Good password (or passphrase) + salt + Good hash algorithm = good authentication system + public key encryption at login = even better.
You could very well try bruteforce attacks, but if the authentication is based on a salt, then you'd have to eavesdrop the conversation, and THEN reverse-engineer the hash algorithm or try a fully brute force attack to find out someone's password.
If you're dealing with a strong hash (like SHA1, or even better, SHA256), specially when the hash is applied twice (no collision-cracking possible) the only way to crack this is with a brute-force attack. The salt gets rid of the possibility of "replay attacks", and bruteforcing will take much longer.
Of course, changing the password often (like every 4 or 6 months) is precisely suggested so that bruteforce or dictionary attacks (which are possible with a limited password length) won't have an effect.
Security can also be increased by making all logins use public-key encryption (SSL). This way, eavesdroppers can't sniff passwords (hashed or not) so the possibility for a bruteforce/dictionary attack is practically zero (we're assumming a limited number of logins per salt). How can you bruteforce something which you don't know?
If ATM's don't rely on salting and having a limited number of retries per card insertion, then they're flawed.
So what's wrong with having passwords and making people change them? Obviously you should let people choose their own passwords, so they can remember them. And allow them to reset their passwords if they ever forget them.
Trying to separate the password protection from the authentication system, is simply ridiculous.
This reminds me. Is it that people have become more rebel towards their companies, or this whole business-blog has only brought to light a serious problem inside all companies?
Like they've become dehumanizing?
Companies are supposed to do a service or sell goods for the country - in exchange for money. If their employees are treated badly, doesn't this mean that we're going back regarding workers rights?
Aside from that, companies need to make explicit rules regarding blogging.
I'd like some "Nutrition Facts" sheet in^H^H along with that thing... at least with traditional sushi (salmon) I knew it had some protein. I'm not gonna swallow lots of rice and edible paper just to get fat.
people don't need Moore's Laws regarding simple tasks as jotting down an address or write down the to-do list for the day... heck, my dad did that with his PC-XT 20 years ago.
If PDA makers are so worried, well then stop producing so many, like it's too hard?
Let's get things straight. This book is for newbies or for those who want a quicksearch reference. After all, what non-newbies title doesn't include "build your own"? (For more advanced users, I recommend the PHP Anthology which deals with more complicated stuff, like FTP, thumbnail generation, search engine friendly urls, etc.)
I began programming in PHP+MySQL around 2 years ago, and this book practically taught me everything.
The book had a nifty section on administrating your MySQL database (specially useful when you forget your password:-P ). But the part that has helped me the most is the reference (Appendices).
Appendix A: MySQL syntax (with all the optional parameters) Appendix B: MySQL functions. For example, what command do we use to search a substring in mysql? Quick search Appendix B... there! LOCATE. Appendix C: MySQL column types. I don't use MySQL commands often, except when I add a module to my PHP framework (programmed by myself). so when I want to know how to specify a certain type, it's all there. And finally, Appendix D: PHP functions for working with MySQL.
When you have read this book and have it in your office drawer, flipping thru some paper pages is definitely much faster (at least for me) than typing the search terms on the keyboard. So I recommend it to anyone wanting to learn PHP and MySQL. And to anyone who wants a reference handy:)
(off-topic Grammar Nazi hint: It's "waste", not "waist". Waist is what you get when you waste too much money on junk food)
I did RTFA, where do you think I got the link from?:P
My point is that this error isn't a malformed CSS, or a deprecated HTML 4 attribute. But a *NEW* proprietary attribute that doesn't belong there in the first place.
Just to inform you, I posted a comment in the designer's log.
Results *seem* xhtml strict (didn't validate tho), but something awful:
It renders wrong in Firefox. The pulldown menu overflows the border (font too big), i have to press ctrl - twice to fix it.
Also, the "next" button is on the rightmost corner of the webpage. I have to scroll sideways (unless i'm running my browser in fullscreen) and the results are in an incredibly huge font.
I guess the designers should have tried other configurations before releasing the thing. Oh well.
Line 6, column 998: there is no attribute "VCARD_NAME"...ze="20" value="" name="q" VCARD_NAME="SearchText"/>
It may be WELL-FORMED XHTML, but it introduces a proprietary attribute (so... Microsoft).
Respect for web standards... yeah right. IMO they just did an optimization of their design... and certainly they did NOT have in mind any consideration for web standards. They nerver had.
Who today uses Kazaa for file transfers, as opposed to Shareaza? Kazaa is infested with fake files (as I've been told... *whistles innocently*), viruses, leechers who don't share a thing, etc etc.
The courts have already ruled that the sending of spam itself is protected by free speech, so long as you do not falsely advertise or advertise that you will provide something that is already illegal.
But they're STEALING RESOURCES to do so. It would be as if some vandals took over CBS and started selling their own viagra and stuff. SPAM is illegitimate not because it advertises, but because it uses YOUR RESOURCES to do so. Your bandwidth, your servers, etc.
Free spech has nothing to do with this.
>2) Make it illegal to have ANY financial relationship, direct or indirect, with spammers no matter their origin. Doesn't that go against the basics of a free market system? What would be the grounds for doing this?
If you're earning money from ILLEGAL ACTIVITIES (which is assured by item 1), then you're a criminal. Period.
I'm suggesting this because the European Union ALREADY ruled any kind of unsolicited advertising, illegal. It's the E-Privacy Directive Proposal.
