Hm, ok. Would it have been OK if I hadn't posted it under "Ask HN"? Surely this site supports sharing opinions like this one in some contexts -- it's not like this was a political shitpost or something. Right?
XSS is the most common bug on the internet, and there is nothing interesting or novel about this that warrants an article in my opinion. My problem is that this article makes people scared in a way that I do not think is productive. Kudos to whoever found the bug for finding it and making everyone safer, but I thought the article was needlessly clickbaitey. I agree I should probably be less cavalier-sounding though, sorry.
LOL, these are literally just XSS attacks, the sky is not falling. This is such clickbait. Posts like this make the security community look bad IMO. Report it and move on.
"Division" i.e. multiplying by the multiplicative inverse doesn't require the modulus be prime; it just requires that the number you are finding the inverse of and the modulus are relatively prime.
I'd highly recommend this talk [0] which discusses the practical security issues with such a system. Estonia did something like this.
One interesting problem is that of deniability; in order to ensure that voters are not coerced, it is important for them to be able to deny who they voted for. This is directly at odds with the goal of verifying your vote after the fact.
That's not what I'm saying. I'm saying that if factoring were NP hard, by extension a quantum computer could solve NP complete problems in polynomial time (since every problem in NP is reducible to every NP hard problem, by definition [0]).
That's all I'm saying... they're implying that you could reduce, say, 3SAT to factoring, which would be very very surprising.
Not to mention that being an NP hard problem wouldn't be a strong enough property to ensure the average-case was hard, so I don't think the "considered" saves this from being incorrect...
It wasn't salted, but even then a targeted effort could almost certainly crack a password as bad as dadada almost immediately for a fast hash like sha1.
Nope. For general search operations (modeling your 128-bit cipher as a black box) the best we know how to do is Grover's algorithm, which gives you a quadratic speed up. Your 128 bit problem is now a 64 bit problem (which is of course still quite good).
If you have the ability to intern at Palantir you have the ability to intern at any number of more responsible companies. Palantir has a bigger booth at the career fair, but I'd bet working at Apple or Uber is just as much of a resume boost at much less of a societal cost. (source: am a college student)
The worst part about Palantir is their ability to masquerade as this hip startup, as though working for them is as innocent as working for Imgur or Twitter or whatever. They recruit the hell out of MIT students, and it sucks seeing my friends interview for this incredibly shitty company that has openly said it won't go public since that would make running their business "very difficult" (hm, because you're doing reprehensible work perhaps?).
I wish people picked their jobs to match their ethics instead of the other way around. It makes me sad when I hear about my friends going to intern for this place.