote a long-ass rundown of this but it won't post for some reason (too long)? So TLDR: this is a 17,600-word nothingburger.
DJB is a brilliant, thorough and accomplished cryptographer. He has also spent the past 5 years burning his reputation to the ground, largely by exhaustively arguing for positions that correlate more with his ego than with the truth. Not just this position. It's been a whole thing.
DJB's accusation, that NSA is manipulating this process to promote a weaker outcome, is plausible. They might have! It's a worrisome possibility! The community must be on guard against it! But his argument that it actually happened is rambling, nitpicky and dishonest, and as far as I can tell the other experts in the community do not agree with it.
So yes, take NIST's recommendation for Kyber with a grain of salt. Use Kyber768 + X448 or whatever instead of just Kyber512. But also take DJB's accusations with a grain of salt.
Honestly at this point... I'd be surprised if they are seriously undermining encryption. NIST and NSA need encryption to work to protect the government itself ... they're to my knowledge not staffed by idiots, and a lot has changed since the 90s and early 2000s. Encryption is a core portion of security in 2023.
paywall-free archive
I was curious to hear what argument they were making but the article is behind a paywall. Could someone with access to it summarize for me?
I am curious because this seems a bit implausible to me given that the protocol selection process involves an open competition.
paywall-free archive
Can you try clearing your browser cache and cookies first? It's fine here
another way, archive.org could help you
Paywalled for me too (or rather, it requires "registration" which is basically the same thing - I'm not opposed to paying for a good article but I am opposed to giving them my personal details).
Ya think?!
Really. I hope everyone saw this coming. The process has also been weirdly slow. I'm not sure why everyone is waiting up for NIST.
Thankfully, PQ HTTPS is just around the corner now, and I imagine other TLS-based protocols won't be far behind.
Quantum computers are not even close yet. Maybe some day though.
but quantum resistant encryption are important even now despite that because of store now, decrypt later of long-term sensitive information
That is the problem with encryption. It only provides security over a period of time. Always better to keep data on your own hardware in your own place.
Quantum is also more of an issues for public key crypto. Symmetric key crypto is different.
Could you explain more on that last point? Sounds really interesting.
Asymmetric key exchange works by utilising a complex math equation involving massive exponents that is easy to run to get an answer, but very hard to use that answer to get the numbers you started with.
With traditional computers, you essentially need to try every combination of numbers through trial and error to get the starting values.
Quantum computers are almost purpose built for this kind of math and can solve those types of problems exponentially faster than traditional computers.
However, for a symmetric key, there isn't an exchange that can be attacked, both sides already know the key.
There is still a quantum attack against symmetric key crypto like AES, but it just reduces the effective key size by half. If you use long enough keys (256 bits) you're still fine.
Others know a lot more about this then I do. The short answer is that some problems that are hard to solve now can be easily solved with quantum computers. Factorization of large integers is one of those things that is easily solved and public key crypto is based on that sort of problem. Hence the panic. Symmetric key crypto is not.
I think it comes down to just because quantum computers can solve some problems easily it does not mean they can solve all problems easily. Each situation needs to be looked at.