## Tuesday, August 16, 2005 ... //

### Topological blog

Those who are interested in mathematical aspects of string theory and the newest twists and turns in topological string theory in particular should look at the KITP weblogs, especially

written by Andy Neitzke. Andy is one of the coolest bigshots among recent graduates, and because he is also a clear expositor (recall, for example, his and Cumrun's review of topological strings), you should try to look at his comments.

#### snail feedback (2) :

They still have not fixed their certificate. See my previous comment on Peter's blog.

I have no idea how they could implement their site like that. But whether the computer people are competent or not has no correlation to whether the wireless singal is strong or not. The later is pure physics: The shielding of buildings, the proximity to the wireless signal source, remaining battery power of your wireless device.

And whether these computer people you saw are competent or not in their profession really have to be judged by some one who are competent themselves. My general impression is people in science more or less all know a little bit about computers, but when it comes to implementing something useful, they are the worst kind of computer programmers.

My theory is the best talented minds in research community who are also very good at programming and using computers are very likely sucked out of the camps into the IT industry, by high paying jobs, half way during their research career. So the remaining people are less good, less sophisticated and certainly less competent on computers than their peers who were sucked into the IT industry. If you look at the disparity, An IT job that pays 150K-200K plus stock options definitely is quite irresistable comparing with a physics post doc position that pays maybe just 30K a year, especually nowadays that fundamental physics research doesn't seem to go any where, even if you do not consider the money.

Certificate issuing companies like Verisign must be making an incredible amount of money. It's literary turning thin air into gold! A regular SSL certificate costs close to a thousand dollars, and per year, not per certificate. The only cost of producing certificate, is approximately one or two seconds of computation time, on an average PC computer, which is maybe 0.0001 cent in turns of dollars. Plus the cost of physically verifying your identity, maybe through a two minutes phone call. But maybe now they all do it automatically through computers verifying your IP instead of making a physical phone call.

So it really cost them less than a penny to issue a certificate to you, while they can ask you for \$1000, per year!!!

And this multi-billion dollar business all rely on the fact that there is one little secret that involves no more than 2048 bits of information, which is just 616 digits, that no one knows. This little secret can be obtained by either some one hack into their computer system and obtain it, or by some one figure out a 1232 digits integer, which every one knows, and find out which two prime number multiplied to produce that big integer.

Alternatively, some one figure out how to crack the SHA1 or MD5 hash and it can be used to counterfeit certificates. Well, cracking SHA1 and MD% has ALREADY happened by some mathematicians. It's any one's guess when it will be possible to use that to counterfeit certificates on a regular basis. 5 years? 10 years? 100 years?

Once that little secret is reviewed, the billion dollar business crumble down instantly and they worth absolutely nothing.

Given a 1232 digit integer and figuring out the two prime numbers that multiplied to produce it. This is a daunting computing task that would take an incredible amount of computation time. That's where physics plays in. Because once quantum computers become a reality, factoring large integers can be done almost instantly, at very little cost. Any security technology that's based on RSA will then be worthless.

Quantoken