Posted on 10/05/2005 7:42:38 AM PDT by N3WBI3
Opinion: It's not coincidence that after Massachusetts made it clear that it would support open formats, Microsoft is now going to include PDF in the next version of Office.
What is Microsoft up to, anyway, with its sudden plan to finally support PDF?
It wasn't announced by Bill Gates loudly to the world at the Professional Developer Conference a few weeks ago. It also wasn't proclaimed to the Microsoft faithful at its recent Most Valuable Professional Global Summit.
No, instead, Microsoft quietly squeaked out the news on a Saturday afternoon in Microsoft Office Program Manager Brian Jones' Weblog.
Could it be that it's because Microsoft is backing its way into ever so reluctantly supporting an open format after Massachusetts decided that it would only use office suites that supported open formats like PDF and OpenDocument?
It certainly looks that way to me.
For all of its talk about being an innovator, Microsoft is really just a follower.
PointerClick here to read more about Microsoft's decision to build PDF support into Office 12.
Sometimes, of course, the company is a very, very reluctant follower. It took Microsoft's leadership forever to live down the fact that they had initially dismissed the Internet. Now, I see Microsoft slowly and painfully embracing open standards.
Mind you, this move is just a beginning. I recently pointed out that it would be trivial for Microsoft to add OpenDocument support to Office.
I don't see that happening anytime soon now though.
With PDF support alone, Microsoft can still try for Massachusetts government contracts without having to add OpenDocument.
Well, until StarOffice, OpenOffice.org and WordPerfect's support for OpenDocument force Microsoft's hand anyway.
After all, PDF is much more of an end-result format than one that most people actually want to edit in. As OpenDocument and the applications that enable it gain more support, Microsoft will find itself forced into supporting it too.
Now, some might say that this is just Microsoft giving the people what they want. Many users have been asking for a PDF option from Microsoft since Adobe Acrobat 4 appeared in 1999.
eWEEK Special Report: Office Politics
But, if that's all there was to it, then why was Microsoft banging the drum for its own PDF substitute, Metro, only a few months ago?
Still others might say that is part and parcel of Microsoft's recent efforts to compete against Adobe in other ways: Sparkle vs. Flash, Acrylic vs. Photoshop and so on.
To which, I say, "Why now? Why announce it in such a subdued way?"
No, all those other things play a role, but at the end of the day, Microsoft felt that it must make at least a concession to open standards by adopting PDF.
After all, it's not like Massachusetts is the only entity that is seriously considering making supporting open standards a requirement for its software purchases. Massachusetts was just the first to make it official.
Microsoft would love it if it could make everyone stick to its proprietary formats. That forces customers to keep buying its products. But it can't. And, much as Microsoft may hate it, its executives know it. So it is that as quietly as the company could, Microsoft is, once more, making concessions to open standards.
eWEEK.com Senior Editor Steven J. Vaughan-Nichols has been using and writing about operating systems since the late '80s and thinks he may just have learned something about them along the way. He can be reached at sjvn@ziffdavis.com.
You're thinking about authentication, I'm talking about encryption.
Authentication is the ultimate requirement of encryption. Without it, you can't decrypt, making the entire mechanism useless. Amazing what lows you boys will stoop to.
Actually, it's absolutely impossible to get back to the original phrase. That's why they're called one-way. The point of a hash is to say "input A gives output B" while being extremely difficult to reliably make more than one input give the same output (a collision). You also don't want to see a hash and be able to mathematically calculate another value that could produce that hash. The former would mean a hash is theoretically suspect, the latter would mean it's absolutely broken.
Among other things, hashes are a way to protect your secret (not obscured) information while allowing comparisons with it.
But as for as obscurity of the algorithm goes, how would you like it if everyone had been using SHA-0 for years with the public not having access to the algorithm, only to find out that those who do have access to the algorithm found it was breakable long ago. All you'd need is a leak of the algorithm and *poof* nobody's safe. We wouldn't know of the relative security of MD5 and the other SHAs if they weren't public.
Cryptography loves secrets, but it hates using obscurity to hide them. Anybody can dig through obscurity to find the prize. They want it provably, mathematically difficult to extract it when everything but the secret (not obscured) key is known. Anything else is relying on luck, which is not acceptable.
