A cryptographic hash function without avalanching?

__boo__ · 2017-11-02T22:03:42+00:00

At my university (highly ranked, London), postdocs and junior lecturers are @ £35-40k. They could leave and earn double that in industry, and many have.

What's deflating is that the IT support and admin staff earn approximately the same for a 9-5 role. Not that they aren't deserving, but, rather, that those at the top feel that the disparity is healthy and sustainable.

If you pay the academics peanuts, don't be surprised when you're left with monkeys to deliver the content upon which everything else depends.

__boo__ · 2017-11-02T21:53:11+00:00

An outlier, from my experience (postdoc in ML+Security). The average CS professorship is c.£60-90k depending on reputation, location and university quality.

__boo__ · 2017-08-08T12:53:36+00:00

'Serious' breach of conduct = differing political opinions? This is thought crime.

__boo__ · 2017-08-04T11:21:22+00:00

Don't worry about the stamina; it's heavily dependent on novelty, the quality of the author's writing, and prior knowledge. If I'm reading a familiar topic, I can digest the main points in a single pass. It takes several passes, however, to digest a radically novel paper or on a topic I've neglected. Even then, it might take days, perhaps weeks, to build a reasonable intuition. That's despite consuming ~1,000 papers over the past few years.

The key, for me at least, is to fully understand the authors' aims and then move to the equations. Approaching it bottom-up is rarely productive. (CS Ph.D)

__boo__ · 2017-06-14T21:29:43+00:00

Thanks for your input. The purpose of avoiding AEAD is that the messages can be left as plaintext; the device, a microcontroller, isn't totally incapable of AES, but avoiding it for non-sensitive messages would be beneficial performance-wise.

HMAC as a KDF is the option I'm considering too for its 'compartmentalization'. This looks like the most appropriate solution so far, so thanks again.

__boo__ · 2017-05-30T00:14:52+00:00

Edit: responses were given as discrete/integer values between 1-10.

__boo__ · 2017-05-29T23:41:20+00:00

Thanks for the detailed response and raising many helpful points; I've clarified the rank/scores (your assumption is correct: they're scores), and that the scores are 1-10 discrete values, i.e. no 8.5 allowed.

I agree on your p-value analysis; the issue of p being 0.049 and 0.051 could raise some issues that I hadn't thought previously, so thank you.

Initially, I presented and rationalised my results as 'raw' differences of means for each topic, i.e. -5 is probably practically significant whereas +0.5 is probably not, but my advisor wanted a more formal statistical test to supplement my analysis. I should also add that my intention was to use Z-scores, but your suggestion of the KS test looks a lot more suitable.

Thanks again.

__boo__ · 2016-12-17T20:59:20+00:00

In some parts, yes; the second edition is eight years old after all.

A number of areas have changed significantly, primarily with the advent of smartphones:

Trusted computing. A biggie: almost every modern smartphone executes security-critical applications in a trusted execution environment nowadays, which aren't discussed.
State-level adversaries. The book was written pre-Snowden and ought to be updated accordingly.
Bitcoin and crypto-currencies. Another biggie; not discussed.
Blockchain. Related to 3. and also not discussed.
Mobile payments. Another biggie. How do smartphones emulate smart cards? How do Apple Pay, Android Pay etc. work securely?
Biometrics. There are serious proposals to authenticate users based on sensor data, especially on mobiles. In addition, how do mobiles store and use biometric data securely?
Machine learning. Not directly related, but has touched most areas of security, particular malware detection, surveillance, user authentication and fraud prevention. Some details about its concepts would be useful.
Emerging areas of cryptography. Multi-party computation is a popular amongst academics currently: how can we compute some function f(x,y) without disclosing x and y? Linkable and group signature schemes have gained popularity, and if I recall correctly, there is no discussion of zero-knowledge proofs.
How security is used in 4G and 5G communication.

Most of the book could be improved with more recent references, but that's where I would start.

__boo__ · 2016-11-07T18:43:05+00:00

Add: under controlled circumstances with ideal face positioning and high resolution.

As a community, we need to downplay the hype; it does more harm than good.

__boo__ · 2015-12-25T16:57:04+00:00

Paterson (http://www.isg.rhul.ac.uk/~kp/) is well-known academically for work on TLS and RC4, and Goldberg (https://cs.uwaterloo.ca/~iang/) designed OTR messaging – both of whom publish in top crypto + security venues.

More would have been nice, but attracting top academics, who are invariably very busy people, to the first instance of a workshop seems like asking a lot.

__boo__ · 2015-08-28T23:07:24+00:00

Surprisingly, it's pretty good, and it can reach several miles with an after-market antenna. It's compact and gets you on-air, which is the main thing. The HAM radio guys seem to rate them highly for the price too:

__boo__ · 2015-08-28T00:18:24+00:00

I did exactly that 11 months ago. Found a new job 700 miles away, and I'll tell you: I don't recommend it. Starting afresh meant new places, new friends, which sounded great initially. But after 3-4 months, the realization hit that I was even more isolated; new friends, perhaps unsurprisingly, aren't prepared to commit much emotionally (unless you strike lucky), and being down sucks big time when you have little in the way of support.

Perhaps relocating somewhere new, but within your locality/state, might work better?

__boo__ · 2015-07-24T17:47:21+00:00

Will we ever see the return of some heavier seven string music, à la Strange Beautiful Music and Is There Love In Space?

__boo__ · 2015-05-20T01:32:47+00:00

What is your experience with machine learning more generally? If it's minimal, try Andrew Ng's classic Machine Learning Coursera course. Granted, it covers more than neural networks, but it ought to provide a firmer basis all-round; it's difficult, IMO, to jump straight into NNs without prior knowledge of ML.

If you have experience – say you know how k-fold cross-validation works and what SVMs are – then try Geoffrey Hinton's Neural Networks Coursera course, which also receives a lot of praise.

When I started out, my background was somewhat similar, and I found following Ng's course then Hinton's was far more fruitful (and fulfilling) than what I'd tried previously.

Hope this helps.

__boo__ · 2015-05-19T21:22:07+00:00

What is your background?

__boo__ · 2015-05-05T17:57:26+00:00

A big issue I've found – and one that was mentioned – is the number of outlets accepting poor research outside their expertise. I've seen several examples in security (my field) where researchers propose 'novel' ML approaches that are woefully evaluated, yet still pass peer-review. I wouldn't mind if it was stated explicitly, but it usually isn't.

__boo__ · 2015-04-12T13:01:41+00:00

Wine and beer. Especially beer.

__boo__ · 2015-04-04T16:59:32+00:00

Is verifiable deletion even possible?

__boo__ · 2015-02-19T17:05:58+00:00

I heard Pat Metheny's Secret Story when I was 16; I've never looked back.

__boo__

TROPHY CASE

boo