This is Luther Martin's Typepad Profile.
Join Typepad and start following Luther Martin's activity
Join Now!
Already a member? Sign In
Luther Martin
Cupertino, California
Information security professional specializing in cryptography and its applications
Recent Activity
But it was here a year and a half ago, wasn't it?
Toggle Commented Nov 22, 2012 on A clever use for U+202E at Superconductor
An alert reader of my thoughts on vanity key sizes sent me a link to a web page that describes exactly how serious the creep in clothing sizes has been. From this page: A woman with a 32-inch bust would have worn a Size 14 in Sears’s 1937 catalog. By 1967, she would have worn an 8, Ms. Zulli found. Today, she would wear a zero. Holy cow! I'm not sure how many bits of useless padding in a cryptographic key that would correspond to, but it's almost certainly more than just a few. Continue reading
Posted Nov 13, 2012 at Superconductor
Our marketing people, in collaboration with InformationWeek and PricewaterhouseCoopers, are doing a webinar that will probably be of interest to you if you're interested in high-level, big-picture issues related to data-centric security strategies. It's probably fairly well known now that there are three big trends that are driving enterprises towards data-centric security strategies: mobile devices, cloud computing and offshoring. And while it's easy to talk in vague generalities about data-centric security, it's a bit harder to get details about exactly how you might actually implement it and how it can fit into your long-term data protection strategy. But that's exactly... Continue reading
Posted Oct 23, 2012 at Superconductor
Our marketing people were just looking at the output of whatever web site analytics tools that they use and they came to the conclusion that this attempt at humor was absolutely NOT funny at all. Oddly enough, their same analysis showed that my other quantum mechanics jokes actually were funny. Continue reading
Posted Oct 17, 2012 at Superconductor
While thinking about how I suffered through several years of Latin in school, like I mentioned in a previous post, I was reminded of how surprised I once was while reading the Aeneid. There's a place where (IIRC) Mercury delivers some sort of important message to someone and then vanishes into thin air. What surprised me when I read this was that the Aeneid describes how Mercury vanished the exact same way that I just did - "into thin air." The only difference was that "into," "thin" and "air" were their Latin equivalents instead of English. This was a bit... Continue reading
Posted Oct 16, 2012 at Superconductor
Here's a quick reminder that the X9F4 meeting will be at Voltage this week. If you're an X9 member and in the Bay Area this week, feel free to stop by and visit. And help us get through some of the documents that we need to work on. If you're unfamilliar with the X9F4 workinng group, here's how the X9 web site describes what they do: WGF4 - Cryptographic Protocol and Application Security The X9F4 working group focuses on drafting security standards for the proper implementation and evaluation of protocols and technologies for the financial services industry. One of three... Continue reading
Posted Oct 15, 2012 at Superconductor
Perhaps because I suffered through several years of Latin in school, I know that e.g. stands for exempli gratia ("for example") and that i.e. stands for id est ("that is"). Most people, however, were lucky enough to avoid taking Latin so they never had to memorize passages from the Aeneid and poetry by Horace. (I've long forgotten almost all of the Latin grammar than I once knew, but I can still recite the passages that we had to memorize.) They also often don't know what "e.g." and "i.e." stand for, and this can sometimes lead to confusion, particularly when it... Continue reading
Posted Oct 12, 2012 at Superconductor
Although I understand that it's important to find and patch OS issues, it still makes me feel a bit uncomfortable to see the message: Applying update 4771 of 4771 Like I saw yesterday. Continue reading
Posted Oct 11, 2012 at Superconductor
When I recently had to buy some new pants I learned that one of the social contracts that let human civilization move from the Stone Age to the Information Age apparently didn’t survive past the end of the twentieth century. In particular, it used to be the case that men would do the dangerous jobs like being hunters and warriors and in return they got clothing sizes that actually corresponded to their body's measurements. So if you had a 32-inch waist you could count on pants labeled as for a 32-inch waist to fit you. This is apparently no longer... Continue reading
Posted Oct 10, 2012 at Superconductor
I just came across an interesting study by CheckPoint that seems to show some interesting generational differences in attitudes to information security. The bottom line seems to be that people seem to take information more seriously as they get older and that Gen Y people are a bit overconfident in their abilities when it comes to information security. Continue reading
Posted Sep 17, 2012 at Superconductor
For a while now I’ve been predicting the eventual transition to College 2.0, a dramatic change in the way that colleges operate because of the influence of on-line classes. When I was in graduate school, our department’s funding was, in large part, based on how many students we taught. If that’s how funding is allocated, classes like freshman calculus, chemistry and physics bring in lots of money. They’re also probably the classes that are most easily moved to purely on-line versions, and the economic pressures on higher education will probably make this transition inevitable. And it will almost certainly greatly... Continue reading
Posted Sep 12, 2012 at Superconductor
Congratulations to the alert reader who noticed the pattern in the typos in blog posts that I was using as a covert channel. I really didn't thnk that anyone would notice that. I'll have to be even more subtle in the future. I've always meant to encode a message in a post using a variant of Bacon's biliteral cipher. Maybe I'll try that next. Continue reading
Posted Sep 11, 2012 at Superconductor
I'm learning all sorts of interesting things in the Coursera class that I'm taking now - like exactly how you could do attacks on both public-key and symmetric-key encryption using quantum computers. But some of the more interesting things that I've learned have been totally unrelated to the class. In particular, some of the random discussion on the message forum for the class has been very enlightening. Now quantum mechanics is fairly math-heavy. In particular, it uses lots of linear algebra, and if you're not fairly comfortable with linear algebra you'll probably have a very hard time with the actual... Continue reading
Posted Sep 10, 2012 at Superconductor
