I visited Chernobyl and Pripyat right before the first COVID19 breakout. Little did I know that Ukraine would be invaded at that time. I'm happy I got the opportunity and did it. The excursion was very interesting and thought provoking.
Of course not. If China could break modern encryption, that would be a state secret of the highest possible order, not something you'd piece together axiomatically on a message board from a policy pronouncement.
If they can frighten people into believing 256 bits isn't enough, interesting parties will self-select, by using stronger ciphers, aiding traffic analysis.
That was mainly my concern when I read the news. Its unlikely they are capable of doing that now, but they are certainly working hard on it, and people moving to 512 bit encryption before then will probably result in years of hard work down the drain. But it is still concerning that they even think that 256 bit encryption is crack-able in the foreseeable future.
It’s not that 256 bit encryption will be crackable soon. It’s that flaws in the implementation of the encryption algorithm will allow access to the partial key.
They probably realized that 256 bit is so ubiquitous already that it would be a major upheaval to all of a sudden regulate it. Seems like the intention could be forward looking to the future.
As others have pointed out this isn't practical on current hardware. However with quantum computers I've read that there are already algorithms which would make short work of it. What I'd be curious to know is whether the key length has any bearing on the speed of said algorithms.
My guess would be that key length scales the quantum algorithm time much less than it scales the possibilities. Like, as key length squares, execution time doubles.
I don't know. It's seems crazy that an algorithm wouldn't be affected at all by significant numerical increases.
Possibly yes, although it could also mean they are doing this now for the future. It makes sense because post-quantum symmetric encryption may need higher key lengths, although it is currently still believed that 256 bit keys should provide the equivalent of 128 bit classical keys.
256 bits is out of bounds for brute forcing for any realistic amount of hardware you throw at it. So either they have attacks on the actual algorithms that drastically cut down the complexity compared to a brute force attack, or this law doesn't do very much (other than perhaps pave the way for other laws).
"One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)
Given that k = 1.38×10-16 erg/°Kelvin, and that the ambient temperature of the universe is 3.2°Kelvin, an ideal computer running at 3.2°K would consume 4.4×10-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.
Now, the annual energy output of our sun is about 1.21×1041 ergs. This is enough to power about 2.7×1056 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2192. Of course, it wouldn’t have the energy left over to perform any useful calculations with this counter.
But that’s just one star, and a measly one at that. A typical supernova releases something like 1051 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.
These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space."[0]
It's worth noting that if those Dyson spheres were quantum computers (and we ignored light-speed delays even within single spheres) you'd only need to count up to 2^128, not 2^256 to brute-force a 256-bit key. Still well outside the realm of possibility for anything smaller than a Dyson sphere.
I read about the NSA (I believe, or another TLA) having identified some weaknesses in encryption algorithms (RSA I think, though again, memoria fragilis est), that means they could just about break some cyphertexts.
The context was that, although the agency was committed (hmm) to making cybersecurity better for US citizens, and thus helping the cryptography community to improve security, they felt OK exploiting weaknesses, so long as they thought it would be too difficult for others to do so too.
Sorry it's so hand-wavy, I'd love to find the article for my own sake, but busy/hard to google.
What budget? At 256 bits (and even far less) it's not a question of money. It's a question of energy. We don't have enough energy production to even execute a single repeating adding instruction that bit-flips 256 bits of data registers to just count up from 0 to 2^256-1, and even if we did we don't have computer setups capable of ingesting such energy. Never mind the fact that encryption rounds and result analysis increases the energy consumption some hundred orders of magnitude.
Timely. Great product that tracks what you are doing on your computer and automatically suggests billing rows for you. The company has a strong focus on privacy and is developed in Norway, which has fairly good privacy laws.
Moving closer to family so I need to change job. Applied to quite a few programming jobs in the nearby city. After probably 10-15 unsuccessful technical interviews with leetcode I've decided to go back to IT.
Now that I have kids and a house I don't want to spend hundreds of hours to learn this completely separate skill (leetcode) that I rarely if ever will get to use in my job and get no joy from.
I had a similar experience in my last dance with interviews.
Even when I got good enough to solve some easy/medium problems in interviews efficiently and faster than the average, I was still getting rejection letters. Kind of a waste of time when you can make so much solo these days, but interviewing is distracting because its like a full time job, while competing against the most driven people from Asia who trying to stand out against a very large population, while I'm just casually looking for a signing bonus for the year.
Basically the only data I have is that there is just a cap on what people are willing to pay me as an employee. Like they think much harder about approving me, than seems warranted. I start to think hmmm maybe I shitposted something on social media that nobody will tell me about.
But when I go down in asking comp range, the whole experience is completely pleasant and familiar again. That's kind of annoying. Makes me want to pay fees to professional groups under the hope that they can bus me though. Seems similar to stories I've read about random athletic clubs at Stanford all joining the same team at Facebook.
What kind of solo work do you mean? It seems to me like anything without some local client is getting into a global competition for peanuts, but I would be happy to be set straight!
You can launch DAOs that automate anything these days and take a small percentage from the users of it. Just automate any small aspect of what people do and auto-liquidate proceeds for USD* so that you aren't accidentally speculating on anything, your users can pay for the liquidation too.
*Your oracle server/cron job can incorporate a broker's API to get actual USD, your DAO can only get surrogates such as USDC which is redeemable 1:1 for USD at certain brokerages.
It's a boom town. Anybody can make 3x more than what a FAANG would pay annually, and that's being generous.
> Now that I have kids and a house I don't want to spend hundreds of hours to learn this completely separate skill (leetcode) that I rarely if ever will get to use in my job and get no joy from.
Great point and I do worry about the longer-term damage this leetcode-interviewing may do to the industry. Like any echo chamber, it perpetuates itself. So those who believe memorizing leetcode patterns is related to being a good programmer (it's not) will only hire those who are like themselves, making it worse and worse.
By the time the whiteboard leetcode craze started I was fortunately old enough and established enough that I never had to deal with that early in my career. And by now I have the confidence to tell anyone who wants to do that type of interview to go pound sand. But for younger engineers it's a huge problem so I worry.
Best we can collectively do is stop doing that type of interview. Instead interview people based on their experience and based on actual day to day job requirements (which is never to regurgitate algorithms on a whiteboard).
* network network network
* don't aim for the 1% of companies that have devs jumping to join them
If you can get an intro into a company, esp a one on the smaller size, with say 10-25 devs, you can sometimes skip the leetcode madness. Or, if you do a coding interview, it's more of a 'can this person navigate a codebase or comment on a PR'. That is to say, an interview closer to the real job.
The fastlane involves interviewing for jobs when you already have a job, to get ongoing signals of what others think you are worth as well as getting counteroffers to blindside your current employer in matching or beating.
Never interview for jobs when you don't have a job, if you can help it.
In tech this is even easier because some companies allow for standing offers that can last a year (despite other companies bluffing with 24 hour exploding offers), or they have matchmaking that last upwards of a year as well.
So you can literally keep your job or be laid off and the next employer never even knew but you already had the offer from them.
As many have argued before me. Bitcoin will probably not be useful as a every day currency, but more useful as a store of value and long term investment. There are other cryptocurrencies that are faster, have lower transaction fees, provide anonymity and are just as easy to use.
Do you want the adjective "stable" in there perhaps? Store of value:
> A store of value is essentially an asset, commodity, or currency that can be saved, retrieved, and exchanged in the future without deteriorating in value. In other words, to enter this category, the item acquired should, over time, either be worth the same or more.
