And by doing that he is now associated with those people, who have no concern for "correctness" in their usage of the service. He is now exposed and becomes a part of the tangle. Or something.
Oops, typo. The number '72' came from A-Z, a-z, 0-9, and the punctuation above 0-9. If you count the other punctuation on a standard keyboard the number goes up to 94, and depending on the app you might be able to use things like é and ñ which would really raise the character count.
That's all great and wonderful, but the reality is that the set of people (a very large set I might add) who use passwords that are <= 6 characters tend to stick with [A-Za-z0-9] as their character-space.
While I concurred with your point somewhere else in this discussion (regarding the usage of salt), I wonder if there is any possibility that an attacker, having a sufficiently large corpus of your stored hashes, would be able to extrapolate what salt your application is using.
Yes, it would, but there is a slight problem when the actual values of "sufficiently large" is something along the lines of "...big. Really big. You just won't believe how vastly, hugely, mindbogglingly big it is. I mean, you may think it's a long way down the road to the chemist's, but that's just peanuts..."
Is it somehow more illegal to trespass someone's house if they have 5 locks on their door vs only one? Why should it be more or less illegal to do something based on how difficult it is?
It's not that it is more or less illegal, but rather a higher difficulty sure reflects intent better. Intent, when proven, can have quite an impact on judgements in a legal case.
I wanted to go all philosophical on you with "Technically, we'll always live in the present...", but I'm afraid that I'd get my a** handed to me if I start with this.:(
Today is the tomorrow you worried about yesterday?
There aren't hovercars but we're almost living in the future.
I want to live in the future. Every night I go to sleep thinking, "tomorrow is the future, and so when I wake up I'll be living there!" But then I wake up and damned if it isn't just "today" again, and the future is yet again 1 day away:(
That's what I was thinking -- 22.4% is a huge number.
But then I recalled that the most popular searches have to do with pr0n. Perhaps those sites are the malware havens which are poisoning the seo poisoning statistics?
And when I press the buttons, nothing happens, ever. I still have to wait, thus I do not feel better. In fact the lack of a decreased waiting time is the opposite of an improvement. After enough of these annoyances I begin to get frustrated, complain about it, and distrust the systems.
At least when you hit something with a hammer you know something happened.
Are you sure? Haven't you ever hit a nail and not been able to tell if the nail sank any deeper?
Placebo nails. I've struck many.
I'm sure. Because those jokers that thought it would be funny to not sink eventually gave up after a few more good whacks and then went in.
The nuttin-buttons however, are very strong willed. You can keep pressing them 100s of times and they will continue to resist your pathetic desires to cross streets and/or close doors.
And a less common, but better approach is to not simply trust the session ID supplied by the client as the sole method of post-login identification.
For example, you could log the client IP address at session creation, and then re-verify with each request to detect a hijacker. Not completely foolproof (IP spoofing, man in middle, etc.), but a lot better nonetheless.
Yeah, the goal was easy disassembly for less effort by the recyclers. But a side effect of easy disassembly is easier repairs/upgrades, which in turn means reuse of the case. An unintended benefit, oops! That's what really should have been the goal.
anti-go-green-mentality rant:
Everyone is so gung-ho about recycling that they seemed to always forget that it is the third best option in the save-the-planet efforts... 1. Reduce -- If you don't use something in the first place, you avoid creating waste 2. Re-use -- If you use something again, you avoid creating waste 3. Recycle -- If you recycle, there is just a bit less waste
Personally I've re-used the same Antec tower case over and over again through many generations of major hardware upgrades in my home computer for over 10 years now. Whoa, look at me, I'm green! No I'm not, I'm just not stupid.
/rant
Of course, for this to really become a useful re-use option, there would have to be some kind of form-factor standards for notebooks similar to the AT, ATX, et. al. we have on the desktop world. Given the current state of notebook design variations, this will be quite a barrier.
Slashdot Mirror
Either you are passive agressively agreeing that I pointed out a flaw in your "other buddy's" plan, or you totally missed my point.
While he may not be directly identifiable by the information he volunteers, he is identifiable enough by what little & with whom he does communicates.
He doesn't want to be "a part of the system" yet he wants the "benefits" of the system. Can't have your cake and eat it to, because the cake is a lie.
I, for one, welcome our sudoku-solving underlords.
And by doing that he is now associated with those people, who have no concern for "correctness" in their usage of the service. He is now exposed and becomes a part of the tangle. Or something.
My other buddy did facebook correctly. He used part of his real last name for his first name, made up a fictional last name, and posts nothing.
How is that the "correct" way to use it? What benefit does he get out of having that bogus account that sits idle?
To me, the correct usage is complete non-usage -- as in not even signing up.
Oops, typo. The number '72' came from A-Z, a-z, 0-9, and the punctuation above 0-9. If you count the other punctuation on a standard keyboard the number goes up to 94, and depending on the app you might be able to use things like é and ñ which would really raise the character count.
That's all great and wonderful, but the reality is that the set of people (a very large set I might add) who use passwords that are <= 6 characters tend to stick with [A-Za-z0-9] as their character-space.
