DH-1024 in Bitcoin terms

The recent paper on Diffie-Hellman "precomputation" estimates a cost of 45-million core-years. Of course, the NSA wouldn't buy so many computers to do the work, but would instead build ASICs to do the work. The most natural analogy is how Bitcoin works. Bitcoin hashes were originally computed on CPU cores, then moved to graphics co-processors, then FPGAs, then finally ASICs.

The current hashrate of Bitcoin 460,451,594,000 megahashes/second. An Intel x86 core computes about 3-megahashes/second, or 153,483,864,667 CPU cores. Divided this by 45-million core-years for precomputing 1024bit DH, and you get 3410 DH precomputations per year. Thus, we get the following result:
The ASIC power in the current Bitcoin network could do all the necessary precomputations for a Diffie-Hellman 1024 bit pair with 154 minutes worth of work. Or, the precomputation effort is roughly equal to 15 bitcoin blocks, at the current rate.
(Update: I did some math wrong, it's 154 minutes not 23 minutes)

Another way of comparing is by using the website "keylength.com", which places the equivalent effort of cracking 1024 DH with 72 to 80 bits of symmetric crypto. At the current Bitcoin rate, 72 bits of crypto comes out to 15 bitcoin blocks, Continue reading

Google, Facebook and peers criticize CISA bill ahead of Senate consideration

A trade group representing Facebook, Google, Yahoo and other tech and communications companies has come down heavily against the Cybersecurity Information Sharing Act of 2015, a controversial bill in the U.S. that is intended to encourage businesses to share information about cyberthreats with the government.The Computer & Communications Industry Association claims that the mechanism CISA prescribes for the sharing of cyberthreat information does not adequately protect users’ privacy or put an appropriate limit on the permissible uses of information shared with the government.The bill, in addition, "authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties," the CCIA said in a blog post Thursday.To read this article in full or to leave a comment, please click here

Would I take Wireshark training?

If the buck stops with you when it comes to troubleshooting strange and bizarre application behavior, you’ll want to be able to use a packet capture tool effectively. Wireshark is ubiquitous; most network engineers use it. Wireshark has an active user and development community. Plus, there is a commercial variant through Riverbed if you care to go that route. Therefore, I view Wireshark as a safe packet analysis tool to spend time learning intimately.

What’s inside your containers? Why visibility and control are critical for container security

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.As organizations turn to containers to improve application delivery and agility, the security ramifications of the containers and their contents are coming under increased scrutiny.Container providers Docker, Red Hat and others are moving aggressively to reassure the marketplace about container security. In August Docker delivered Docker Content Trust as part of the Docker 1.8 release. It uses encryption to secure the code and software versions running in Docker users’ software infrastructures. The idea is to protect Docker users from malicious backdoors included in shared application images and other potential security threats.To read this article in full or to leave a comment, please click here

What’s inside your containers? Why visibility and control are critical for container security

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

As organizations turn to containers to improve application delivery and agility, the security ramifications of the containers and their contents are coming under increased scrutiny.

Container providers Docker, Red Hat and others are moving aggressively to reassure the marketplace about container security. In August Docker delivered Docker Content Trust as part of the Docker 1.8 release. It uses encryption to secure the code and software versions running in Docker users’ software infrastructures. The idea is to protect Docker users from malicious backdoors included in shared application images and other potential security threats.

To read this article in full or to leave a comment, please click here

FireEye Myth and Reality

Some tech companies are always associated with their first acts. Dell just acquired my first employer, EMC Corporation, in order to expand its enterprise portfolio yet the company will always be linked with personal computers and its founder’s dorm room.  F5 has become a nexus that brings together networks and applications but will always retain the moniker of a load balancing company.  Bit9 has established itself as a major next-generation endpoint player yet some people can only think of its original focus on white listing.In my opinion, FireEye shares a similar limited reputation as many security professionals equate the company with a single cybersecurity technology, network “sandboxing,” in spite of its acquisitions, progress, and diversification. This perception seems especially true on Wall Street where financial analysts continue to judge FireEye based upon the number of competitive vendors who offer network sandboxes of their own. To read this article in full or to leave a comment, please click here

One year at Plexxi and the Future of Networking

It’s almost time to celebrate my one-year work anniversary with Plexxi, coming up next month. When I began here I set out with a grand vision set on building a simply better network. I’m grateful to the entire Plexxi team for their commitment and hard work to make many of our goals a reality. I believe that today we are better and stronger as a company. We have meaningful industry partnerships like our distribution agreement with Arrow, groundbreaking product developments and more financing to make our goals and growth plans a reality.

Last week I spoke with Chris Talbot, a writer at FierceEnterpriseCommunications and had the opportunity to reflect on my time with Plexxi so far. Chris and I discussed what led me to join Plexxi, why I believe in what we’re doing and why we’re pioneering a new path for networks that is going to lead the industry for years to come.

We are making great strides and I’m excited about the momentum we have going for us right now and what the future holds. You can find Chris’ article, The Future of Networking is Photonic Underlays here. Let me know what you think.

