Virginia is for Science Lovers?
May 3, 2010 3:44 PM   Subscribe

Shooting the messenger is not a good long-term strategy.
posted by mullingitover at 3:48 PM on May 3, 2010 [2 favorites]

Wouldn't it be nice to live in an impoverished, heavily armed, superstition driven theocracy... just like our founding fathers intended?

Let's have a second American revolution!
posted by ennui.bz at 3:48 PM on May 3, 2010 [14 favorites]

How can anyone say "office can neither confirm nor deny the existence or nonexistence of a pending investigation" with a straight face?
posted by JaredSeth at 3:50 PM on May 3, 2010

PZ Myers: "Cuccinelli is not pursuing a scientist because he did wrong, he is pursuing a scientist because he did not like the results he honestly got."
posted by Pope Guilty at 3:51 PM on May 3, 2010 [2 favorites]

Although honestly I support persecuting Michael Mann. Public Enemies was terrible.
posted by Pope Guilty at 3:54 PM on May 3, 2010 [8 favorites]

Well, now that he's caved on the great State Seal Breast Scare, I guess he just needed to maintain his normal levels of tilting at dumbass windmills.
posted by Navelgazer at 4:01 PM on May 3, 2010

This goof has left quite a trail of general wingnuttery.

Virginia must be proud!
posted by Max Power at 4:01 PM on May 3, 2010 [2 favorites]

Crazyness. Well, maybe this will be an opportunity to prove global warming in court, like with the Intelligent design trial in dover.
posted by delmoi at 4:03 PM on May 3, 2010 [1 favorite]

However, many of the papers who chose not to endorse Cuccinelli were critical of his right-wing views. According to the Virginian Pilot, “Cuccinelli’s election would bring embarrassment to Virginia, instability to the state’s law firm and untold harm to the long list of people who don’t fit his personal definition of morality.” The Washington Post echoed a similar sentiment, writing, “given his bizarre ideas, he would very likely become an embarrassment for the commonwealth” in an editorial titled "Mr. Cuccinelli's Bigotry"

They called it correctly: Cooch gave pins to his staff that modified the state seal (in place since 1776) to cover up Virtus' breast. He's John Fucking Ashcroft Jr.
posted by Halloween Jack at 4:03 PM on May 3, 2010 [2 favorites]

State Seal Breast Scare

Justice don't know her breast is bare because she's blind and also because its so warm in Virginia that she can't tell.
posted by Joey Michaels at 4:03 PM on May 3, 2010 [2 favorites]

All together now!
posted by Halloween Jack at 4:04 PM on May 3, 2010

Well, I'm not. I feel bad for not voting, but the Dem candidate for Gov was so piss poor that I didn't bother.
posted by empath at 4:04 PM on May 3, 2010

When I heard that they wanted all of his receipts for absolutely everything, my heart went out to him. I've tried to gather receipts for a lab before. It is enough to make you weep pitifully.
posted by sciencegeek at 4:10 PM on May 3, 2010 [1 favorite]

Justice don't know her breast is bare because she's blind and also because its so warm in Virginia that she can't tell.

Cute, but because I'm a pedant, it's Virtus on the seal, not Justice. After having vanquished Tyrranis. In reality, the troubling aspect of the seal isn't an errant mammary, but the fact that the motto is still, you know, most notable as Booth's words to Ford's Theatre after shooting Lincoln.
posted by Navelgazer at 4:11 PM on May 3, 2010 [1 favorite]

Cooch gave pins to his staff that modified the state seal (in place since 1776) to cover up Virtus' breast. He's John Fucking Ashcroft Jr.

No one tell him what his nickname means.
posted by Kirk Grim at 4:16 PM on May 3, 2010 [11 favorites]

How did this guy get elected?
posted by UseyurBrain at 4:22 PM on May 3, 2010

How did this guy get elected?

By Republicans?
posted by DU at 4:23 PM on May 3, 2010 [1 favorite]

JaredSet: How can anyone say "office can neither confirm nor deny the existence or nonexistence of a pending investigation" with a straight face?


