Slashdot Mirror


User: Spy+der+Mann

Spy+der+Mann's activity in the archive.

Stories
0
Comments
5,101
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,101

  1. CHAP on Password Security Panned · · Score: 1

    Good password (or passphrase) + salt + Good hash algorithm = good authentication system + public key encryption at login = even better.

    You could very well try bruteforce attacks, but if the authentication is based on a salt, then you'd have to eavesdrop the conversation, and THEN reverse-engineer the hash algorithm or try a fully brute force attack to find out someone's password.

    Try encryptedPW = hash(hash(hash(salt)+hash(hash(PW))))

    If you're dealing with a strong hash (like SHA1, or even better, SHA256), specially when the hash is applied twice (no collision-cracking possible) the only way to crack this is with a brute-force attack. The salt gets rid of the possibility of "replay attacks", and bruteforcing will take much longer.

    Of course, changing the password often (like every 4 or 6 months) is precisely suggested so that bruteforce or dictionary attacks (which are possible with a limited password length) won't have an effect.

    Security can also be increased by making all logins use public-key encryption (SSL). This way, eavesdroppers can't sniff passwords (hashed or not) so the possibility for a bruteforce/dictionary attack is practically zero (we're assumming a limited number of logins per salt). How can you bruteforce something which you don't know?

    If ATM's don't rely on salting and having a limited number of retries per card insertion, then they're flawed.

    So what's wrong with having passwords and making people change them? Obviously you should let people choose their own passwords, so they can remember them. And allow them to reset their passwords if they ever forget them.

    Trying to separate the password protection from the authentication system, is simply ridiculous.

  2. Re:1-2-3-4-5 on Password Security Panned · · Score: 1

    how about
    0n37w07hr33f4urf1v3?

    Darn. Still two obvious.

  3. ARGH error on 4th verse on Climbing up the Search Ladder · · Score: 1

    It should read:

    "Rather than just cheat
    (does the first one always win?)
    On the google race."

  4. Only one first page, but.. on Climbing up the Search Ladder · · Score: 1

    (Haiku form)

    There is only one
    page which gets found as the first
    On the search engine.

    However I ask:
    How many search terms can be
    As typed by users?

    S-E-O's should do:
    Think more about their users
    And target their pages

    Rather than just cheat
    (does the first one always win?)
    On the stupid google race.

    Get to work, you dumbs
    free market will always have
    many companies.

    I would like to thank
    The DeCSS Haiku
    for inspiring me.

    Yes, I'm a stupid
    for posting this in haiku
    (well, it's my first try)

    Don't mod this funny
    But insightful, or even
    as interesting.

  5. Re:Will I have to buy all my son's movies again? on Who Owns Weblog Content? · · Score: 1

    That's what happens when you open various news on different windows / tabs. You end up posting on the wrong thread :-P

  6. Re:Use a pseudonym, stupid on Who Owns Weblog Content? · · Score: 1

    What about those who post pics?

    This reminds me. Is it that people have become more rebel towards their companies, or this whole business-blog has only brought to light a serious problem inside all companies?

    Like they've become dehumanizing?

    Companies are supposed to do a service or sell goods for the country - in exchange for money. If their employees are treated badly, doesn't this mean that we're going back regarding workers rights?

    Aside from that, companies need to make explicit rules regarding blogging.

  7. Re:This shows the truth..... on EU Software Patents Dead Again · · Score: 1

    And don't forget that in the EU, SPAM is now illegal :)

    Two thumbs up for the EU! :D

  8. Coming soon! on EU Software Patents Dead Again · · Score: 1

    Evil Dead 4: The return of the Living Patents.

    *BANG!* "This... is my GNUstick!"

  9. Protein contents? on Sushi Prepared on a Printer · · Score: 1

    I'd like some "Nutrition Facts" sheet in^H^H along with that thing... at least with traditional sushi (salmon) I knew it had some protein. I'm not gonna swallow lots of rice and edible paper just to get fat.

  10. People still use their existing PDAs... on PDA Sales Fall for Third Year in Row · · Score: 1

    why should they buy new ones?

    people don't need Moore's Laws regarding simple tasks as jotting down an address or write down the to-do list for the day... heck, my dad did that with his PC-XT 20 years ago.

    If PDA makers are so worried, well then stop producing so many, like it's too hard?

  11. Great. on New Spam Zombies Use ISPs' Mailservers · · Score: 1

    now Bill Gates is gonna blame the Windows pirates for being vulnerable! >:(

  12. Just wait... on MP3tunes Offers Music Service Without DRM · · Score: 1

    until someone sues this guy for NOT implementing DRM on his download site.

    3... 2... 1...

  13. A PHP developer's review on Build a Database Driven Site -- Quick · · Score: 1

    Let's get things straight. This book is for newbies or for those who want a quicksearch reference. After all, what non-newbies title doesn't include "build your own"? (For more advanced users, I recommend the PHP Anthology which deals with more complicated stuff, like FTP, thumbnail generation, search engine friendly urls, etc.)

    I began programming in PHP+MySQL around 2 years ago, and this book practically taught me everything.

    The book had a nifty section on administrating your MySQL database (specially useful when you forget your password :-P ). But the part that has helped me the most is the reference (Appendices).