The post Continue reading

HP Is Shipping Unicorns Now: 10GBASE-T SFP+ Module

It's long been said that we'll never see an SFP+ transceiver for 10GBASE-T media. Too much power, too small package, too much heat, etc...

I'm not sure that never is quite right. There's this wonderful/horrible contraption:
Dawnray SFP+ module. Photo found here.
It's huge. It's ugly. Its covered with fins, so it must be hot. The data sheet says it consumes 7 Watts. Where's it getting 7W? Not from the SFP+ interface on the switch... Note the power cord attached to the module. It uses a wall wart!

This is not an elegant solution, but 10GBASE-T is hard, and this is the best we've got.

Until now.

/u/asdlkf recently pointed out on reddit that HP have published a data sheet1 for a much more elegant SFP+ module for 10GBASE-T.

There were rumors that this module was going to have a giant heatsink and protrude far beyond the SFP+ slot, but it turns out that's not the case. It looks really good, and it's only a bit longer than some 1000BASE-T modules that I have kicking around the office.

The module uses only 2.3W (no wall wart required, but plugging in lots of them will still tax most switches), Continue reading

Can myriad wireless networks connect as one fast, secure system?

Getting the innumerable wireless networks the military and some commercial enterprises to communicate just doesn’t work in many cases, creating serious communications and security problems for warfighters and others interacting with those networks.+More on Network World Gartner: IT should simplify security to fight inescapable hackers+Researchers at the Defense Advanced Research Projects Agency are looking for ways to change that problem with a new program called Dynamic Network Adaptation for Mission Optimization (DyNAMO).To read this article in full or to leave a comment, please click here

Can myriad wireless networks connect as one fast, secure system?

Getting the innumerable wireless networks the military and some commercial enterprises to communicate just doesn’t work in many cases, creating serious communications and security problems for warfighters and others interacting with those networks.+More on Network World Gartner: IT should simplify security to fight inescapable hackers+Researchers at the Defense Advanced Research Projects Agency are looking for ways to change that problem with a new program called Dynamic Network Adaptation for Mission Optimization (DyNAMO).To read this article in full or to leave a comment, please click here

Getting to Know Peter Sprygada, Director of Engineering

Knowing the members of our Ansible community is important to us, and we want you to get to know the members of our team in (and outside of!) the Ansible office. Stay tuned to the blog to learn more about the people who are helping to bring Ansible to life.

ansible-team-peter-sprygada This week we're happy to introduce you to Peter Sprygada, who recently joined Ansible to tackle all things networking. Prior to joining us at Ansible, Peter built a long career building and operating next generation network infrastructures and most recently ran the EOS+ CS team at Arista focusing on the integration of network operations with DevOps methodologies.

 

What’s your role at Ansible?

Mostly my days revolve around working closely with customers, partners and the fantastic Ansible community to bring more robust support for networking devices into Ansible and Ansible Tower. This includes applying Ansible to help evolve DevOps methodologies to solve problems associated with running network operations teams.

What exciting Ansible networking projects can you tell us about?

To start, we have been working closely with our network partners to transition many of the great modules that have been available in the wild and make them available to Continue reading

Gathering network device versions with Ansible using SNMP

Ansible SNMPUntil there is a universal standard which states how to access network devices I believe SNMP is the best option when it comes to determining what a device actually is. While SNMP’s glory days might be long gone, if there in fact were any. There are still some instances where SNMP is more handy than the modern APIs we have now. All network devices respond in the same way to SNMP queries. This can be compared to a REST API where you have to know the URL of the API before you can target a device. Even with SSH which is also a standard the implementation differs between various vendors, while this doesn’t matter if you are connecting to the device manually it does if you are using a script. Looking at Netmiko a Python library for SSH, you have to specify device vendor and class when you connect. This is because SSH doesn’t work the same with Cisco devices, compared to HP devices, as prompts and paging work differently. However with SNMP it always works the same, sure all vendors have specific MIBs that they use. But general queries for standard MIBs work the same. Using a standard MIB Continue reading

Worth Reading: Thoughts on the Open Internet

I’m sure we’ve all heard about “the Open Internet.” The expression builds upon a rich pedigree of term “open” in various contexts. For example, “open government” is the governing doctrine which holds that citizens have the right to access the documents and proceedings of the government to allow for effective public oversight, a concept that appears to be able to trace its antecedents back to the age of enlightenment in 17th century Europe.

I would normally place worth reading items in the right column, Geoff has written a six part series about the open Internet that’s worth reading. I’ve put links to each piece here.

Thoughts on the Open Internet – Part 1: What Is “Open Internet”
Thoughts on the Open Internet – Part 2: The Where and How of “Internet Fragmentation”
Thoughts on the Open Internet – Part 3: Local Filtering and Blocking
Thoughts on the Open Internet – Part 4: Locality and Interdependence
Thoughts on the Open Internet – Part 5: Security
Thoughts on the Open Internet – Part 6: Final Thoughts

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: Thoughts on the Open Internet appeared first on 'net work.

1 3,286 3,287 3,288 3,289 3,290 3,844