Law School. Three years as a PR hack usually works too.
posted by Some1 at 4:24 PM on May 3, 2010

From Navelgazer's link:

His new statement also seems to have been prompted by those who have noticed that the historic seal he chose -- there were apparently several versions before the Virginia state seal was formally adopted in the 1930s -- was one that was in use during the state's Confederate past.

Well, there's a surprise.
posted by indubitable at 4:26 PM on May 3, 2010 [2 favorites]

Well, there's a surprise.

He's from New Jersey.
posted by stbalbach at 4:34 PM on May 3, 2010

Yeah, and bigots in Oregon revere the stars 'n' bars, stbalbach. Your point?
posted by kipmanley at 4:36 PM on May 3, 2010

This will yield lots of valuable information, because universities commonly retain copies of email accounts, including deleted mail, for people who left five years ago.
posted by ROU_Xenophobe at 4:36 PM on May 3, 2010

How did this guy get elected?

Democrats nominated a chump for Governor last year, nobody showed up at the polls.
posted by empath at 4:38 PM on May 3, 2010

More accurately, democrats nominated the guy from downstate instead of one of the two far more qualified candidates from NoVa because they thought that NoVa would come out to support the democrat no matter what, and that Deeds' downstate credentials would be enough to beat McDonnell.

It didn't work. Not even close.
posted by Navelgazer at 4:41 PM on May 3, 2010

So yeah, I guess pretty much what empath said, actually.
posted by Navelgazer at 4:42 PM on May 3, 2010

Virginia is in the middle of a state budget crisis. State universities have faced drastic cuts for the last two years and will certainly face more in 2011. The fact that they have found money to fund a hopeless investigation is salt in the wound that many of those same state employees have been asked to sacrifice pay or their very jobs.

This investigation has one object, keep Cucinelli's name in front of the base as looks for higher office.
posted by Verdant at 4:43 PM on May 3, 2010

The Democratic primary for governor was a 3-way mess, with Creigh Deeds winning after everyone decided Moran and McAuliffe had too much baggage to win "downstate." Deeds was outperformed by McDonnell and I suppose he managed to drag the rest of the pack of loonies along on his coattails.

It pretty much killed any hope I had of convincing my out-of-state relatives that NoVa isn't really in "The South." No, I wasn't thrilled with Deeds but I voted to avoid crap like this, for all the good it did me. No wait, actually this is worse than I thought it would be...
posted by JoanArkham at 4:51 PM on May 3, 2010

I am a Virginian. I apologize.

Cuccinelli is a theocrat (as is Gov. McDonnell), and they can both kiss my ass. I saw this circus coming before the election.

Democrats nominated a chump for Governor last year, nobody showed up at the polls.

Deeds was, indeed, a chump. But he got my vote; some of us showed up. "Modern" (I use that term loosely) Virginia has a history of schizo see-sawing between parties in elections.
posted by Benny Andajetz at 4:55 PM on May 3, 2010 [1 favorite]

Cucinelli isn't subpoenaing grants, he's subpoenaing e-mails from a few dozen scientists at UVa. Which doubtless include hundreds of e-mails sent to and from these scientists from other scientists around the world. And which will doubtless be leaked shortly after he receives them.

This is just a legal version of the CRU debacle.

Can we get climate scientists some encrypted e-mail clients now please???
posted by miyabo at 5:01 PM on May 3, 2010 [1 favorite]

"Democrats nominated a chump for Governor last year, nobody showed up at the polls."

Didn't anyone remember that elections are always about choosing the least-worst option?
posted by klangklangston at 5:10 PM on May 3, 2010 [2 favorites]

Encrypted emails can be subpoenaed too, which is why encryption is useless for keeping shit from the government.
posted by synaesthetichaze at 5:14 PM on May 3, 2010

If it's shown in court there was no wrongdoing on the scientists part, will it shut the rightwingers up?

Oh god why did I even ask it's so depressing
posted by mccarty.tim at 5:19 PM on May 3, 2010

In reality, the troubling aspect of the seal isn't an errant mammary, but the fact that the motto is still, you know, most notable as Booth's words to Ford's Theatre after shooting Lincoln.

