I agree that arbitrary password restrictions are an abomination, but the mental effort necessary to remember mixed case and special characters is disproportionate to the amount of strength they add to the password. It is best to voluntarily restrict oneself to characters that are easily remembered and make up the entropy per character with a few extra characters.
It's especially important if you write your passwords down. Special characters are ambiguous:
" ''
` '
| l
,.
: ;
The time required to find a random key is, on average, the time required to test half the key space. The average time to break an encryption scheme by brute force given by:
T(n,k) = (1/2)*(n*H)*(c^k)
where:
H is the time to compute the has function once.
n is the number of recursions of the hash function.
c is the character set used for the password.
k is the length of the password.
Because legitimate users only have to test one or two passwords, n can be very large without adversely impacting legitimate users. Obviously, the better solution is to start with a Diffie-Hellman key exchange and verify the identities of the client and access point with certificates distributed out of band (USB, printed dotcodes, etc.).
For the record, hashing is used in WPA-PSK to de-correlate the password and the key and to mitigate the problem of frequently used passwords. The password is salted with the SSID then passed through SHA1-256 4096 times. This means that if your SSID isn't one of the the top 1000 for which a pre-computed rainbow table exists, the attacker has to do it themselves. The hashing, therefore, slows down dictionary attack by a factor of 4096. Of course, if you actually use randomly generated passwords (few do), this is only the equivalent of about 2 extra characters.
I suspect that the the GPGPU speed improvement mainly occurs in calculating the hash. If the hash were fast, the bottleneck would be reading the word list from disk.
People cracking WPA on GPUs
If they are designed assuming an intended polarity, reversing the polarity would cause the cathode (now operating as the anode) to dissolve into an oxide sludge. Hydrogen would be produced at the anode (now operating as the cathode), but that happens in normal operation anyway and ventilated enclosures are used with that in mind.
Oh, and never use the term 'Brown's gas' in respectable discourse again.
Pools are treated with chlorine to prevent the growth of bacteria and algae. This is done either by dissolving sodium hypochlorite in the water or by dissolving salt (NaCl) and producing the chlorine in situ by electrolysis. Either practice makes the water sufficiently conductive to carry lethal currents.
So, let me get this straight... You think private insurance companies will take out loans to keep their customers alive for an extra two months at $20000/day?
Of course, we're not there yet. The recent Paypal debacle (cutting of Wikileaks) stresses the fact that private micro-payment services aren't yet trustworthy. They should be common carriers -- like the ISPs -- and only freeze assets upon an order issued by a court of the artist's country.
Why even then? Why not use a decentralized payment system, such as bitcoin or the like?
You quoted the joke and followed it with a three letter abbreviated platitude. You are modded +5, and the original joke is at +4. The moderation system has failed.
Suspend to disk defeats the purpose of suspend in many use cases. Point in fact: it's ass-slow. A suspended laptop is pretty close to instant-on. Also, a laptop that is writing its memory to disk can't be thrown in the backpack until the disk shuts off without risking a head crash.
I always swapped shift and capslock, because I didn't like having to check the state of capslock every time I exited the game. Using capslock for anything is a very poor design decision.
But the address does have to be stored somewhere. Unless that somewhere is on hardware write-protected media, keeping the key on a remote server does not protect from an adversary with root privileges.
In fact, this is a solution you can implement yourself, right now! Download portable Firefox. Configure as desired. Disable disk caching. Burn to DVD.
Even that isn't perfect. A determined, knowledgeable, and well-funded adversary could copy the contents of the DVD to a local directory, make any changes they desired, and mount that directory at the usual mount point of your DVD drive (or replace the DVD drive with a symlink).
I don't think you fully comprehend the implications of executing untrusted code with root privileges. Mozilla could make it so hard to install plugins without user permission that any company doing so would forfeit legitimacy. Mozilla could--finances permitting--instigate a war of attrition with malware authors. Microsoft, however, could solve the problem in one fell swoop if they would just get their shit together.
Slashdot Mirror
I agree that arbitrary password restrictions are an abomination, but the mental effort necessary to remember mixed case and special characters is disproportionate to the amount of strength they add to the password. It is best to voluntarily restrict oneself to characters that are easily remembered and make up the entropy per character with a few extra characters.
.
It's especially important if you write your passwords down. Special characters are ambiguous:
" ''
` '
| l
,
: ;
Fail fail. Mixed case and numbers:
62^17 = 2.95568891 × 10^30
Single case and numbers:
36^20 = 1.33674945 × 10^31
Password strength is polynomial on the character set and exponential on the length.
