A "hard" 512-bit number falls after 8000 MIPS-years

Since 1991 RSA has sponsored a factoring challenge [1] to encourage research into the factoring of large numbers. It is the difficulty of the factoring problem that underlies RSA encryption. The numbers on RSA's challenge lists are of two types: "random" numbers that may be easy or hard to factor, and numbers of the type that RSA might use in devising secure cryptosystems, which are considered hard to factor.

On 22 August an international group announced [2] that they had found the prime factors of the largest such "hard" number ever cracked: RSA-155, a 155-digit (or 512-bit) number. The group was led by Herman te Reile of CWI, a Dutch mathematics research institute. Te Reile also led the effort to factor RSA-140, the previous record-holding "hard number," which had been cracked last February.

Here are RSA-155 and its two 78-digit prime factors, as reported by the research group.

RSA-155 =

10941 73864 15705 27421 80970 73220 40357 61200 37329 45449
  20599 09138 42131 47634 99842 88934 78471 79972 57891 26733
  24976 25752 89978 18337 97076 53724 40271 46743 53159 33543
  33897

Its prime factors are

102 63959 28297 41105 77205 41965 73991 67590 07165 67808
  03806 68033 41933 52179 07113 07779
 *
    106 60348 83801 68454 82092 72203 60012 87867 92079 58575
  98929 15222 70608 23719 30628 08643

Factoring RSA-155 required about 8000 MIPS-years and occupied, as best I can figure [3], just under half a year in calendar time. (This makes sense if the team turned to RSA-155 as soon as they had cracked RSA-140 last February.) As of this writing the claimants have not yet been placed on the RSA Honor Roll list. Send a blank email to challenge-rsa-honor-roll@rsa.com to receive this list.

By far the most time-consuming step in the factoring job was sieving. It is this step that Shamir's TWINKLE [4] would greatly speed up.

[1] http://www.usatoday.com/life/cyber/tech/ctf974.htm
[2] http://www.rsa.com/rsalabs/html/factoring.html
[3] http://www.interesting-people.org/199908/0070.html
[4] http://tbtf.com/archive/1999-05-08.html#s02

A glimmer of light for the little guy

For the first time a federal appeals court has ruled [5] that corporations can't always prevent others from registering domain names that happen to coincide with their brand names. This ruling marks a redress that many feel is overdue. Too bad the case in question is so cloudy. I noted the affair of FreeView Listings vs. Avery Dennison in the article Squammers [6] last February. The lower court called FreeView's founder a domain squatter. This is not the clearcut case I would wish to see of a large corporation harassing an individual who has a legitimate reason to use a domain name.

The appeals court's ruling turned on the breadth of recognition for Avery Dennison's trademark. It prompted one of the lawyers involved to muse, ad absurdam, that if this ruling holds then only Coca-Cola and McDonalds might enjoy trademark protection on the Web.

Thanks to Kenneth Adelman <adelman at adelman dot com> for pointing out this story.

[5] (This SJ Mercury News story is no longer online.)
[6] http://www.tbtf.com/archive/1999-02-01.html#s02

Doing business in the public eye, in relative harmony

Much of the acrimony of the previous Berlin meeting [7] seemed to be absent at Santiago. ICANN held its decision-making meeting in full public view (for that fraction of the public that had managed to travel to Chile, anyway); only some advisory committee meetings were closed. ICANN's interim chair, Esther Dyson, participated in an online chat session from one of those closed meetings. Its transcript [8] provides a welcome human sidelight, typos and all, to the august proceedings.

This ICANN page [9] provides a bare listing of all of the resolutions acted upon at Santiago. Today's NY Times coverage [10] (free registration and cookies required) stresses the persistent complaint that ICANN's process to date has taken most of its input from large commercial organizations and governments, to the exclusion of not-for-profit entities and individual Netizens.

At Santiago ICANN initiated the process of gathering a broad-based, representative membership of at least 5,000 individuals, which will elect half of ICANN's board members next year.

ICANN's other significant action was to approve draft rules to limit cyber-squatting. In conciliation to individual domain-name owners, ICANN directed a sub-panel to add new language protecting individuals and others from losing legitimately registered domain names to large companies.

[7] http://tbtf.com/archive/1999-06-14.html#s04
[8] http://chat.abcnews.go.com/chat/chat.dll?Chat?room=e_dyson
[9] http://www.icann.org/santiago/santiago-resolutions.htm
[10] http://www.nytimes.com/library/tech/99/08/biztech/articles/30ican.html

Don't hold your breath

Each time the Clinton administration asks a panel of experts to go off and ponder directions for cryptography export policy, they tend to come back with a recommendation to relax the rules. This time it was the President's Export Council Subcommittee on Encryption advising that the administration back off restrictions of hardware and software exports to friendly countries [11]. The panel's report, called Liberalization 2000 [12], also recommends that industries building critical infrastructure, such as power, water, and telecomms, be allowed free use of unbreakable encryption. Given the recent evidence of administration sentiment -- the FIDNET [13] and CESA [14] proposals -- I wouldn't count on seeing even these modest and sensible recommendations implemented.