C'mon. What's Julius Caesar, chopped liver?
posted by mr_roboto at 5:25 PM on May 3, 2010 [2 favorites]

To add to my previous comment, I guess you could just delete all of them (obstruction of justice) or say that you've forgotten your passphrase (perjury/obstruction of justice). I guess it depends on whether you're trying to legitimately keep info from investigators or just trying to stay out of trouble.

Plus, I'm pretty sure (note: not actually sure) that the reason the NSA examines all encryption algorithms in use in the US is so they can invent backdoors for them, or shoehorn something into the standard after the fact. Open source algorithms like blowfish might not be subject to this, but AES-256 and DES both were. This top-down style regulation of encryption is also why you sometimes have to alter that pesky export policy jar file in some java releases; encryption algorithms are (or used to be) classified as Military Technology and had actual laws against their import/export.
posted by synaesthetichaze at 5:29 PM on May 3, 2010

C'mon. What's Julius Caesar, chopped liver?

Et tu, Mister Roboto?
posted by joe lisboa at 5:32 PM on May 3, 2010

Can we get climate scientists some encrypted e-mail clients now please???

As a scientist who has the greatest sympathy for those scientists embroiled in the steaming pile of rubbish that is "Climategate", I don't think this is the way to go. As someone who receives public funding to do research intended to benefit the public, I think it would be wrong to hide my communication, thoughts, and data behind encryption. There should be no problem with being as open as possible. The problem with "Climategate" was, as always, that non-scientists with vested interests and political biases deliberately misrepresented the science that was being done. Encryption won't solve that, it will just deepen the pathetic conspiracy theories.
posted by Jimbob at 5:44 PM on May 3, 2010 [10 favorites]

I disagree, Jimbob. The problem is that these people had a massive number of emails that they could mull over and search for questionable terms. Encrypted email would mean that leaks would be smaller, meaning less chances they could find words as juicy to non-scientist conspiracy theorists as "hide the decline."
posted by mccarty.tim at 5:46 PM on May 3, 2010

There needs to be ramifications, preferably economic, when a state acts like this. The scientific community needs to be extra skeptical of any research coming out of a Virginia Commonwealth University, and institutions like the National Science Foundation should hesitate before sending any grant money there. With political interference, only bad science can result. Professors and PIs should not admit students coming out of a university receiving state funding in Virginia as graduate students or postdocs, since they've received a blatantly tainted education. Hospitals and Research Institutions shouldn't hire anyone from Virginia Tech, despite its phenomenal reputation, because scientists coming out of that state are conditioned to fear political retribution.

Ok, that's mostly a rash and unrealistic idea, but the reasons Republicans get away with this is because you can be such a successful idiot in the US. There's only positives! Its time the rest of us start pushing back, and showing that your reputation for supporting science actually means something.
posted by nowoutside at 5:48 PM on May 3, 2010 [3 favorites]

"Plus, I'm pretty sure (note: not actually sure) that the reason the NSA examines all encryption algorithms in use in the US is so they can invent backdoors for them, or shoehorn something into the standard after the fact. Open source algorithms like blowfish might not be subject to this, but AES-256 and DES both were. This top-down style regulation of encryption is also why you sometimes have to alter that pesky export policy jar file in some java releases; encryption algorithms are (or used to be) classified as Military Technology and had actual laws against their import/export."

I thought that PGP was still, well, pretty good. Or are you saying that they'd just subpoena the private key as well?
posted by klangklangston at 5:51 PM on May 3, 2010

What do you think the crazies are going to think when all the climate scientists start encrypting their emails? It won't do anything productive, and it won't do anything to reduce the conspiracy theorists.

(Fun side note: I do know some scientists who use encryption, but that's to keep away other scientists. Exoplanet hunting is a very competitive field.)


Another tangent: what we call AES in the US was invented by some Dutch folks who called it Rijndael, and it certainly doesn't have any NSA influence. DES is a different matter, but the current evidence show that NSA made DES harder to break, not easier.
posted by kiltedtaco at 5:52 PM on May 3, 2010

As a Virginian, I apologize. I voted against this guy, but there's only so much one vote can do. In this case, squat.