In a demonstration of good judgement, NIST has changed the abbreviation of the Identity Ecosystem Steering Group from IESG to IDESG. (The original abbreviation collided with that of the more-well-known Internet Engineering Steering Group.) I'm still unsure of the chances of success for the IDESG. On one hand, the participants certainly seem to be very motivated to do good and useful work. On the other hand, the fact that there seems to be a steady stream of press releases about the activity of the group leads me wonder if the IDESG will turn out to be nothing more than an... Continue reading
Posted Sep 7, 2012 at Superconductor
Information security is an exercise in managing the risks that come with modern IT systems. This is much harder than it might sound at first because the behavior of people isn't always like you'd expect it to be. In particular, when people feel safer from one risk they may increase other risks to keep their overall level of risk at roughly the same level. There's been an ongoing debate for several years, for example, over whether or not using seatbelts actually saves lives. Some experts claim that they do. Others claim that drivers feel safer wearing seat belts and then... Continue reading
Posted Sep 6, 2012 at Superconductor
Free WiFi access in shopping malls is a great thing - it lets you watch TED talks as an easy way to kill time. I recently did this and watched Bjorn Lomborg's talk about the Copenhagen Concensus on Climate. The application of this idea to information security seemed too obvious to not comment on. The Copenhagen Concensus on Cllimate applies the principles of economics to climate change. It assumes that climate change is real and that it's going to cause lots of problems. And because there simply aren't enough resources to address all of the problems, it tries to prioritize... Continue reading
Posted Sep 5, 2012 at Superconductor
A recent article in The Economist notes how Kenya's M-PESA mobile payments system has been fairly successful: IN 2007 Safaricom, the biggest mobile operator in Kenya, launched M-PESA, a service that allows money to be sent and received using mobile phones. It has since signed up 15m users, is used by 70% of the adult population and has become central to the economy: around 25% of Kenya’s GNP flows through it. I find it very interesting that over a quarter of Kenya's GNP is now handled by mobile payents. That may be the first clear evidence that the technology is... Continue reading
Posted Sep 4, 2012 at Superconductor
An alert reader pointed me to the web site of the book that I mentioned in a previous post. It turns out that the book is The Cryptographic Shakespeare, and that copies of the 2,000-copy print run in 1987 are readily available at reasonable prices if you look around on the Internet a bit. On the other hand, most of the content of the book actually seems to be available on the late author's web site. And it even looks like there was a subsequent book written on the same topic - The Second Cryptographic Shakespeare! Continue reading
Posted Aug 30, 2012 at Superconductor
"The time has come," the Walrus said, "To talk of many things: Of shoes--and ships--and sealing-wax-- Of cabbages--and kings-- And why the sea is boiling hot-- And whether pigs have wings." Lewis Carroll, "The Walrus and the Carpenter" Or, as was recently announced in the PKIX working group of the IETF: As you may be aware, the IETF's PKIX working group will be wound up some time in the next few months. The members of PKIX have worked hard over the last 16 years to define how PKI should be practiced in large and extended enterprises. That work is now... Continue reading
Posted Aug 29, 2012 at Superconductor
Just in case you're looking for a good opportunity to learn interesting stuff about cutting-edge information security technology, but happen to be in the 99% or so of people who really don't want to slog through the math required by the Coursera class in Quantum Mechanics and Quantum Computation, there's another Coursera class starting soon that you might be interested in. This class is Security Digital Democracy. It's essentially about exactly how secure (or non-secure) our current e-voting technology is. Here's the summary of the class from it's web page: Computer technology has transformed how we participate in democracy. The... Continue reading
Posted Aug 28, 2012 at Superconductor
I came across yet another article about how companies can't find people to meet their information security needs. This time it's in Information Week, and here's what it says (citing a Forrester report): Almost two-thirds of businesses say their information security departments are understaffed, and 51% say they can't find people with the required security skills. Yet again, I'd recommend that anyone having this particular problem read the excellent book Why Good People Can't Get Jobs: The Skills Gap and What Companies Can Do About It. It essentially says that HR departments are the source of the problem. And because... Continue reading
Posted Aug 27, 2012 at Superconductor
It's good to be reminded from time to time that information security addresses the availability of data in addition to its confidentiality and integrity. I was reminded of this when I read about Amazon's Glacier low-cost storage service: Amazon Glacier is an extremely low-cost storage service that provides secure and durable storage for data archiving and backup. In order to keep costs low, Amazon Glacier is optimized for data that is infrequently accessed and for which retrieval times of several hours are suitable. With Amazon Glacier, customers can reliably store large or small amounts of data for as little as... Continue reading
Posted Aug 24, 2012 at Superconductor
On a mailing list that discusses the works of P. G. Wodehouse I just saw a link to a story about how some actors are convinced that Shakespeare didn't actually write the plays that are usually attributed to him, which reminded me of one of the more unusual uses that I've seen for cryptography. Several years ago I bought a copy of a self-published book that claimed to use cryptography to prove that Bacon was the real author of Shakespeare's plays. The proof of this consisted essentially of running various passages through relatively simple decryption algorithms and noting that in... Continue reading
Posted Aug 23, 2012 at Superconductor
I just came across an interesting article on the Wall Street Journal web site. This article was talking about the problems that Japanese manufacturers have had in getting sales for their wireless handsets outside of Japan. These devices are apparently known as "Galapagos phones" because they're unique creatures that don't interact with the outside world. At which point I realized that the same term applies to X.509-based public-key infrastructure. PKI works just fine for things like SSL/TLS, but it seems to fail miserably in cases where users need to interact with lots of people outside a closed environment. Fortunately for... Continue reading
Posted Aug 22, 2012 at Superconductor