I'm in love with them too. Tabs allow me to have 4 Firefox windows in my task bar instead of 105.
sudo apt-get install chromium-browser
But only 36 of them are useful for passwords.
I don't use that shift key anyway. It's a lot easier to remember a slightly longer password than a mixed case one.
The time required to find a random key is, on average, the time required to test half the key space. The average time to break an encryption scheme by brute force given by:
T(n,k) = (1/2)*(n*H)*(c^k)
where:
H is the time to compute the has function once.
n is the number of recursions of the hash function.
c is the character set used for the password.
k is the length of the password.
Because legitimate users only have to test one or two passwords, n can be very large without adversely impacting legitimate users. Obviously, the better solution is to start with a Diffie-Hellman key exchange and verify the identities of the client and access point with certificates distributed out of band (USB, printed dotcodes, etc.).
For the record, hashing is used in WPA-PSK to de-correlate the password and the key and to mitigate the problem of frequently used passwords. The password is salted with the SSID then passed through SHA1-256 4096 times. This means that if your SSID isn't one of the the top 1000 for which a pre-computed rainbow table exists, the attacker has to do it themselves. The hashing, therefore, slows down dictionary attack by a factor of 4096. Of course, if you actually use randomly generated passwords (few do), this is only the equivalent of about 2 extra characters.
I suspect that the the GPGPU speed improvement mainly occurs in calculating the hash. If the hash were fast, the bottleneck would be reading the word list from disk. People cracking WPA on GPUs
Do your kids wake up at 4 in the morning? If so, why?
Nice thumbnail. Here's a better one.[NSFW]
Personally, I think 60s and 70s porn is inferior to modern and older material.[NSFW]
Meh. Cheesy American porn noises are no better,
If they are designed assuming an intended polarity, reversing the polarity would cause the cathode (now operating as the anode) to dissolve into an oxide sludge. Hydrogen would be produced at the anode (now operating as the cathode), but that happens in normal operation anyway and ventilated enclosures are used with that in mind.
Oh, and never use the term 'Brown's gas' in respectable discourse again.
Pools are treated with chlorine to prevent the growth of bacteria and algae. This is done either by dissolving sodium hypochlorite in the water or by dissolving salt (NaCl) and producing the chlorine in situ by electrolysis. Either practice makes the water sufficiently conductive to carry lethal currents.
So, let me get this straight... You think private insurance companies will take out loans to keep their customers alive for an extra two months at $20000/day?
HAHAHAHAHAHAHA!
The moral of this story is that you, sir, are a dick.
Just firewall off whatever devices shouldn't be globally reachable.
Or, even--say it ain't so--female.
Hahaha! TES without mods? Are you serious?
120 millibits per second. Impressive.
Of course, we're not there yet. The recent Paypal debacle (cutting of Wikileaks) stresses the fact that private micro-payment services aren't yet trustworthy. They should be common carriers -- like the ISPs -- and only freeze assets upon an order issued by a court of the artist's country.
Why even then? Why not use a decentralized payment system, such as bitcoin or the like?
All laws are inherently pro-attorney.
No, that's step 9. Step 8 is ???.
You quoted the joke and followed it with a three letter abbreviated platitude. You are modded +5, and the original joke is at +4. The moderation system has failed.
Suspend to disk defeats the purpose of suspend in many use cases. Point in fact: it's ass-slow. A suspended laptop is pretty close to instant-on. Also, a laptop that is writing its memory to disk can't be thrown in the backpack until the disk shuts off without risking a head crash.
I always swapped shift and capslock, because I didn't like having to check the state of capslock every time I exited the game. Using capslock for anything is a very poor design decision.
But the address does have to be stored somewhere. Unless that somewhere is on hardware write-protected media, keeping the key on a remote server does not protect from an adversary with root privileges.
In fact, this is a solution you can implement yourself, right now! Download portable Firefox. Configure as desired. Disable disk caching. Burn to DVD.
Even that isn't perfect. A determined, knowledgeable, and well-funded adversary could copy the contents of the DVD to a local directory, make any changes they desired, and mount that directory at the usual mount point of your DVD drive (or replace the DVD drive with a symlink).
I don't think you fully comprehend the implications of executing untrusted code with root privileges. Mozilla could make it so hard to install plugins without user permission that any company doing so would forfeit legitimacy. Mozilla could--finances permitting--instigate a war of attrition with malware authors. Microsoft, however, could solve the problem in one fell swoop if they would just get their shit together.