The tools are fully interactive, which means no settings the parameters and clicking refresh on the graph. You drag the sliders, and while you drag the graph changes. It looks like they use amCharts and Tableau to power their site.

First, WebKit does not power “nearly every relevant browser and engine used today”. WebKit does have the mobile space locked up: Android, iOS and WebOS all use WebKit for their mobile browsers. Windows Phone 7 does not. However, on the desktop, WebKit is a distant third. Trident (the IE rendering engine), and Gecko (the Firefox rendering engine) both have a larger share of users than WebKit. Matt’s statement is misleading at best.

Secondly, there was no mention at all of where WebKit came from. It was not born in Cupertino. WebKit was forked from KHTML and KJS, part of the KDE project (yes kids that’s linux). Matt linked to the first changeset in the WebKit repo, here’s the 4^th changeset, with a pile of KHTML code.

There is no doubt that WebKit is the best open source rendering engine out there, and Apple did most of the work to make it that way. Here’s my nod to the KDE project for getting that all started, since neither Drance or Gruber gave any props.

Cryptographers (those who practice the art and science of keeping messages secret) always assume that the attacker knows all the details of the encryption algorithm, like having the source code to the encryption software. They also assume the encryption keys are random. Given those assumptions, there are three basic ways for an attacker to get the cleartext of an encrypted message. The first way is to try all of the available encryption keys, knowing that one of them has to be the one that will expose the contents. This is called a brute force attack. The second approach requires exploiting some flaw in the encryption algorithm to eliminate large numbers of potential keys without actually having to try them. The third way would be to get the key or the cleartext via some other method, like stealing the disk from the server that contains the key. If you can’t keep your keys or cleartext safe then it doesn’t matter what encryption algorithm you use. Cryptographers consider an algorithm broken when there is a way to attack it that is faster that brute forcing all of the available keys.

Background on AES

On Jan 2, 1997, the National Institute of Standards and Technology (NIST) announced they were interested in choosing a successor to the Data Encryption Standard (DES). This newly selected algorithm would be known as the Advanced Encryption Standard (AES). Eight months later, after reviewing public input on how the new algorithm should be chosen, they solicited block ciphers supporting key lengths of 128, 192, and 256 bits. They received 15 submissions.

For the next three years, the new algorithms were investigated by cryptographers and performance tested in a variety of settings both software and hardware. In late 2000, Rijndael was announced as the winner, and a year later AES was approved as FIPS PUB 197. There are three authorized variants of Rijndael defined in AES that differ in the key length and the number of rounds: 10 rounds for 128 bit keys, 12 rounds for 192 bit keys, and 14 rounds for 256 bit keys.

In June 2003 the NSA announced that any official variant of AES was secure enough to protect classified information up to the SECRET level; TOP SECRET information requires the use of 192 or 256 bit keys.

Brute Forcing AES

So how long would it take to brute force attack a message encrypted with AES using a 128 bit key? It would of course depend on how fast of a device you were using. In June 2011 TOP500 updated their list of the fastest super computers in the world. The fastest one, the K Computer, can do 8,200,000,000,000,000 (8.2 quadrillion) calculations per second. According to the Wall Street Journal (article requires login, google it to get the whole thing without logging in), this device cost $1.25 billion to construct. Let’s borrow it for our attack.

During the NIST selection process, the various algorithms were benchmarked carefully for encryption speed. That paper doesn’t specifically address decryption speed, but it does have one relevant nugget: Rijndael, the eventual winner, takes 1400 clocks to set up a decryption key before you can even try and decrypt anything. For this example we’ll sprinkle pixie dust over the K Computer and speed it up by several orders of magnitude so it can setup a decryption key and decrypt the ciphertext using all 10 rounds of AES-128 in a single clock cycle (or calculation as they are called in the TOP500 list).

Using this now magical device, we could brute force a 56 bit key (the old DES standard used 56 bit keys) in 2⁵⁶ clock cycles, which would take 8 seconds.

Brute forcing a 128 bit key using this device would take 1,315,888,179,366,587 (1.3 quadrillion) years. That’s the same as 1,315,888 billion years. Current scientific models predict the universe to be 13 billion years old. The times required to brute force 192 and 256 bit keys are astronomically larger.

But AES is broken right?

When talking about the cryptanalysis (the art of deciphering coded messages without the key) of AES, it’s important to remember the definition of AES. AES requires the Rijndael algorithm used with a block size of 128 bits and one of the following key lengths and number of rounds: 128 bit key for 10 rounds, 192 bit key for 12 rounds, or a 256 bit key for 14 rounds.

There have been several published breaks of the Rijndael algorithm, many of them require a reduced number of rounds from those specified in AES. In 2009, two significant breaks of AES-192 and AES-256 were published. These attacks exploit the weak key schedule of AES-192 and AES-256 that is not present in AES-128. The best of these breaks on AES-256 reduces the complexity of the attack from 2²⁵⁶ to 2¹¹⁹, a substantial decrease. Nevertheless, it is still not a practical attack. Our magical cracking device would still take 2.5 trillion years to recover an AES-256 key.

The new Biclique Cryptanalysis my co-worker was worried about describes a key recovery attack that works against all three variants of AES. It’s different than most of the other published attacks in several important ways. In many of the other breaks, the attacker requires the use of several different keys which have some sort of mathmatical relationship. These related-key attacks tend to be less practical to implement. Having said that, the Wired Equivalent Privacy (WEP) scheme used in WiFi networks failed because of a related-key attack. The algorithmic weakness was combined with a poor implementation that didn’t use a random key. The new attack is also unique because all three AES variants are affected, it is a different attack vector than the key schedule weakness in AES-192 and AES-256.