[11] http://www.wired.com/news/print_version/politics/story/21471.html?wnpg=all
[12] http://www.cs.georgetown.edu/~denning/crypto/lib2000.html
[13] http://tbtf.com/archive/1999-08-16.html#s05
[14] http://tbtf.com/archive/1999-08-23.html#s01
[14a] http://cryptome.org/LIB42.htm

Slashdot is the Mystery Science Theater 3000 of the Web

This ZDnet story [15], commented upon at Slashdot [16], warns of upcoming strife and turf battles in corporate IT departments as Windows 2000 is introduced. The reason is that W2K supports Dynamic DNS (DDNS) for name resolution in its Active Directory service, not the static DNS offered by many Unix systems. The ZDnet coverage errs by implying that DDNS is not even implemented, let alone in service, on Unix systems -- in fact many Unices, including Linux, support stable and tested DDNS implementations. ZDnet's prophesied battle looms because once W2K systems are added to the mix in IT shops, then W2K will demand to be the root of the naming service, displacing Unix. The ZDnet reporter talked to sources at a large aerospace shop -- unnamed, but fingered in the Slashdot discussion as Boeing -- at which Unix and Windows administration functions are performed by separate groups. One Slashdot poster points out that in a rationally run organization, with jobs defined by function and not by operating system, no conflict would occur. As a final coda to the ZDnet story, a poster opines that any article covering Windows 2000 and featuring a link at the bottom for "Windows 2000 prices," as this one does, isn't journalism -- it's an infomercial.

[15] http://www.zdnet.com/pcweek/stories/news/0,4153,1016137,00.html
[16] http://slashdot.org/article.pl?sid=99/08/28/1336258

How can I crack thee? Let me count the ways

Richard Smith, prolific spotter and exposer of security holes, has posted a simple page [17] listing many of the recently discovered ways that bad guys can do you in using ActiveX controls and Outlook on your Win98 system. Last week Smith demonstrated the problems at the 8th Usenix Security Conference [18]. Microsoft has developed fixes for most of the holes and rolled them forward into Windows 2000 development, but there are millions of vulnerable systems on desktops worldwide. Most of their owners will never download and apply the security fixes.

[17] http://www.tiac.net/users/smiths/acctroj/index.htm
[18] http://www.wired.com/news/print_version/business/story/21442.html?wnpg=all

Little, but late

A 36K download will allow US users of Netscape's international (crippled) encryption to upgrade their browsers for 128-bit security [19]. This is a fine idea and long overdue -- previously, effecting this security upgrade from Netscape required a 12-MB download. But Netscape has made the tiny upgrade available only through their SmartUpdate package as far as I can see -- you can't download the upgrade as a standalone file. Before visiting this page [20] you must enable Java, cookies, and SmartUpdate. I was unwilling to try this as I already have 128-bit encryption in Communicator 4.6 and don't trust SmartUpgrade not to mess things up. But that's just me; go ahead and try it. You'll need to attest to US citizenship or permanent residency. Anyone who does the upgrade, please write to me about the experience.

Alan Braggins <armb at ncipher dot com> wrote to remind me that a year and a half ago TBTF covered [21] Fortify [22], an internationally available alternative for upgrading international Netscape for strong crypto.

[19] http://www.internetnews.com/prod-news/article/0,1087,9_189471,00.html
[20] http://cgi.netscape.com/cgi-bin/su/intro.cgi
[21] http://www.tbtf.com/archive/1998-03-02.html.html#s03
[22] http://www.fortify.net/

Dubious software and Net patents are getting more ink

The accelerating rate at which the US patent office has been granting patents for software algorithms and, lately, business methods has recently caught the attention of the mainstream press. (TBTF readers have been hearing about this issue for four years.) This CNN coverage [23] plows the now-familiar ground neatly. This report in the Linux Journal [24] stresses the danger such a carpet-bombing of dubious patents could cause for open source development projects. The Linux Journal article also features an excellent set of links for further reading on the subject. See especially this report [25] by longtime PTO critic Greg Aharonian of software patents issued in 1998, and historically.

[23] http://www.cnn.com/TECH/computing/9908/24/patents.idg/index.html
[24] http://linuxjournal.com:8080/articles/currents/003.html
[25] http://www.flora.org/flora.comnet-www/1334

Xanadu emerges from its stately pleasure dome

In July 1999, software pioneer Dan Bricklin released [26] a 1981 version of VisiCalc, the seminal spreadsheet he co-invented, for free download from the Web. (It's 27K!) Bricklin's action initiated an ongoing parade of releases of classic software by the luminaries of the early history of software development. I've posted a summary [27] of these releases with URLs where you can pick up these software artifacts. The latest classic to become publicly available is Xanadu [28], Ted Nelson's near-mythic attempt to create a globe-spanning system of hypertexts. The Xanadu code, which had never been seen before outside the circle of its developers, has now been released in an open-source format. But the Xanadu release seems to be considerably rougher than the open source state-of-the-art: one early downloader, Lindsay Marshall, commented succinctly in his Web log [29]: "Nothing works, no documentation."

