Not that I agree with it, but it's not $50 per gigabyte. It's $50 for the first gigabyte. It's much less than $100 for 2, and much less than $200 for 4.
They're not the same operation at all. A rainbow table isn't just some precomputed lookup table. It enables you to do a reasonably space-efficient partial precomputation of hashes, giving you a factor of X speedup in reversing a hash.
Notably, the speedup a rainbow table provides is the same regardless of whether you're cracking one password or N.
The slowdown due to users having different salts is always a factor of K, where K is the number of users.
It is not really O(N) because searching K space may be cheap but it is not free
It's not free, but (a) an efficient implementation of searching the space K is constant-time and (b) every other password-cracking operation is so much cheaper than SHA-1 that they might as well be free. So yes, it's even technically O(N) since the K-space search is constant in K.
No, you said, "[s]alting only protects you from precom[p]uted "rainbow" brute force methods". I agreed that this was one thing that they protect you against, but it is not the only thing. I listed three things, one of which was rainbow tables.
The "factor of a million slowdown" is referring to the third item I listed. If you have a list of N possible passwords and K password hashes, the total cost of testing the passwords is O(N) for unsalted passwords and O(K * N) for salted passwords. This is because when you compute the hash for one of the passwords, you must use one of the salts. So, you have to compute K different hashes, one for each salt, whenever you test a single password. This is not the same as protecting you against rainbow tables, which are effective regardless of the number K.
Salting doesn't stop brute force crackers like JtR, it only stops attackers from using a rainbow table and/or discovering that two people have the same password.
Both of those latter things are significant risks. However, it also substantially slows down brute-force crackers when applied to large password lists.
If you apply a brute-force cracker to a list of, say, a million unsalted password hashes, then you need to only compute the hash of each potential password once and compare the result against all million hashes. With a reasonably good in-memory storage system for the hashes, nearly 100% of your time is spent computing hashes (and not in comparison or password generation). So, with unsalted passwords, cracking a million passwords is as fast as cracking one (but much more lucrative).
With salted passwords, you need to compute the hash of each potential password for each entry in the hash list (since they all, ostensibly, have different salts). So you need to compute a million hashes in order to check one possible password (for the whole list). That is a substantial slowdown. With salted passwords, you are essentially cracking every password in a list separately -- having a large list gives you zero speed benefits.
If a factor of a million slowdown doesn't seem like much, consider that many good password-based encryption system use key strengthening, where the password (and salt) are passed through many chained rounds of hashing. Roughly a million, on modern processors. The whole purpose of this is to slow down brute-force password cracking by increasing the cost of a guess. It's enough of a change that instead of being able to get through a very large keyspace in a reasonable time (with only one hash round), you're stuck only being able to crack very bad passwords (with a million hash rounds). That's a very significant difference.
Actually, it does a few things: * It makes rainbow tables ineffective. * It prevents identification and lookup of common passwords (e.g., by pasting the SHA-1 hash into Google) * It make cracking a list of N passwords a factor of N harder.
The last is fairly important for large database leaks. A single password is no harder to compute if you add salt, but if you're brute-force cracking against the entire password list (which is what you want to do), it's a factor of a million slower because you can't just compute the SHA-1 for a single test password and compare it against every entry in the database; you need to compute the SHA-1 for each (password, user) combination. That's a substantial slowdown, and cracking against a large leaked database is a much more common way of passwords being exposed than a concerned cracking effort against a single account.
I think everyone fails to keep this in perspective. This is LinkedIn, not your bank, not the government, nothing important.
That argument might hold water if salting user passwords was difficult, expensive, or not commonly-known best practice. (All of which really translate to "expensive" -- either in developer time or server resources.) Then you'd have a justification -- a low-security site is expending less effort on security. But it's not. It's simple, it's cheap, and anyone who is allowed to make a password database should already know that it needs to be done.
Journals are only so deep and, more importantly, only contain file metadata. You might, sometimes, be able to use them to determine that a file used to exist on a computer, but not what its contents were.
His wife divorced him because he was constantly solving calculus problems even while driving, and flew into violent rages (including choking her) when she interrupted him during it or while he was playing the drums.
His second wife. His first wife died of TB. His third marriage was happy and lasted until he died.
Buffer overflows are independent of whether you have fixed-length buffers and fixed data structures. You can have them with variable-length buffers as well.
The essential problem that causes a buffer overflow is that your language supports a data-copying (or data-writing) operation that either does not care about or must be explicitly told the amount of space available in the destination. This essentially means that you must have range-checking for all pointers.
Last I knew, Ada is both immune to buffer overflows and has been used to write device drivers.
Penalties are generally small and systematic. For moving violations (driving offenses), you often don't even get much protection in the way of trial by jury. You speed, you get a penalty. They're independent of the damage caused. Since they're easily and often incurred, they're relatively cheap.