As for encrypting climate e-mails... I'm with Jimbob. The goal in e-mail ought to be to only say things you'd say in public. I don't care if you're a banker or a scientist: good e-mail hygiene is a duty.

This does, however, remind me of Lessing's essay "Against Transparency," which I thought was crazy when I first read it. More and more, I'm coming around to Larry's view.
posted by anotherpanacea at 5:52 PM on May 3, 2010 [1 favorite]

Yeah klang, as far as I know they'll just tell you to give up the private key/passphrase and if you don't hand it over you're going to jail. Again, it depends on your overall goal: if you just don't want to go to prison, encryption will not necessarily accomplish much for you. If you are actually trying to keep information from people, by all means encrypt away.

Most people aren't worried about keeping information from the government though, they're worried about jerks stealing their credit card number or something.
posted by synaesthetichaze at 5:56 PM on May 3, 2010 [1 favorite]

kiltedtaco, I thought NSA examined AES-256 for US usage and altered the standard much as they did with DES? If not, that's an error on my part, probably just remembering the DES thing and conflating it with AES in my memory.

Also, it doesn't surprise me that DES came out of NSA looking stronger, but I thought there were serious questions about whether it was compromised so NSA could eavesdrop/crack if they found it necessary ... it would probably be fairly difficult to tell if that were the case, though. It would make sense (not necessarily a good argument coming together here) if NSA shored up obvious weaknesses in the standard while creating obscure backdoors for their own purposes. This keeps out foreign governments while giving the US intelligence community the access they want.
posted by synaesthetichaze at 6:03 PM on May 3, 2010

Just think, if it weren't for Arizona, Virginia could have been the craziest most backwards ass teabagger state in the whole nation.
posted by T.D. Strange at 6:05 PM on May 3, 2010 [1 favorite]

OK, last encryption-related comment in this thread, hopefully... I was under the impression that the FIPS 140 certification process necessarily involved actually mucking around with the crypto modules that it certifies for government use... it looks like that's not the case, although it did happen with DES, it probably didn't with AES (as far as I can tell, just reading about it; I'm not an expert on crypto by any means, I only have cursory knowledge on the subject from working with unix)
posted by synaesthetichaze at 6:18 PM on May 3, 2010

And Florida's all, "Hey, we're crazy too! Look at us!"
posted by Mister_A at 6:23 PM on May 3, 2010 [2 favorites]

the reason the NSA examines all encryption algorithms in use in the US is so they can invent backdoors for them, or shoehorn something into the standard after the fact.

Actually, from what I remember reading, when the NSA has proposed changes to cryptography standards, they sometimes haven't been well-understood, but have been accepted. Only later did the mathematicians discover that the NSA's change significantly strengthened the algorithm against classes of attacks that they were only just then inventing.

From what I can tell, the NSA is one of the few agencies that's actually ahead of the private sector still, and so far, it appears they're using that expertise to make you safer, not easier to surveil. I assume they figure that the Chinese and Russians are as good as they are, and pushing a weak encryption standard on businesses will make America more vulnerable.

There are plenty of other agencies in the government that would love to foist weak encryption on you, but it doesn't look like the NSA is one of them.
posted by Malor at 6:30 PM on May 3, 2010 [2 favorites]

Another thing the NSA put out is SELinux, which is very difficult to administer, but which can strengthen a Linux machine running it enormously. There's an awful lot of eyes looking at that code, and I'm not aware of anyone finding any serious flaws with it yet.

