This whole thread seems to be unaware about Debian… so I’ll give an actual answer.
Debian only actually updates their software packages every 2 years, this is for stability purposes. However you still need to fix some severe bugs so about every 2-3 months Debian does point releases that are only updating for security fixes. This is one of them.
When Debian 14 actually releases it will upgrade nearly all of the packages that are in your base system.
Again you have no idea what I’m talking about. I’m not a cryptographer, but I’ve done a bit of computational number theory (a strongly related field), I speak from that field.
I’m describing how you make rigorous provable claims, rather than “it’s an ancient technique supercharged by a computer”- which quite frankly makes you sound like a child.
“It’s just a database file”- You realize the contents of the database don’t matter? The security comes from the mapping. The database contents could be pure nonsense symbols (in fact it should be, one of the criteria of modern cryptosystems is indistinguishability from random data, because it defeats pattern-based attacks.) I was simply pointing out that your approach was very amateurish since those databases have already existed for 30+ years.
“Not selling anything”
“Selling” is a common synonym for “convincing” or “advertising”. Saying “I sold him on that”- means you convinced someone.
I’m going to let this discourse die because it seems like you don’t understand what I’m saying.
My point is that your approach is awful. It’s like you completely fumbled into your idea, and you’re trying to sell it as superior to rigorously constructed cryptosystems ( nearly all exploits are due to developer incompetence not cryptographers).
“They are all grammatically valid”- yeah you have no idea what I just said. I was talking about constructing a probability matrix from a language, if you restrict the entries to grammatically valid pairs/tuples it reduces the size and is therefore easier to compute. Whether or not your ciphertext is grammatically valid English has zero effect on its strength.
The reason why you might want to take the approach I described is that you can make precise claims about the dataset and final result. Rather than saying “umm … Chatgpt said so…”.
Regardless, this has nothing to do with cryptographic security. It’s just an immediate red flag when developers miss obvious solutions.
“but common phrases”. These also exist, they are used in grammar checkers. They also exist in texts for English learners.
Datasets like these are very easy to come by. In fact you could actually write a program that set up a Markov matrix of pairs of words for any input text, and use it to determine common phrases. This is the standard sloppy approach, a more clever one would restrict the pairing to grammatically valid ones.
deleted by creator
Why did you use an LLM for the frequency tables? The “most common words used” is very useful data and as such there are many already existing compilations, used by things like spell checkers. The Linux system dictionaries are one example.
The fact that you completely ignore that simply using a larger RSA key would both be faster and more secure than your approach, doesn’t inspire confidence either.
(It’s also in python which is basically unusable. )
What motivated you to write this program?
Your choice of “codebook”, is an immediate red flag and reeks of pop-crypto. There is a reason why this approach was abandoned some 100+ years ago, even properly implemented they have severe shortcomings.
Chatgpt just cribs from stack overflow, which in turn just cribs their answers from documentation. Once you figure that out, they both become surprisingly useless.
I just want tropical/desert textures. I know penguins like the cold, but people like variety.
“Making frequency analysis ineffective”
Oh boy, let’s hope nobody uses it for large plain texts. If x maps to k1,K2,… then one simply needs enough instances of x to reconstruct the key. It must at the very minimum need multiple symbols to map to the same strings to achieve ambiguity.
The cryptographic claims seem laughable.
Maybe to match against the passport photos. Some people travel with other similar-looking people’s IDs, and it can be missed by inspectors. So having an current photo of the traveler can be used in post-hoc investigations to determine if they did so.
deleted by creator
The bizarre thing is that they are only analysing something like 40 programs/library. You could reach the same conclusion clicking through their gitlab for a few minutes.
The translation rate is the actually interesting part.
My usual defeater goes like this:
It is logically possible to create a very clever mechanical device that for any finite input would output exactly the same behaviour a human could, yet we would clearly consider it to be unconscious clockwork. We have no reason to believe that electrical computers are any different.
“Game dev… Just force Rust into it”
What’s wrong with Rust for game dev? It seems similar to C++, and C# which are the dominant languages.
I can see arguments that the current projects have poor approaches, but not that the language itself is ill-suited.
I’ve used ffmpeg to compose a whole video from screen recordings. The big advantage is that it works well on weaker hardware that can’t run full blown video editors.
You’re correct in your assessment of the worst-case of distro maintainers, however many distro developers/maintainers do contribute to the upstream ( Debian policy explicitly encourages it, I only speak for Debian because that’s the only project I’ve worked in) and do vet and understand the software.
“It can’t be better”. Except distro maintainers can block it from being included if they find errors. As noted above they also often file pull requests against the upstream. This happens a fair amount actually.
I think you are completely missing the point. Packages distributed by Debian are less likely to be insecure because Debian policy requires reviewing all source code to make sure it meets interoperability and open-source standards.
Regardless of how frequently this is actually done, if it’s done at all is a point in favor of using Debian distribution. The fact that Debian has introduced errors themselves in a few cases is irrelevant, any developer can do that and crates.io is full of them with not even an attempt at additional review.
You need to balance whether or not the distributor is fixing or introducing more bugs, and in the case of Debian it seems to be overwhelmingly the former.
Your argument that crates.io is a known organization therefore we should trust the packages distributed is undermined by your acknowledgement that crates.io does not produce any code. Instead we are relying on the individual crate developers, who can be as anonymous as they want.
Debían developer is a specific position that you apply for. Anyone can be a maintainer. Well, I had to get approved but I don’t know the qualifications, I already had code in Debían vía GNOME.
It’s also pretty poor quality data. Open-source journalists use it alot and make erroneous claims.
Ryan MacBeth tried to do this to show a person hadn’t left the US, when a third-party had actually recorded them in Palestine.