Since they're systematic, they can be sorted out very early in the case. Damages are sure to come later (after someone is determined to be at fault). Damages in this cause are sure to be substantial.
It's certainly reasonable for someone to think, "this lawyer's advice is awfully illogical and almost evil." But the law is a regulated profession. How often is common sense really useful in law? We trust lawyers, enforced by regulation, to give their clients good legal advice because a client cannot be expected to differentiate between a good and a bad legal strategy. The same is true of doctors or any other licensed and regulated profession. You should be comfortable in trusting the advice of your lawyer; if your lawyer gives you bad advice, the onus is on them as a professional.
If you analysis model is, "Warren Buffett should be smarter than this," you should think harder about it. I'm not saying he never makes a mistake, but he's a pretty smart investor.
For example, an alternative model is, "Warren Buffett sees a solution to the problems of print media. First, he invests in underpriced, struggling print media organizations. Then, he comes out saying that their old model is bad business. Finally, he introduces a new, more profitable model."
Warren Buffett's no idiot. Everyone clearly knew, before he invested heavily in print media organizations, that print media's business model was failing badly. This resulting in those organizations being cheap to buy in to. Either he thinks that their business model is actually good, but temporarily was unappreciated, or he thinks that they will find a new business model from profiting from their expertise and market position.
The original constitution states "physical inventions".
What original constitution are you referring to?
Certainly the U.S. Constitution itself doesn't say "physical inventions": "To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries."
The 1790 Patent Act says: "any useful art, manufacture, engine, machine, or device, or any improvement thereon not before known or used".
In 1793, it was amended to say: "any new and useful art, machine, manufacture or composition of matter and any new and useful improvement on any art, machine, manufacture or composition of matter".
That language seems to carry to the modern-day implementation.
The second issue is math should not be patentable because they are laws of nature and not manmade.
Whether or not mathematics exists as a real thing independent of its conception by man is a matter of philosophy. Mathematical realists would agree with you, but others might not.
Regardless, not all mathematics is a "law of nature". Mathematics may be naturally-existing ("discovered" rather than "invented"), but in order to be a law of nature, some natural physical system's behavior must be described by the mathematical relationship. The RSA algorithm, for example, which is strictly mathematics (though patented) does not describe any natural system.
If you need to use the stored data, you need to be able to decrypt it. If an automated system needs to use the stored data, that means it needs to have programmatic access to the encryption key. Which means that an attacker can almost certainly get the encryption key. If they don't need to use the stored data, they probably shouldn't be storing it in the first place.
Encryption is only useful if you can exert better control over the encryption key than the encrypted data.
The oceans are also much deeper than a few millimeters. Total volume isn't really meaningful here.
One millimeter across the world's oceans is about 350 cubic kilometers. So if the contents of the Hoover Dam flowed to the ocean, they would (ostensibly) raise the sea level by ~0.1 mm.
Only if it's applied as a global screening. If the number of individuals tested is pared down substantially, a 10% false positive rate can be good enough.
If you live in the US, you can't get Season 2 through either iTunes or Amazon.
An iTunes season pass is how I watch Mad Men, and it's totally worth it. I'd love to be able to buy a Game of Thrones season pass on iTunes. (I'd be a little ticked that it's a two-week delay and SD, since the standard for most shows is a one-day delay and HD. But, that can be suffered through.)
I hope HBO is only making such poor decisions in the American market because of terrible contracts with cable companies. I hope they're profiting a lot off of those terrible contracts, because they are screwing themselves out of a large market by not having the show individually buyable for streaming.
I've been on slashdot for over a while now and this has got to be the blatantly sloppiest headline I have ever seen. If there has ever been a headline that has made the case for the need for a professional editor this has got to be it.
Everyone has a 100% of death, coffee drinker or not. For (insert diety's sake) would slashdot please hire at least one professional editor? How about an intern? I understand unemployment among college students is too high right now and interns are cheap!
I'm sure many of a college student would jump at a change to edit for a site like slashdot for an intern's salary. Seriously, an intern could do a better job, I've got them at my work place and they a little motivation goes a long way....
While there are terms more clear than "risk of death", I see two major problems with your criticism: 1. Many people have already made the exact same comment, but more clearly and succinctly. 2. The evidence suggests that Slashdot editors, while perhaps having some faults, should not take criticism from you on grammar and language clarity seriously.
Slashdot Mirror
It includes unlimited text and voice.
Not that I agree with it, but it's not $50 per gigabyte. It's $50 for the first gigabyte. It's much less than $100 for 2, and much less than $200 for 4.