It really does look like a good chunk of the NSA really is trying to make you safer, even from them. So far, at least, they've been very helpful. It'd be nice if SELinux didn't resemble rocket science quite so much, but maybe that's what it needed to do the job properly. Security is a very difficult problem, and the fact that the NSA's tool is also very difficult suggests that they're actually trying to solve it, not mislead you.
posted by Malor at 6:39 PM on May 3, 2010 [1 favorite]

synaesthetichaze: “I'm pretty sure (note: not actually sure) that the reason the NSA examines all encryption algorithms in use in the US is so they can invent backdoors for them, or shoehorn something into the standard after the fact”

This has been a rumor for years but there is no real evidence of it, at least not in a sneaky way. In fact to the contrary; when the NSA reviewed DES they recommended some changes which much later were revealed to make the algorithm more resistant to differential cryptanalysis — they didn't publicize that, though, because the technique wasn't public at the time. So they actually did the job they were supposed to do, which is to protect not only government but also civilian/commercial U.S. communications.

In contrast when they have attempted to weaken encryption standards it has generally been in a pretty obvious way, e.g. by limiting exportable key lengths. And they mostly seem to have given up on that.

The conspiracy theorists will of course claim that this is because the NSA has techniques so advanced they don't care about key length, but I suspect it's actually because they just realize that it's a losing battle against cryptography and attacking the plaintext at the endpoints is better (and leaves the adversary with a false sense of security) anyway.


But back on topic ... I think retreating into secrecy and encryption is completely the wrong way to deal with this. Like it or not, science in the U.S. depends on public funding, and there's a large segment of the population that is very suspicious of science. For a lot of reasons, science — which was once held in quite high esteem here — has fallen, or perhaps been pushed, into disrepute. Daring the public to take their funding and shove it, while satisfying, is not going to be productive. It doesn't matter whether "Climategate" was actually evidence of impropriety; it only matters that it carried the appearance of impropriety. That needs to be avoided in the future, even if it rankles. Less secrecy, more openness. Even if that means more arguments with the ill-informed axe-grinders, less of a "united front," arguing them down is better than trying to keep them from seeing the data and letting conspiracy theories fester.

The solution isn't encryption, it's having your out on a server somewhere with a public API. That may mean, in the case of climate science, that oil-company apologists have better raw data to mangle for their own purposes, but better to have an argument — which carries with it the possibility of winning the argument, or at least convincing enough of the public to keep the funding going — than just ceding the debate, which is what will happen if Science starts to retreat.
posted by Kadin2048 at 6:41 PM on May 3, 2010 [3 favorites]

Encrypted emails can be subpoenaed too, which is why encryption is useless for keeping shit from the government.

Not if you "forget" the key.
posted by delmoi at 6:46 PM on May 3, 2010

which is why encryption is useless for keeping shit from the government.

Not if you "forget" the key.

Or if you use hidden volumes?
posted by Jimbob at 6:53 PM on May 3, 2010

Also, Re: NSA paranoia, you can always multi-encrypt your stuff with other candidate crypto systems like blowfish, Ecliptic Curve algorithms, whatever.
posted by delmoi at 6:53 PM on May 3, 2010

scientists should quit comparing this to witch hunt.

The fact that science has proven that witches don't exist makes this an impossibility.

What they should call it though should employ the word asshat somewhere.
posted by pianomover at 7:27 PM on May 3, 2010 [1 favorite]

They called it correctly: Cooch gave pins to his staff that modified the state seal (in place since 1776) to cover up Virtus' breast.

Cooch's version is an update of the Confederate-era seal.
posted by kirkaracha at 7:53 PM on May 3, 2010

they deserve it after what they did to pluto
posted by anotherpanacea at 7:58 PM on May 3, 2010 [4 favorites]

delmoi: "Ecliptic Curve"

This must be that Korean cipher I've heard about.
posted by Joakim Ziegler at 8:09 PM on May 3, 2010

It is sad that even in the 21st century we have to put up with this sort of political animal. What happened to the idea of using science to get further ahead?

We had such a nice run of progress on all fronts. Literally everything about our 21st century life is better than any historical period of the past. Life only really stopped sucking for the average person a hundred or so years ago.

Asshats like this guy—with his religion-founded ideas that are oppositional to progress—are a damn embarassment. We can do better: it's supposed to be based on fair voting.
posted by five fresh fish at 8:11 PM on May 3, 2010

Plus, I'm pretty sure (note: not actually sure) that the reason the NSA examines all encryption algorithms in use in the US is so they can invent backdoors for them, or shoehorn something into the standard after the fact. Open source algorithms like blowfish might not be subject to this, but AES-256 and DES both were.