[26] http://www.bricklin.com/history/vcexecutable.htm
[27] http://tbtf.com/resource/antique-sw.html
[28] http://www.udanax.com/
[29] http://catless.ncl.ac.uk/Lindsay/weblog/latest.html

Want to be hipper-than-thou? Blog a vortal

Jargon Scout [30] is an irregular TBTF feature that aims to give you advance warning -- preferably before Wired Magazine picks it up -- of jargon that is just about ready to hatch into the Net's language. Our latest offerings:

Blog: 1.) n. A Web log. 2.) vi. To run a Web log.

First spotted on the Eatonweb [31] blog, er, Web log on 1999-08-25, though Eatonweb's proprietor Brigitte says the coinage is due to our very own TBTF Irregular Peter Merholz <peterme at peterme dot com> [32]. Seems he decided one fine day that "Web log" ought to be pronounced "wee-blog." Here is Peterme's recollection of the coinage:

Vortal: n. A vertical portal.

Portals have been the biggest rage since push (remember push?), starting in the consumer space as Yahoo broadened its search engine into an Internet destination and gateway, and everybody from MSN to the Grace L. Ferguson Airline (And Storm Door Company) declared that they were a portal, too. Except, as usual on the Net, no-one could figure out how to make money from them. Vertical portals emerged early this year as destination sites for specialized communities -- e.g., buyers of scientific supplies -- spread out to include other content of interest to their target audiences. Vortals make sense: it's not hard to explain how they help the bottom line. Then there are intranet enterprise portals, but we won't go there.

I first saw the term vortal in this Technology Post story [35].

[30] http://tbtf.com/jargon-scout.html
[31] http://www.eatonweb.com/weblog/index.shtml
[32] http://www.peterme.com/
[33] http://www.bradlands.com/archive/arc_050199.html
[34] http://www.blogger.com/
[35] http://www.technologypost.com/internet/DAILY/19990825111011150.asp?Section=Main

Where the well-read technophobe surfs

This site [36] features reviews of books, movies, and music appealing to technology's rejectors. Any competent marketer must ask: what were they thinking in choosing the Web as a medium to reach this particular niche? The site is not without humor. Its visitor counter is stuck on 404 and links to the 404 Research Lab [37]. TLR is a production of Fairhill & Company, an "information technology and historic preservation consulting firm" [sic] located in Denver, CO. Thanks to alert reader <jtmcc att uswest dot net> for the cite.

[36] http://www.ludditereader.com/
[37] http://www.plinko.net/404/area404.asp

We don't need no steenkin' Three Laws

Aibo, the robot dog from Japan [38], is beginning to penetrate Western cultural consciousness. Bergdorf Goodman seems to have bought itself one of the 2000 Aibos that were sold in the US (at $2250 retail), or perhaps its ad agency did. A TBTF Irregular and self-described boutique guerrilla spotted Aibo in Bergdorf ads for high-end women's clothing, by three different designers, in three different fashion magazines. In one the model holds the robot dog on one arm; in another the robot romps at her feet.

Here is a review [39] by John Wharton <jwharton at netcom dot com>, an early Aibo adopter [sic]. It was carried on Dave Farber's interesting People list. Wharton is struck by (what he takes to be) Japanese attitudes toward pets showing through in the product and its documentation; he finds the cultural contrast jarring.

Last word [40] on Aibo goes to James "Kibo" Parry <kibo at world dot std dot com>, who was a net.god before you were born. This posting appeared last April on alt.religion.kibology (natch).

The Grace L. Ferguson Airline (And Storm Door Company) was an early invention of the comedian Bob Newhart [41]. His routine [42] is prescient. Penned decades before US airline deregulation, it perfectly captures the mean-spiritedness and the sheer terror of budget air travel. Captain: "Have any of you passengers ever been to Hawaii before? You have, sir? It's kind of... kidney-shaped, isn't it?"

[41] http://www.amazon.com/exec/obidos/ts/music-glance/B0000062TF/tbtf/
[42] http://www.amazon.com/exec/obidos/eras/B0000062TF001002/tbtf/

TBTF home and archive at http://tbtf.com/ . To (un)subscribe send
the message "(un)subscribe" to tbtf-request@tbtf.com. TBTF is Copy-
right 1994-1999 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Commercial
use prohibited. For non-commercial purposes please forward, post,
and link as you see fit.
_______________________________________________
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.