Hence that's why NSA and super secret orgs don't release their algorithms for creating a hash.
It's nice for a warm fuzzy, but there's no way they're relying on that obscurity for protection. Oh, and the NSA created the SHA algorithm.
Explain to me how hashing a two gigabyte file into a 32-byte text string can still contain the original data.
Bull. Where is my password written down? Are you going to kidnap and beat me to find out?
MA has a requirement for two types of documents: archival and editing. PDF achieves the first, ODF achieves the second. But I still wouldn't be surpised if Microsoft somehow used its muscle to make MA back down from open documents.
Please tell me what outside force prevents Microsoft from simply adding ODF support to Office, thereby continuing as a qualified vendor.
We don't care about the secrecy (not obscurity) of your password. But we do like that you used obscurity instead of mathematical surety to protect the data that your password unlocks. All ciphers based on obscurity (learn the trick and you got all the data), such as ROT-13, are dead in any practical sense.
You're talking in circles. First you said anyone could dig through obscurity and find my password, now you say you don't need to. Bottom line, only I still know where it is and what it is.
You're just wrong on this point. Ever hear of lophtcrack? There are more. Also weren't you on that salting thread? If I know how to create the hash I can brute force it.
and the NSA created the SHA algorithm....only to find out that those who do have access to the algorithm found it was breakable long ago.
Things that make you say hmmmmmm.... Think about it ;-) Ever think NSA may have known how to break it for a while before the rest of the world got on?
Also I bet the NSA is using their own obscure algorithm.
Maybe the same force that stops the state from writing their own plug-in to do the same.
hoewever it's moot now as office will suppport PDF.
Of course it depends on the system you're talking about. If you are doing public key encryption, then you do need a public key for people to encrypt to (but that's not used to get at data, only to encrypt it), and a private key to read it. The private key is the one that's important. If you enter that key in every time (but it's kind of long), the authentication is the fact that the key properly decrypts the data. You must be thinking of secret passphrases that you use to get into the program that holds the actual key for you (easier to remember a small passphrase than a 1024-bit key).
For authentication, you may be thinking of the feature of public key encryption that lets you sign and authenticate documents. This isn't hiding or protecting data from disclosure, merely verifying it.
They use the same basic architecture as SHA-1, but have longer words and a few other small internal differences. They are also NIST standards.
Why should the state pay?
hoewever it's moot now as office will suppport PDF
For archiving and forms. What about easily editable documents?
The boogieman!
Boo!
Those guess input values until they get a matching hash. You were wrong, it is absolutely impossible to get the original value from a one-way hash. To even think it possible shows you know nothing of how hashes work.
The worst thing that can happen for a hash is to be able to calculate another input value that will achieve the same hash output. You have no hope of finding the original.
Things that make you say hmmmmmm.... Think about it ;-) Ever think NSA may have known how to break it for a while before the rest of the world got on?
They released SHA-0, found a vulnerability, and soon after released a fixed version, SHA-1. Don't forget, these algorithms are for them and all our government to use. There is no way they would put the security of our country in jeopardy by purposely issuing a flawed algorithm. If they can find the flaw, then somebody else can.
No, I said anyone can dig through obscurity to find the protected data. Nobody can easily surmount the huge mathematical problems inherent in breaking modern encryption even when the algorithm is known (at least until quantum computers get bigger).
As far as passwords, I did offer that you could obscure your password (obscurity works, right?) with ROT-13 and give it to us.
It's not clear at all that this point is moot, because it does not seem that Office will be able to edit existing PDFs. It can only use this new PDF converter to create them, but any work-in-progress would have to be saved in a different format.
What are you a socialist now? Because it's their requirement. Besides if M$ adds that functionality that state and all the consumers will be paying for it. Or are you one of those that believe when you "pass" costs on to corporations that it doesn't impact the consumer? If you are...I believe the DU has an opening on their board.
Say what you want, you're the one exposed on this...and it's pretty harsh too. Just admit it that GE schooled you bad. Of course you'll never admit it because you've got too much invested in trashing him...by admitting you're wrong will be too much for you.
Give me an MD5 hash for a 6 character password. I'll give you the password back.
How can I do this? It's because the MD-5 algorithm isn't OBSCURE. Now isn't that what we're talking about. You say obscurity has no role in security and I say it does.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.