    Appendix A: MySQL syntax (with all the optional parameters)
    Appendix B: MySQL functions. For example, what command do we use to search a substring in mysql? Quick search Appendix B... there! LOCATE.
    Appendix C: MySQL column types. I don't use MySQL commands often, except when I add a module to my PHP framework (programmed by myself). so when I want to know how to specify a certain type, it's all there.
    And finally, Appendix D: PHP functions for working with MySQL.

    When you have read this book and have it in your office drawer, flipping thru some paper pages is definitely much faster (at least for me) than typing the search terms on the keyboard. So I recommend it to anyone wanting to learn PHP and MySQL. And to anyone who wants a reference handy :)

    (off-topic Grammar Nazi hint: It's "waste", not "waist". Waist is what you get when you waste too much money on junk food)

  14. McDonalds... on Build a Database Driven Site -- Quick · · Score: 1

    And contrarily to popular opinion, Microsoft is not McDonalds ;-)

    Well they DO fit the "Supersize me" theme :)

  15. Re:XHTML Strict my Arse on MSN Search - From A UI Perspective · · Score: 0

    I did RTFA, where do you think I got the link from? :P

    My point is that this error isn't a malformed CSS, or a deprecated HTML 4 attribute. But a *NEW* proprietary attribute that doesn't belong there in the first place.

    Just to inform you, I posted a comment in the designer's log.

  16. Addendum: Usability on MSN Search - From A UI Perspective · · Score: 0

    Tried the search page.

    Results *seem* xhtml strict (didn't validate tho), but something awful:

    It renders wrong in Firefox. The pulldown menu overflows the border (font too big), i have to press ctrl - twice to fix it.

    Also, the "next" button is on the rightmost corner of the webpage. I have to scroll sideways (unless i'm running my browser in fullscreen) and the results are in an incredibly huge font.

    I guess the designers should have tried other configurations before releasing the thing. Oh well.

  17. XHTML Strict my Arse on MSN Search - From A UI Perspective · · Score: 3, Informative
    From the validator webpage:

    Line 6, column 998: there is no attribute "VCARD_NAME" ...ze="20" value="" name="q" VCARD_NAME="SearchText" />


    It may be WELL-FORMED XHTML, but it introduces a proprietary attribute (so... Microsoft).

    Respect for web standards... yeah right. IMO they just did an optimization of their design... and certainly they did NOT have in mind any consideration for web standards. They nerver had.
  18. In Mexico on Cellphone Drivers Drive Like Drunks · · Score: 1

    using your cellphone while driving is forbidden and punishable by law.

    Well, at least in theory :(

  19. Beat you on Torvalds Joins Anti-Patent Attack · · Score: 1

    I got the patent #1,234,566: "Stating a public complaint in a public forum about speaking against software patents in a public forum".

    You owe me $234,230.95. Pay now, or I'll call my lawyers.

  20. But it ALREADY has! on Secret Kazaa Documents Revealed in Court · · Score: 1

    Who today uses Kazaa for file transfers, as opposed to Shareaza? Kazaa is infested with fake files (as I've been told... *whistles innocently*), viruses, leechers who don't share a thing, etc etc.

    Shareaza, on the other hand...

  21. Re:Sounds like the name of some local prog... on HP's Crossbar Latch... Next-Gen Transistor? · · Score: 1

    How about "Heisenberg and the Quantums".

    Now all we need is some singer called Heisenberg. *grabs white pages*
    Aa...

  22. It wasn't aliens, you fool... on HP's Crossbar Latch... Next-Gen Transistor? · · Score: 1

    It was THEM. Oh, no, they're here!! *ZAP* ARGHHHHHH

  23. Re:Yes, however... on U.S. Army Guide to Code Breaking · · Score: 1

    You have the worst pig latin abilities I have ever seen.

    Oh you think it's piglatin? B-)

    Then you haven't decyphered it yet, muahahaha!

  24. Re:Idea on Can-Spam Increased Spam · · Score: 1

    The courts have already ruled that the sending of spam itself is protected by free speech, so long as you do not falsely advertise or advertise that you will provide something that is already illegal.

    But they're STEALING RESOURCES to do so. It would be as if some vandals took over CBS and started selling their own viagra and stuff. SPAM is illegitimate not because it advertises, but because it uses YOUR RESOURCES to do so. Your bandwidth, your servers, etc.

    Free spech has nothing to do with this.

    >2) Make it illegal to have ANY financial relationship, direct or indirect, with spammers no matter their origin.
    Doesn't that go against the basics of a free market system? What would be the grounds for doing this?


    If you're earning money from ILLEGAL ACTIVITIES (which is assured by item 1), then you're a criminal. Period.

    I'm suggesting this because the European Union ALREADY ruled any kind of unsolicited advertising, illegal. It's the E-Privacy Directive Proposal.

    If it was done, it can be done.

    (OK i admit it, maybe I have some technical flaws. But just contact the EuroCAUCE guys. They obviously know what they're doing).

  25. Idea on Can-Spam Increased Spam · · Score: 1

    1) Make it illegal to send SPAM from the US.
    2) Make it illegal to have ANY financial relationship, direct or indirect, with spammers no matter their origin.
    3) Make all earnings coming from products sold thru SPAM, illegal. People will have then to do moneylaundring, which is illegal, too! :)

    Even when spammers use foreign ISPs, many reside in the U.S. With my proposals 2) and 3), you're forcing them to MOVE OUT.