While I concurred with your point somewhere else in this discussion (regarding the usage of salt), I wonder if there is any possibility that an attacker, having a sufficiently large corpus of your stored hashes, would be able to extrapolate what salt your application is using.
Yes, it would, but there is a slight problem when the actual values of "sufficiently large" is something along the lines of "...big. Really big. You just won't believe how vastly, hugely, mindbogglingly big it is. I mean, you may think it's a long way down the road to the chemist's, but that's just peanuts..."
It's not one password, it's a file full of password hashes.
So a file is "full" once it contains 14 hashes?
Damn, I need to get ready for a second password file, because mine is already at 12 entries!
Is it somehow more illegal to trespass someone's house if they have 5 locks on their door vs only one? Why should it be more or less illegal to do something based on how difficult it is?
It's not that it is more or less illegal, but rather a higher difficulty sure reflects intent better. Intent, when proven, can have quite an impact on judgements in a legal case.
Slashdot supports https for subscribers. Try it sometime.
$ wget -S 'https://slashdot.org/'
Connecting to slashdot.org|216.34.181.45|:443... connected.
HTTP request sent, awaiting response...
HTTP/1.1 302 Found
Location: http://slashdot.org/
(irrelevant headers suppressed)
Supporting HTTPS by redirecting to HTTP. LOL
I wanted to go all philosophical on you with "Technically, we'll always live in the present...", but I'm afraid that I'd get my a** handed to me if I start with this. :(
Today is the tomorrow you worried about yesterday?
There aren't hovercars but we're almost living in the future.
I want to live in the future. Every night I go to sleep thinking, "tomorrow is the future, and so when I wake up I'll be living there!" But then I wake up and damned if it isn't just "today" again, and the future is yet again 1 day away :(
That's what I was thinking -- 22.4% is a huge number.
But then I recalled that the most popular searches have to do with pr0n. Perhaps those sites are the malware havens which are poisoning the seo poisoning statistics?
fifty pages of forums filled with people who have no idea what their talking about
people who have no idea what their talking about
what their talking
their
Really? You're talking about academic research, yet blunder on one of the most basic lessons in grammar and spelling?
He probably consulted Google for the correct spelling/grammar, and it gave him the incorrect result ;)
Wait until you get into college for your CS degree and see what level your classmates are at. It's sad, really.
It was the same way for me over 10 years ago.
And when I press the buttons, nothing happens, ever. I still have to wait, thus I do not feel better. In fact the lack of a decreased waiting time is the opposite of an improvement. After enough of these annoyances I begin to get frustrated, complain about it, and distrust the systems.
How is that a placebo effect?
I wonder if it uses the Elevator sorting algorithm?
THANK YOU!!! I would have posted the exact same thing.
At least when you hit something with a hammer you know something happened.
Are you sure? Haven't you ever hit a nail and not been able to tell if the nail sank any deeper?
Placebo nails. I've struck many.
I'm sure. Because those jokers that thought it would be funny to not sink eventually gave up after a few more good whacks and then went in.
The nuttin-buttons however, are very strong willed. You can keep pressing them 100s of times and they will continue to resist your pathetic desires to cross streets and/or close doors.
Well according to Google's driving directions, you just need to put your car on a kayak, or even a jetski.
And a less common, but better approach is to not simply trust the session ID supplied by the client as the sole method of post-login identification.
For example, you could log the client IP address at session creation, and then re-verify with each request to detect a hijacker. Not completely foolproof (IP spoofing, man in middle, etc.), but a lot better nonetheless.
Depends on the implementation of the website. It could be that clicking "log out" only removes the cookie from your browser -> You are logged out.
If that's the implementation, then said site deserves to be taken advantage of (and the developer fired).
As for the poor unsuspecting users...well, sorry.
I'm willing to bet sessions for most websites can last indefinitely, at least until you change your password.
Yes, because they have infinite system resources to keep an unlimited number of indefinite sessions around.
No, sessions have expirations, some longer than others.
a mini-big bang? is that like Jumbo Shrimp?
If the jumbo shrimp are microscopic and served super-hot, yes. But if you eat them, you simultaneously get lead poisoning and vaporize.
I find that a sledge-o-matic(tm) works quite well. I'm sure I could automate that by attaching it to some hydraulics or something ;)
Yeah, the goal was easy disassembly for less effort by the recyclers. But a side effect of easy disassembly is easier repairs/upgrades, which in turn means reuse of the case. An unintended benefit, oops! That's what really should have been the goal.
anti-go-green-mentality rant:
Everyone is so gung-ho about recycling that they seemed to always forget that it is the third best option in the save-the-planet efforts...
1. Reduce -- If you don't use something in the first place, you avoid creating waste
2. Re-use -- If you use something again, you avoid creating waste
3. Recycle -- If you recycle, there is just a bit less waste
Personally I've re-used the same Antec tower case over and over again through many generations of major hardware upgrades in my home computer for over 10 years now. Whoa, look at me, I'm green! No I'm not, I'm just not stupid.
/rant
Of course, for this to really become a useful re-use option, there would have to be some kind of form-factor standards for notebooks similar to the AT, ATX, et. al. we have on the desktop world. Given the current state of notebook design variations, this will be quite a barrier.