They're not the same operation at all. A rainbow table isn't just some precomputed lookup table. It enables you to do a reasonably space-efficient partial precomputation of hashes, giving you a factor of X speedup in reversing a hash.
Notably, the speedup a rainbow table provides is the same regardless of whether you're cracking one password or N.
The slowdown due to users having different salts is always a factor of K, where K is the number of users.
It is not really O(N) because searching K space may be cheap but it is not free
It's not free, but (a) an efficient implementation of searching the space K is constant-time and (b) every other password-cracking operation is so much cheaper than SHA-1 that they might as well be free. So yes, it's even technically O(N) since the K-space search is constant in K.
I had already point this out myself.
No, you said, "[s]alting only protects you from precom[p]uted "rainbow" brute force methods". I agreed that this was one thing that they protect you against, but it is not the only thing. I listed three things, one of which was rainbow tables.
The "factor of a million slowdown" is referring to the third item I listed. If you have a list of N possible passwords and K password hashes, the total cost of testing the passwords is O(N) for unsalted passwords and O(K * N) for salted passwords. This is because when you compute the hash for one of the passwords, you must use one of the salts. So, you have to compute K different hashes, one for each salt, whenever you test a single password. This is not the same as protecting you against rainbow tables, which are effective regardless of the number K.
Salting doesn't stop brute force crackers like JtR, it only stops attackers from using a rainbow table and/or discovering that two people have the same password.
Both of those latter things are significant risks. However, it also substantially slows down brute-force crackers when applied to large password lists.
If you apply a brute-force cracker to a list of, say, a million unsalted password hashes, then you need to only compute the hash of each potential password once and compare the result against all million hashes. With a reasonably good in-memory storage system for the hashes, nearly 100% of your time is spent computing hashes (and not in comparison or password generation). So, with unsalted passwords, cracking a million passwords is as fast as cracking one (but much more lucrative).
With salted passwords, you need to compute the hash of each potential password for each entry in the hash list (since they all, ostensibly, have different salts). So you need to compute a million hashes in order to check one possible password (for the whole list). That is a substantial slowdown. With salted passwords, you are essentially cracking every password in a list separately -- having a large list gives you zero speed benefits.
If a factor of a million slowdown doesn't seem like much, consider that many good password-based encryption system use key strengthening, where the password (and salt) are passed through many chained rounds of hashing. Roughly a million, on modern processors. The whole purpose of this is to slow down brute-force password cracking by increasing the cost of a guess. It's enough of a change that instead of being able to get through a very large keyspace in a reasonable time (with only one hash round), you're stuck only being able to crack very bad passwords (with a million hash rounds). That's a very significant difference.
Actually, it does a few things:
* It makes rainbow tables ineffective.
* It prevents identification and lookup of common passwords (e.g., by pasting the SHA-1 hash into Google)
* It make cracking a list of N passwords a factor of N harder.
The last is fairly important for large database leaks. A single password is no harder to compute if you add salt, but if you're brute-force cracking against the entire password list (which is what you want to do), it's a factor of a million slower because you can't just compute the SHA-1 for a single test password and compare it against every entry in the database; you need to compute the SHA-1 for each (password, user) combination. That's a substantial slowdown, and cracking against a large leaked database is a much more common way of passwords being exposed than a concerned cracking effort against a single account.
I think everyone fails to keep this in perspective.
This is LinkedIn, not your bank, not the government, nothing important.
That argument might hold water if salting user passwords was difficult, expensive, or not commonly-known best practice. (All of which really translate to "expensive" -- either in developer time or server resources.) Then you'd have a justification -- a low-security site is expending less effort on security. But it's not. It's simple, it's cheap, and anyone who is allowed to make a password database should already know that it needs to be done.
Sure, so can copy-on-write filesystems and lots of other mechanisms.
Journals are only so deep and, more importantly, only contain file metadata. You might, sometimes, be able to use them to determine that a file used to exist on a computer, but not what its contents were.
His wife divorced him because he was constantly solving calculus problems even while driving, and flew into violent rages (including choking her) when she interrupted him during it or while he was playing the drums.
His second wife. His first wife died of TB. His third marriage was happy and lasted until he died.
We have string theory accepted as fact...
Only on television, that that's mostly Brian Greene's fault.
Buffer overflows are independent of whether you have fixed-length buffers and fixed data structures. You can have them with variable-length buffers as well.
The essential problem that causes a buffer overflow is that your language supports a data-copying (or data-writing) operation that either does not care about or must be explicitly told the amount of space available in the destination. This essentially means that you must have range-checking for all pointers.
Last I knew, Ada is both immune to buffer overflows and has been used to write device drivers.
You can VPN from China into Western servers. That's how people in China get around the Great Firewall.