In the abstract of the new paper the authors state:

As our attacks are of high computational complexity, they do not threaten the practical use of AES in any way.

So what do they mean by “high computational complexity”. When applied to AES-128, they reduce the computational complexity from 2¹²⁸ to 2^126.1. Instead of taking 1.3 quadrillion years, our magical cracking supercomputer would only need 328 trillion years.

So now what?

There are still no known practical attacks on AES, there is still plenty of safety margin on all three AES variants. Bruce Schneier, a widely recognized security expert, weighs in on the new attack:

And for new applications I suggest that people don’t use AES-256. AES-128 provides more than enough security margin for the forseeable future.

There is no need to have NIST call for new algorithms and choose a new standard and there is certainly no need for my colleague to switch from AES to Serpent. Even so, attacks always get better, they never get worse.

Maybe we can teach our magical supercomputer how to steal someone’s password.

North Face of the Eiger
Source: Wikipedia Author: Terra3

The North Face of the Eiger. You’ve probably heard of this 3,970m (13,025 feet) mountain in the Swiss Alps. The gentler western flank was first climbed on August 11, 1858. The first attempt on the north face was made in 1934, but they turned back before reaching the summit. Two Germans got trapped in a snowstorm in 1935 and froze to death at a place now known as “Death Bivouac”. In 1936, four climbers set out but they got stuck in bad weather, and three of them were swept away by an avalanche. A rescue party of three seasoned guides set out to bring back Toni Kurz, the remaining climber. The guides got within shouting distance but Toni had to spend an extra night on the mountain and got frostbite on one entire hand and arm. The next day Kurz got stuck on the top side of an unclimbable overhang and slowly froze to death with the rescuers close enough to touch his crampons with their ice axes. The next year, despite being caught in an avalanche as they climbed “the Spider”, Anderl Heckmair, Ludwig Vörg, Heinrich Harrer and Fritz Kasparek hung on and reached the summit via the north face on July 24, 1938. It took them 3 days to get there, and they were forced to descend in a raging blizzard.

At least 64 people have died since 1935 climbing the Eiger. The perilous north face has a German nickname: Mordwand, which means “death wall”. In 1912 a railway line called the Jungfraubahn opened with most of it’s track running in tunnels through the Eiger and it’s neighboring mountain the Mönch, but that’s a story for another time (lots of people died building the railroad too). Most serious mountaineering is done in the summer months, when the temperatures are warmer and the threat of storms is somewhat less. The dangers of rockfall are so great on the Eiger that it’s safer to climb before the ice melts, because there are fewer falling rocks.

Ueli Steck climbed the North Face of the Eiger. Alone. In 2 hours 47 minutes 33 seconds.

He used the same route as Heckmair, sometimes called the Classic 1938 route, which because of the zigzagging back and forth requires 4,000 meters of climbing. Steck averaged nearly 24 meters per minute. After an adrenaline filled couple of hours, where a mistake means you fall 1,000 meters to your death, with lungs burning from the run/crawl to the summit, Ueli says (with typical Swiss understatement) “It was a good moment.”

Each blue dot represents a metropolitan area, and it has a value that makes it line up with the vertical axis. If you click through to the actual site, you’ll note the city and the value appear when you hover over a blue dot. This unique method of presenting information makes it trivial to see who the outliers are, and also clearly exposes the distribution of values amongst the field. Note also the high data-ink ratio; there is very little on the page that doesn’t convey useful information.

The colors are a bit loud for my tastes, but this is an excellent graphic. It cleverly combines market share by both hardware manufacturer and operating system into a single, easy to understand graphic. There is no chartjunk. You can look at the graphic without reading the article and instantly understand what they are trying to convey.

This is a great example of a duck, Edward Tufte’s moniker for a graphic whose overall design purveys graphical style rather than quantitative information. The aged paper border, the flagged elephant in the background, and the horrible choice of elephants and the letter “T” for the data points lower the data-ink ratio considerably. Most of the ink in this graphic could be removed with no loss of data-information. Weak tea indeed.

In 1759 a kid was born in Scotland who would change the way we consume information. By the age of 18, William Playfair was a draftsman for James Watt, the guy who didn’t invent the lightbulb but somehow got his name on every bulb sold (sorry Edison). Playfair tried silversmithing, stormed the Bastille during the French Revolution, and started a bank. In between he wrote pamphlets and developed a taste for economics.

In 1786 he published The Commercial and Political Atlas which was the first major work to contain statistical graphs; 43 time series plots and the one bar chart, the first one ever published. Fifteen years later his Statistical Breviary introduced the first pie chart. Playfair wrote:

Information, that is imperfectly acquired, is generally as imperfectly retained; and a man who has carefully investigated a printed table, finds, when done, that he has only a very faint and partial idea of what he had read; and that like a figure imprinted on sand, is soon totally erased and defaced. The amount of mercantile transactions in money, and of profit or loss, are capable of being as easily represented in drawing, as any part of space, or as the face of a country; though, till now, it has not been attempted. Upon that principle these Charts were made; and, while they give a simple and distinct idea, they are as near perfect accuracy as is any way useful. On inspecting any one of these Charts attentively, a sufficiently distinct impression will be made, to remain unimpaired for a considerable time, and the idea which does remain will be simple and complete, at once including the duration and the amount.

Statistical Breviary, p. 3-4

And from that eloquent beginning we now have the Excel Chart Wizard. William Playfair would be disappointed.

$ sudo aptitude install ia32-libs lib32asound2 lib32gcc1 lib32ncurses5 lib32stdc++6 lib32z1 libc6 libc6-i386

I have only tested this on Jaunty, so I can’t promise it works on earlier releases, but it’s lots easier than the manual unpacking stuff on Adobe’s page.