Naturally, it will be a slow transition, considering most IT departments are not too comfortable with the idea of switching all of their computer network to a Linux-based one (and with good reason).
Good IT departments are not too comfortable with the idea of switching all of their computer network to a Windows-based one (and with good reason).
As you can see, they're not really safer than self-signed certs. To me browsers should do that SSH thing and warn you if the cert has changed (whether it's self-signed or CA signed).
But you haven't solved the initial authentication process. Blindly typing 'yes' to the SSH key fingerprint the first time you connect is just as bad as blindly clicking through self-signed certificate warnings.
You need a trusted medium for authentication -- bundling CA certificates is one approach to bootstrapping that process. (Granted, this requires that people authenticate the browsers they download...)
This would make swapping (and temp stuff) extremely fast to access, and more importantly, it would eliminate the need to encrypt your swap and/or temp partitions, as the data would simply disappear when power is removed. So when the agents (including Agent Smith) come to bust down your door, all you do is pull the plug and voila! Your secrets are safe.:-)
Wrong.
A simple cold boot attack can dump your memory contents, mostly intact. DRAM bits don't fade as quickly as you think.
Is there any reason to not use SSL every time one sends a password?
Firefox 3, and I think other newer browsers, lie to people by strongly implying that HTTPS with self-signed certificates is far more dangerous than bare unencrypted HTTP.
Actually, they imply that blindly clicking through SSL certificate warnings is foolish. And it is -- users engaging in such behavior *will* be owned by man-in-the-middle. At least Firefox 3 encourages people to permanently store their certificate exceptions, ensuring that the fingerprint verification process fails during a man-in-the-middle attack. But if they blindly click through that too...
At my job we use our own CA to sign all of our internal certificates (i.e. only seen by employees). Managed workstations are deployed trusting the CA certificate. It is also made available using a VeriSign-signed certificate for employees to download from home.
Slashdot Mirror
Naturally, it will be a slow transition, considering most IT departments are not too comfortable with the idea of switching all of their computer network to a Linux-based one (and with good reason).
Good IT departments are not too comfortable with the idea of switching all of their computer network to a Windows-based one (and with good reason).
As you can see, they're not really safer than self-signed certs. To me browsers should do that SSH thing and warn you if the cert has changed (whether it's self-signed or CA signed).
But you haven't solved the initial authentication process. Blindly typing 'yes' to the SSH key fingerprint the first time you connect is just as bad as blindly clicking through self-signed certificate warnings.
You need a trusted medium for authentication -- bundling CA certificates is one approach to bootstrapping that process. (Granted, this requires that people authenticate the browsers they download...)
This would make swapping (and temp stuff) extremely fast to access, and more importantly, it would eliminate the need to encrypt your swap and/or temp partitions, as the data would simply disappear when power is removed. So when the agents (including Agent Smith) come to bust down your door, all you do is pull the plug and voila! Your secrets are safe. :-)
Wrong.
A simple cold boot attack can dump your memory contents, mostly intact. DRAM bits don't fade as quickly as you think.
This Account Has Been Suspended
Another one bites the dust.
I call shenanigans. Current standard solar cells are more than 0.2% efficient, so a 500x improvement would capture more energy than the sun puts out.
While this could certainly improve the energy budget, it has the minor problem that it violates the laws of physics.
Well, only if you define efficiency as the ratio of output to input energy. TFA may not have been written by a scientist.
In standard English, efficiency is a broad term. Perhaps they are referring to the amount of light absorbed per unit volume.
Is there any reason to not use SSL every time one sends a password?
Firefox 3, and I think other newer browsers, lie to people by strongly implying that HTTPS with self-signed certificates is far more dangerous than bare unencrypted HTTP.
Actually, they imply that blindly clicking through SSL certificate warnings is foolish. And it is -- users engaging in such behavior *will* be owned by man-in-the-middle. At least Firefox 3 encourages people to permanently store their certificate exceptions, ensuring that the fingerprint verification process fails during a man-in-the-middle attack. But if they blindly click through that too...
At my job we use our own CA to sign all of our internal certificates (i.e. only seen by employees). Managed workstations are deployed trusting the CA certificate. It is also made available using a VeriSign-signed certificate for employees to download from home.