AES was built by content. Multiple entries were tested and tested again, until one, Rijndael, was considered the winner. BTW, the winner, Rijndael, was just as open source as Blowfish -- as were *all* of the AES contest entries. (indeed, Blowfish was made stronger and submitted to the same contest as Twofish.)

Indeed, I'd trust Rijndael now, far more than Blowfish and Twofish -- and I count two of the Twofish/Blowfish designers as good friends -- because the world has been trying to break AES since it was released.

With DES -- designed by IBM, the NSA did make a change to the S-Box that nobody understood. That's because, at the time, nobody in the public sphere had discovered differential cryptanalysis. When Eli Biham and Adi Shamir independently discovered differential cryptanalysis, they found that the numbers chosen for the DES S-Box were very significantly more resistant to this attack than random, or to the numbers that IBM had originally designed. This proved that this change by the NSA made DES significantly stronger.

Indeed, DES, despite the best efforts of every crypto guy in the planet, was never fully broken. There are a few attacks that are faster than brute force, but they required a huge number of plaintext.

In the end, what felled DES was the keysize. The original design was 64 bits, the NSA wanted 48 bits (they couldn't break it, but they could brute force it....) and the compromise was 56 bits. In 1980, this was unbreakable. 3DES is still perfectly strong, but computationally expensive.

I trust AES and 3DES. Both, properly implemented, are as strong as they need to be. I would strongly suggest you used AES-128, rather than 3DES, because of the computational costs -- you'll cut the load on your VPN concentrator in half if you use AES-128.

I just asked some famous crypto guy (Okay, Bruce) a simple question -- "Would you trust properly implemented AES-128 and 3DES over the next five years?" The answer was very quick. "Yes."

AES-192 and -256 are Moore's Law protection. Right now, they're serious overkill, but what felled DES was brute force. By the time you can, on average, brute force AES-128 in a day, it'll take you 2⁶³ days to do that to AES-192, and 2¹²⁷ days to do that to AES-256.

Indeed, AES was the first publicly developed crypto system to be certified by the NSA to encrypt secret and top secret information. However, the NSA requires the crypto implementation to be certified by them. Why?

Because the biggest way to lose in crypto is to screw up the implementation. All serious breaks on DES and AES have been on specific implementations that didn't implement the system correctly. The biggest example I can point to here is WEP, which implemented RC4 poorly -- not that RC4 was perfect, but the way WEP used it made it possible to discover the IV very quickly, which meant you could quickly extract the key.

Top Gear Top Tip: If you're using WEP, you're blocking honest people who just wanted to check email, but not bad guys who'd like to hide their tracks or read your email. Use WPA2 or WPA with AES, or just don't bother encrypting your wireless connection, because WEP is b0rken, period. (WPA with TKIP is broken too....)
posted by eriko at 8:18 PM on May 3, 2010 [8 favorites]

Well, I'm not. I feel bad for not voting, but the Dem candidate for Gov was so piss poor that I didn't bother.

That's the spirit that made America great!
posted by orthogonality at 8:25 PM on May 3, 2010 [3 favorites]

To add to my previous comment, I guess you could just delete all of them (obstruction of justice) or say that you've forgotten your passphrase (perjury/obstruction of justice).
posted by synaesthetichaze at 7:29 PM on May 3
This wouldn't even work, since most universities keep backups of pretty well everything, including all deleted emails.
posted by joannemerriam at 8:44 PM on May 3, 2010

Oh witchhunts...

Older women were only accused of being witches because they were wiser and had more practial "scientific" knowledge (midwifery medical techniques, chemistry knowledge in the forms of plant pharmies, etc) than the men in charge of the townships. [feminist and anti-religion statements redacted]

It seems to me that weak people in the government most fear people who are smarted than them. "Coochie" Cockinelly here is just a bully who wants to push around anyone who challenges his tiny, impotent, penis. I fear that scientists will become more and more of a bogey-man and ignorance becomes (more of) a virtue of conservatism. Especially as dogmatic, irrational sectarianism increases in America.

