Posted on 10/05/2005 7:42:38 AM PDT by N3WBI3
[cue Jeopardy theme]
And I replied with: What is a liberal state gov't wasting taxpayers money to get revenge on a company they don't like?
Get the humor now?
It depends on your purpose. If you're guessing passwords, then a collision is effectively as good as the original. If you're trying to guess the original text, then you don't know. You have a very good probability that it is the original, but that's only a probability.
And you say I don't know encryption.
You demonstrate it, I merely point it out.
Yup. Wanna know a secret? There's a phrase in the MS license that forbids a competitor from using the schema to create documents :
You are not licensed to sublicense or transfer your rights.What this means is that you cannot create a program that implements this "free and open" format in terms of creating documents. Reading--perhaps, but not creating.
This essentially locks out all other vendors from competing with MS. That is what Mass is trying to avoid.
Adobe has no such restrictions on its PDF license. That's the difference.
No. I guess I'm not up on Redmond propaganda.
In the real world, there's no sense in what you've said.
Why on earth would you "need" the actual passphrase if you have one that is just as good.
A collision does in just about all respects = the passphrase. The scenario that I can think of is that you want the actual passphrase because you want to see if he used it on other systems (that use a different hashing algorithm).
But most hashes are designed to avoid collisions (well they are all designed to not have any, but as we see people find ways to find them).
So your position is that encryption is only for passwords? No one needs to encrypt documents? Hard drives? General information?
Microsoft may have patents and/or patent applications that are necessary for you to license in order to make, sell, or distribute software programs that read or write files that comply with the Microsoft specifications for the Office Schemas.
Except as provided below, Microsoft hereby grants you a royalty-free license under Microsoft's Necessary Claims to make, use, sell, offer to sell, import, and otherwise distribute Licensed Implementations solely for the purpose of reading and writing files that comply with the Microsoft specifications for the Office Schemas.
No that's not my position. But a collision would be just as good as a real passphrase to get to the info you're "cracking".
However, in the CONTEXT of our discussion we were discussing obscurity and it looks like we both came to reasonable agreement that obscurity is part of security (which was the original point). And all discussions were around making that point.
So you can try and find some other argument to pick apart.
Microsoft may have patents and/or patent applications that are necessary for you to license in order to make, sell, or distribute software programs that read or write files that comply with the Microsoft specifications for the Office Schemas.
Except as provided below, Microsoft hereby grants you a royalty-free license under Microsoft's Necessary Claims to make, use, sell, offer to sell, import, and otherwise distribute Licensed Implementations solely for the purpose of reading and writing files that comply with the Microsoft specifications for the Office Schemas.
This statement indicates a belief that the info you want lies unencrypted behind some sort of password/passphrase protection that is encrypted.
My point was that the actual information itself is encrypted. Collisions at that point are useless.
A "two-way hash" is a cipher. They only way these are commonly used today is in such things as Base 64 and other encodings and other mundane uses, and maybe for kids passing messages in class. No security whatsoever is assumed (except by the over-confident kids).
but let's just say it's not impossible to get back to the original passphrase
We may be having language problems here, but you can NEVER calculate the original from the hash. You can only guess and see if you got it right.
And don't forget that hashes aren't only used for passwords (need to guess the rather short original that matches the hash). They are common in the open source world when downloading programs to ensure you got what you think you got. To fool us, you would need an approximate-size file (up to DVD-size) with your malware in it that has a collision.
As I said, find some other argument to pick apart. This discussion is pertaining to obscurity and it's part in security. Are you saying obscurity has no part/role in security? If so, we need to talk. So far, 4 that once appeared to claim otherwise are now saying it does. Do you want to be the 5th?
How cumbersome, considering it could much more easily be done in ODF from start to finish.
Did you notice this phrase? Since licensees are not allowed to sublicense the EULA, how can 3rd-party developers (MS competitors) create a program to create MS XML formats and still allow 4th-party (Mass gov't) users to read those documents?
Personally, I hope that MS tells Massachusetts to shove it. Because, in the long run, this is going to cost taxpayers deeply.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.