When you use one of the fake ID and passwords to try to log in. That will set off an alarm in the system that someone has stolen the database. Think about it - it's really quite clever.
Sure you can go around Windows' back and directly change the password hash, but the data is still effectively encrypted with the old password, so yeah, it's gone.
On Windows, Chrome protects its password database with Windows' Data Protection API. The DPAPI has several layers, but at the end its security rests entirely on the Windows account password. So.... you do have a master password in a way, but we all know how easy it is to recover Windows passwords.
Wait guys. Someone named "Samantha" just made an awesome SQL + Nethack joke and no one here has proposed to her yet. What the hell is Slashdot coming to?
Why are we even signing things anymore, when a digital signature would be a lot more secure and convenient?
Reality check: Could your mom digitally sign something today? Didn't think so. And why not? Because digital signatures are in reality neither secure nor convenient. They require a fully functioning PKI, which is hardly convenient. Seriously, has anyone ever actually created a functioning PKI that is actually secure and/or used in the real world? The closest thing would be the SSL infrastructure and the recent CA compromises show how secure that is. I know of what I speak: I used to work for an actual licensed CA.
Oh. My. God. If you do not know the difference between a hash algorithm and a cipher algorithm, then STEP AWAY FROM THE SECURITY! DIY crypto is a good idea like DIY brain surgery is. Rolling your own crypto system is like rolling your own mercenary army. It feels really awesome and at first it's all running around in the woods with your camo and guns and FUCK YEAH WE RULE. But then you meet reality and it's all OMFG WE GOT PWNED. and ALSO WE'RE DEAD
I'm not saying the research is worthless, but their techniques are easily defeated. It would be simple to write a program that would iteratively "fuzz" your message with typos, lowercase/uppercase toggling, etc. and check the result against their algorithm until the message could no longer be tied to you. I'm sure someone could do it in 10 lines of Perl, or less.
The machine was rather difficult to operate. For years radios had been operated by means of pressing buttons and turning dials; then as the technology became more sophisticated the controls were made touch-sensitive--you merely had to brush the panels with your fingers; now all you had to do was wave your hand in the general direction of the components and hope. It saved a lot of muscular expenditure, of course, but meant that you had to sit infuriatingly still if you wanted to keep listening to the same program.
Even one time pads are susceptible to brute force attacks.
Nope, absolutely incorrect. That's what makes one-time pads different. When the key length is the same as the plaintext length, it is possible have perfect security. Look up unicity distance.
If the original was normal human readable text it becomes immediately obvious when your brute force succeeds and a subsequent dictionary comparison of each word yields a hit.
But your brute force attack will yield every single possible plaintext (with the same length as the original plaintext). Which is the real one?
For example, if the ciphertext is BWIJAA, your brute force attack will get ATTACK for one key, and GOHOME for another. (And every other 6 character string.)
The human brain is composed of one hundred billion or so neurons. Looks like it's pretty much finite to me. I have ten times as many bytes of information in my hard disk.
But a neuron is worth a lot more than a byte - it's more like a node. At least mine are - don't know about yours.
I've also read postulations that glaciers were not caused by 'ice ages' per se, so much as they were the remains of the north pole ice cap after a shift.
Umm... Are you aware that the reason it's cold at the poles has nothing to do with the earth's magnetic field, but rather the weaker intensity of sunlight at high latitudes? Were you sick on that day in third grade?
It's a particularly interesting topic if you look at the archaeological records of our past; specifically, the polar relation/geographic locations of Egyptian, Mayan, and other ancient peoples' religious/whatever sites. They seem to predict a pole shift, or at least make subtle suggestion to one occurring in the past.
The last geomagnetic reversal took place 780,000 years ago. So, bzzt, no.
Wrong. Dead wrong. Reason 1: Rainbow tables only work when the cryptosystem doesn't use salt (or uses it incorrectly). These days everyone uses salt. It's not a big secret. Reason 2: Even if salt wasn't used, Rainbow tables aren't feasible against long passwords. Rainbow tables are essentially just saving the results of one attack and using them on subsequent attacks. If the password in question is long enough, even the "one attack" (table precomputations) will never get to that password.
So, educate yourself. Rainbows tables are not some kind of magic crypto attack. They are very limited in scope. These days pretty much all they're good for is Windows passwords and old 40-bit MS Office documents. Definitely not PGP.
Slashdot Mirror
When you use one of the fake ID and passwords to try to log in. That will set off an alarm in the system that someone has stolen the database. Think about it - it's really quite clever.
Luke Skywalker.
Sure you can go around Windows' back and directly change the password hash, but the data is still effectively encrypted with the old password, so yeah, it's gone.
On Windows, Chrome protects its password database with Windows' Data Protection API. The DPAPI has several layers, but at the end its security rests entirely on the Windows account password. So .... you do have a master password in a way, but we all know how easy it is to recover Windows passwords.
Maybe they shouldn't have named it first? I bet it's harder to vaporize a rock after it like has an identity and stuff.
And I hate them both! I have tried to make use of the CVS pharmacy automated refill system
You should try the SVN or HG systems instead.
Wait guys. Someone named "Samantha" just made an awesome SQL + Nethack joke and no one here has proposed to her yet. What the hell is Slashdot coming to?