This is also damaging to scientific research because it make government grants unsafe. If a madman can suddenly put a researcher on the hook for a massive incomprehensible sum (any researches ever had as much money as a research grant provides? anyone?) then it is going to discourage research more than any health care reform. Government grants are critical to scientific research and it is very bad for delusional madmen to have any sort of say in that rational business.

It pretty much killed any hope I had of convincing my out-of-state relatives that NoVa isn't really in "The South."

I'm from NC currently in NY, my impression of VA is that it is a land of savage and dangerous barbarians like most of the south, but without the jazz superstars and delicious barbecue that the rest of the south is capable of.

AFAIK, the only safe option is to nuke it from orbit.
posted by fuq at 9:22 PM on May 3, 2010 [1 favorite]

You got to be pretty gullible to buy that first whitewash 'investigation'.
posted by HTuttle at 9:43 PM on May 3, 2010

I just asked some famous crypto guy (Okay, Bruce) a simple question -- "Would you trust properly implemented AES-128 and 3DES over the next five years?" The answer was very quick. "Yes."

AES-192 and -256 are Moore's Law protection. Right now, they're serious overkill, but what felled DES was brute force. By the time you can, on average, brute force AES-128 in a day, it'll take you 263 days to do that to AES-192, and 2127 days to do that to AES-256.

Actually, there's a major flaw in AES-256 and it may actually be weaker then AES-128, which doesn't have the same flaw (due to the number of rounds)
posted by delmoi at 11:01 PM on May 3, 2010

Actually, to my reading, that's a very strong attack against a variant form of AES-256 with fewer 'key rounds', whatever the heck that is, and one that requires that the cryptanalyst have some examples of both ciphertext and the plaintext it decrypts to. It allows the key itself to be attacked more readily than expected, but it gives no leverage when all the attacker has is ciphertext. So A) that attack doesn't break AES-256 as it's actually implemented in the wild, and B) it requires that the attacker have more data than most attackers would.

In practice, if you're already using AES-256, there's no reason to change. But it appears that the 'key round' part of the algorithm is so much weaker than it should be that, in actual practice, you may get comparable long-term security by using AES-128. The crypto itself is weaker in 128, but the algorithm is implemented better, so you end up at probably the same or better strength. Plus, AES-128 is faster than 256.
posted by Malor at 1:00 AM on May 4, 2010

You got to be pretty gullible to buy that first whitewash 'investigation'.

You have to be pretty gullible to buy that a right-wing economist/pundit knows more about climate science than a climate scientist.
posted by dirigibleman at 1:22 AM on May 4, 2010 [3 favorites]

Wow, I didn't mean to spur a massive derail on encryption. I'm sure encrypting messages wouldn't help much in hiding from the Feds, but it would have prevented the CRU attack and also this subpoena (since the subject is no longer in VA, the state AG doesn't have the power to subpoena his keys). And I do support making public as much scientific data as possible. I just think that things that are supposed to be public should be as public as possible, and things that are meant to be private should be as private as possible -- there shouldn't be a nebulous middle ground of data that isn't available freely on the Web, but is vulnerable to hackers, politicians in states you sent e-mails to, university e-mail sysadmins, etc.
posted by miyabo at 6:00 AM on May 4, 2010

What Malor says -- it's a very solid break on 11 round AES-256, but not 14 round. However, there's also the Crypto Security rule in play -- Attacks against a cryptosystem only get better.

I'm embarrassed, though, to have missed this attack entirely. :-)
posted by eriko at 6:12 AM on May 4, 2010

AFAIK, the only safe option is to nuke it from orbit.

What needs to happen is for Fairfax, City of Alexandria, and Arlington to secede from VA, and form a new state with DC and maybe a few MD counties. We can call it New Washington or something. DC gets a vote, we get to keep our lovely tax dollars away from Richmond, and everybody wins!

Our state flag will have full frontal nudity.
posted by JoanArkham at 6:57 AM on May 4, 2010 [1 favorite]

Re: Nutbars in office.