Penalties are generally small and systematic. For moving violations (driving offenses), you often don't even get much protection in the way of trial by jury. You speed, you get a penalty. They're independent of the damage caused. Since they're easily and often incurred, they're relatively cheap.
Since they're systematic, they can be sorted out very early in the case. Damages are sure to come later (after someone is determined to be at fault). Damages in this cause are sure to be substantial.
It's certainly reasonable for someone to think, "this lawyer's advice is awfully illogical and almost evil." But the law is a regulated profession. How often is common sense really useful in law? We trust lawyers, enforced by regulation, to give their clients good legal advice because a client cannot be expected to differentiate between a good and a bad legal strategy. The same is true of doctors or any other licensed and regulated profession. You should be comfortable in trusting the advice of your lawyer; if your lawyer gives you bad advice, the onus is on them as a professional.
If you analysis model is, "Warren Buffett should be smarter than this," you should think harder about it. I'm not saying he never makes a mistake, but he's a pretty smart investor.
For example, an alternative model is, "Warren Buffett sees a solution to the problems of print media. First, he invests in underpriced, struggling print media organizations. Then, he comes out saying that their old model is bad business. Finally, he introduces a new, more profitable model."
Warren Buffett's no idiot. Everyone clearly knew, before he invested heavily in print media organizations, that print media's business model was failing badly. This resulting in those organizations being cheap to buy in to. Either he thinks that their business model is actually good, but temporarily was unappreciated, or he thinks that they will find a new business model from profiting from their expertise and market position.
The original constitution states "physical inventions".
What original constitution are you referring to?
Certainly the U.S. Constitution itself doesn't say "physical inventions": "To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries."
The 1790 Patent Act says: "any useful art, manufacture, engine, machine, or device, or any improvement thereon not before known or used".
In 1793, it was amended to say: "any new and useful art, machine, manufacture or composition of matter and any new and useful improvement on any art, machine, manufacture or composition of matter".
That language seems to carry to the modern-day implementation.
The second issue is math should not be patentable because they are laws of nature and not manmade.
Whether or not mathematics exists as a real thing independent of its conception by man is a matter of philosophy. Mathematical realists would agree with you, but others might not.
Regardless, not all mathematics is a "law of nature". Mathematics may be naturally-existing ("discovered" rather than "invented"), but in order to be a law of nature, some natural physical system's behavior must be described by the mathematical relationship. The RSA algorithm, for example, which is strictly mathematics (though patented) does not describe any natural system.
Encryption is not magic.
If you need to use the stored data, you need to be able to decrypt it. If an automated system needs to use the stored data, that means it needs to have programmatic access to the encryption key. Which means that an attacker can almost certainly get the encryption key. If they don't need to use the stored data, they probably shouldn't be storing it in the first place.
Encryption is only useful if you can exert better control over the encryption key than the encrypted data.
The oceans are also much deeper than a few millimeters. Total volume isn't really meaningful here.
One millimeter across the world's oceans is about 350 cubic kilometers. So if the contents of the Hoover Dam flowed to the ocean, they would (ostensibly) raise the sea level by ~0.1 mm.
Only if it's applied as a global screening. If the number of individuals tested is pared down substantially, a 10% false positive rate can be good enough.
In the US, iTunes is Season 1 only. It was only made available when the Season 1 DVDs came out.
If you live in the US, you can't get Season 2 through either iTunes or Amazon.
An iTunes season pass is how I watch Mad Men, and it's totally worth it. I'd love to be able to buy a Game of Thrones season pass on iTunes. (I'd be a little ticked that it's a two-week delay and SD, since the standard for most shows is a one-day delay and HD. But, that can be suffered through.)
I hope HBO is only making such poor decisions in the American market because of terrible contracts with cable companies. I hope they're profiting a lot off of those terrible contracts, because they are screwing themselves out of a large market by not having the show individually buyable for streaming.
No, you can buy episodes from last year's season on iTunes. Not this year's season.
It doesn't how much entropy per character it has. It only matters how much total entropy it has.
I've been on slashdot for over a while now and this has got to be the blatantly sloppiest headline I have ever seen. If there has ever been a headline that has made the case for the need for a professional editor this has got to be it.
Everyone has a 100% of death, coffee drinker or not. For (insert diety's sake) would slashdot please hire at least one professional editor? How about an intern? I understand unemployment among college students is too high right now and interns are cheap!
I'm sure many of a college student would jump at a change to edit for a site like slashdot for an intern's salary. Seriously, an intern could do a better job, I've got them at my work place and they a little motivation goes a long way....
While there are terms more clear than "risk of death", I see two major problems with your criticism:
1. Many people have already made the exact same comment, but more clearly and succinctly.
2. The evidence suggests that Slashdot editors, while perhaps having some faults, should not take criticism from you on grammar and language clarity seriously.