Samantha Wright, will you marry me?
Why are we even signing things anymore, when a digital signature would be a lot more secure and convenient?
Reality check: Could your mom digitally sign something today? Didn't think so.
And why not? Because digital signatures are in reality neither secure nor convenient. They require a fully functioning PKI, which is hardly convenient. Seriously, has anyone ever actually created a functioning PKI that is actually secure and/or used in the real world? The closest thing would be the SSL infrastructure and the recent CA compromises show how secure that is.
I know of what I speak: I used to work for an actual licensed CA.
Oh. My. God.
If you do not know the difference between a hash algorithm and a cipher algorithm, then STEP AWAY FROM THE SECURITY!
DIY crypto is a good idea like DIY brain surgery is.
Rolling your own crypto system is like rolling your own mercenary army. It feels really awesome and at first it's all running around in the woods with your camo and guns and FUCK YEAH WE RULE. But then you meet reality and it's all OMFG WE GOT PWNED. and ALSO WE'RE DEAD
PSN up, up again, then down, down. Then Left, right, left, right, B, A, start.
I'm not saying the research is worthless, but their techniques are easily defeated.
It would be simple to write a program that would iteratively "fuzz" your message with typos, lowercase/uppercase toggling, etc. and check the result against their algorithm until the message could no longer be tied to you.
I'm sure someone could do it in 10 lines of Perl, or less.
The machine was rather difficult to operate. For years radios had been operated by means of pressing buttons and turning dials; then as the technology became more sophisticated the controls were made touch-sensitive--you merely had to brush the panels with your fingers; now all you had to do was wave your hand in the general direction of the components and hope. It saved a lot of muscular expenditure, of course, but meant that you had to sit infuriatingly still if you wanted to keep listening to the same program.
Spoken like a true computer scientist: One more layer of indirection will solve everything.
What happens when an attacker has both factors in a two-factor situation is that security is breached.
Fuck everything, we're going to 5 factor security.
Yo dawg, I heard you like pointers so I put an array of pointers to pointers in your pointers so you can dereference while you're dereferencing.
Even one time pads are susceptible to brute force attacks.
Nope, absolutely incorrect. That's what makes one-time pads different. When the key length is the same as the plaintext length, it is possible have perfect security. Look up unicity distance.
If the original was normal human readable text it becomes immediately obvious when your brute force succeeds and a subsequent dictionary comparison of each word yields a hit.
But your brute force attack will yield every single possible plaintext (with the same length as the original plaintext). Which is the real one?
For example, if the ciphertext is BWIJAA, your brute force attack will get ATTACK for one key, and GOHOME for another. (And every other 6 character string.)
The human brain is composed of one hundred billion or so neurons. Looks like it's pretty much finite to me. I have ten times as many bytes of information in my hard disk.
But a neuron is worth a lot more than a byte - it's more like a node. At least mine are - don't know about yours.
(But point taken about "infinite complexity".)
In other words, its a matter of communication.
You forgot the apostrophe there, chief. Don't make me sick Bob on you. Oh, too late: http://www.angryflower.com/bobsqu.gif
I had to try hard to avoid saying "I don't cheat so I have to actually understand the material to pass the classes."
Maybe this is a stupid question, but why didn't you just go ahead and say it?
Everybody's hot and bothered about the HOW, begging the question of the LEGITIMACY of taxes in the first place.
So how's anarchy working out for you?
Artificial scarcity doesn't work. Period.
I don't know ... seems to work pretty well for the diamond industry.
I've also read postulations that glaciers were not caused by 'ice ages' per se, so much as they were the remains of the north pole ice cap after a shift.
Umm ... Are you aware that the reason it's cold at the poles has nothing to do with the earth's magnetic field, but rather the weaker intensity of sunlight at high latitudes? Were you sick on that day in third grade?
It's a particularly interesting topic if you look at the archaeological records of our past; specifically, the polar relation/geographic locations of Egyptian, Mayan, and other ancient peoples' religious/whatever sites. They seem to predict a pole shift, or at least make subtle suggestion to one occurring in the past.
The last geomagnetic reversal took place 780,000 years ago. So, bzzt, no.
Please turn in your geek card on the way out.
A sticker when placed will be a nice breading gown for bacteria.
I'm trying to picture what a "breading gown" is. I guess some kind of smock or dress that you wear while dipping food in batter before frying it.
I don't know what bacteria would be doing with them though.
Wrong. Dead wrong.
Reason 1: Rainbow tables only work when the cryptosystem doesn't use salt (or uses it incorrectly). These days everyone uses salt. It's not a big secret.
Reason 2: Even if salt wasn't used, Rainbow tables aren't feasible against long passwords. Rainbow tables are essentially just saving the results of one attack and using them on subsequent attacks. If the password in question is long enough, even the "one attack" (table precomputations) will never get to that password.
So, educate yourself. Rainbows tables are not some kind of magic crypto attack. They are very limited in scope. These days pretty much all they're good for is Windows passwords and old 40-bit MS Office documents. Definitely not PGP.
Before you give it a good spanking.
I'd have thought that would be counterproductive ...