Someone needs to become the new Cato. Instead of ending every speech in the Senate with: "Carthage must be destroyed!" They'll end every post to every thread with:"Campaign financing must be reformed!" -- like a signature.

Until it is reformed, the heart of the Democratic party will be treated as the fringe, and the people most friendly to those who have the money will continue to be nominated.


Truly, truly it is the elephant in the room.
posted by Trochanter at 7:50 AM on May 4, 2010

What needs to happen is for Fairfax, City of Alexandria, and Arlington to secede from VA, and form a new state with DC and maybe a few MD counties.

I nominate Montgomery and PG. That would be an awesome state.
posted by empath at 7:58 AM on May 4, 2010

What needs to happen is for Fairfax, City of Alexandria, and Arlington to secede from VA, and form a new state with DC and maybe a few MD counties. We can call it New Washington or something. DC gets a vote, we get to keep our lovely tax dollars away from Richmond, and everybody wins!

Please take those of us in Eastern Loudoun too! We'll bring along plenty of liberals, technology, and an international airport. Some in Western Loudoun have been trying to secede from us anyway.
posted by candyland at 12:08 PM on May 4, 2010

I'm in Fairfax county and more than happy to give up anything south of the Occoquan River.
posted by matty at 12:22 PM on May 4, 2010

Okay, we need a name for our little secessionist movement.

Someone start a facebook page!
posted by empath at 12:42 PM on May 4, 2010

Man, what would us Northerners (and enlightened individuals from other regions) call ourselves in a succession? We can't call ourselves Unionists, as we're trying to shred the Union for own good. And being Yankees will alienate Mets fans, who will be vital in the war effort.
posted by mccarty.tim at 1:00 PM on May 4, 2010

The great State of Fairfax would never deign to do anything more than sneer in the general direction of DC, unless some sort of occupation were involved.

Annexing Arlington and Alexandria, though, that I wouldn't put past them.
posted by Kadin2048 at 1:18 PM on May 4, 2010

I nominate Montgomery and PG. That would be an awesome state.

PG's is kind of a nightmare town though. It could be done without.

New Columbia would be the smallest state by square miles, but it'd be 32nd by population, and have 4 representatives.
posted by kafziel at 10:02 PM on May 4, 2010

PG's is kind of a nightmare town though. It could be done without.

How so?
posted by peeedro at 6:15 AM on May 5, 2010

Basically that their police department has a long history of being one of the worst in the country. When video cameras were installed in the interrogation rooms, suddenly all the "free and voluntary" confessions they'd gathered were inadmissable after the video was presented to the court. It took years before the cops figured out that what they were doing was even something they had to hide - they still don't understand that beating someone until they sign a confession is something they shouldn't do.
posted by kafziel at 7:58 AM on May 5, 2010

kafziel, nobody is going to make you move there.

But if we're going to play the hypothetical state game, including PG County in New Columbia (or whatever) is a win-win situation.

What PG County brings to the table: Fort Meade, Andrews AFB, NSA, and Goddard Space Flight Center (to concentrate the advantage of federal and federal contract jobs); University of Maryland College Park and University College; a tighter cooperation on regional issues including beltway traffic, WMATA (including the upcoming Purple Line), homeland security issues, Chesapeake Bay and Anacostia River environmental issues, water and wastewater treatment, etc; it's in the 1% of US counties with a AAA bond rating; lots of open space for development/redevelopment including large open plots along green, orange and blue metro lines. PG is undeniably in the same economic, environmental, and cultural region as DC NoVa jurisdictions and has a greater potential for growth than most.

What PG would gain: as the second richest county in Maryland, PG does not get the oversight and tough-love it needs from Annapolis. This leads to many problems, including the awful police force and tepid county executive we currently have. As a small fish in a small pond, instead of a big fish in a small pond, I see PG County Government pushed to be more accountable and serve its people better from both above and below.
posted by peeedro at 1:34 PM on May 5, 2010

I keep passing this thread in Recent Activity and feeling really bad about myself. ;)
posted by Pope Guilty at 9:01 PM on May 7, 2010