If it was done, it can be done.
(OK i admit it, maybe I have some technical flaws. But just contact the EuroCAUCE guys. They obviously know what they're doing).
1) Make it illegal to send SPAM from the US. 2) Make it illegal to have ANY financial relationship, direct or indirect, with spammers no matter their origin. 3) Make all earnings coming from products sold thru SPAM, illegal. People will have then to do moneylaundring, which is illegal, too!:)
Even when spammers use foreign ISPs, many reside in the U.S. With my proposals 2) and 3), you're forcing them to MOVE OUT.
Good password (or passphrase) + salt + Good hash algorithm = good authentication system + public key encryption at login = even better.
You could very well try bruteforce attacks, but if the authentication is based on a salt, then you'd have to eavesdrop the conversation, and THEN reverse-engineer the hash algorithm or try a fully brute force attack to find out someone's password.
Try encryptedPW = hash(hash(hash(salt)+hash(hash(PW))))
If you're dealing with a strong hash (like SHA1, or even better, SHA256), specially when the hash is applied twice (no collision-cracking possible) the only way to crack this is with a brute-force attack. The salt gets rid of the possibility of "replay attacks", and bruteforcing will take much longer.
Of course, changing the password often (like every 4 or 6 months) is precisely suggested so that bruteforce or dictionary attacks (which are possible with a limited password length) won't have an effect.
Security can also be increased by making all logins use public-key encryption (SSL). This way, eavesdroppers can't sniff passwords (hashed or not) so the possibility for a bruteforce/dictionary attack is practically zero (we're assumming a limited number of logins per salt). How can you bruteforce something which you don't know?
If ATM's don't rely on salting and having a limited number of retries per card insertion, then they're flawed.
So what's wrong with having passwords and making people change them? Obviously you should let people choose their own passwords, so they can remember them. And allow them to reset their passwords if they ever forget them.
Trying to separate the password protection from the authentication system, is simply ridiculous.
how about
0n37w07hr33f4urf1v3?
Darn. Still two obvious.
It should read:
"Rather than just cheat
(does the first one always win?)
On the google race."
(Haiku form)
There is only one
page which gets found as the first
On the search engine.
However I ask:
How many search terms can be
As typed by users?
S-E-O's should do:
Think more about their users
And target their pages
Rather than just cheat
(does the first one always win?)
On the stupid google race.
Get to work, you dumbs
free market will always have
many companies.
I would like to thank
The DeCSS Haiku
for inspiring me.
Yes, I'm a stupid
for posting this in haiku
(well, it's my first try)
Don't mod this funny
But insightful, or even
as interesting.
That's what happens when you open various news on different windows / tabs. You end up posting on the wrong thread :-P
What about those who post pics?
This reminds me. Is it that people have become more rebel towards their companies, or this whole business-blog has only brought to light a serious problem inside all companies?
Like they've become dehumanizing?
Companies are supposed to do a service or sell goods for the country - in exchange for money. If their employees are treated badly, doesn't this mean that we're going back regarding workers rights?
Aside from that, companies need to make explicit rules regarding blogging.
And don't forget that in the EU, SPAM is now illegal :)
:D
Two thumbs up for the EU!
Evil Dead 4: The return of the Living Patents.
*BANG!* "This... is my GNUstick!"
I'd like some "Nutrition Facts" sheet in^H^H along with that thing... at least with traditional sushi (salmon) I knew it had some protein. I'm not gonna swallow lots of rice and edible paper just to get fat.
why should they buy new ones?
people don't need Moore's Laws regarding simple tasks as jotting down an address or write down the to-do list for the day... heck, my dad did that with his PC-XT 20 years ago.
If PDA makers are so worried, well then stop producing so many, like it's too hard?
now Bill Gates is gonna blame the Windows pirates for being vulnerable! >:(
until someone sues this guy for NOT implementing DRM on his download site.
3... 2... 1...
Let's get things straight. This book is for newbies or for those who want a quicksearch reference. After all, what non-newbies title doesn't include "build your own"? (For more advanced users, I recommend the PHP Anthology which deals with more complicated stuff, like FTP, thumbnail generation, search engine friendly urls, etc.)
:-P ). But the part that has helped me the most is the reference (Appendices).
:)
I began programming in PHP+MySQL around 2 years ago, and this book practically taught me everything.
The book had a nifty section on administrating your MySQL database (specially useful when you forget your password
Appendix A: MySQL syntax (with all the optional parameters)
Appendix B: MySQL functions. For example, what command do we use to search a substring in mysql? Quick search Appendix B... there! LOCATE.
Appendix C: MySQL column types. I don't use MySQL commands often, except when I add a module to my PHP framework (programmed by myself). so when I want to know how to specify a certain type, it's all there.
And finally, Appendix D: PHP functions for working with MySQL.
When you have read this book and have it in your office drawer, flipping thru some paper pages is definitely much faster (at least for me) than typing the search terms on the keyboard. So I recommend it to anyone wanting to learn PHP and MySQL. And to anyone who wants a reference handy
(off-topic Grammar Nazi hint: It's "waste", not "waist". Waist is what you get when you waste too much money on junk food)
And contrarily to popular opinion, Microsoft is not McDonalds ;-)
:)
Well they DO fit the "Supersize me" theme
I did RTFA, where do you think I got the link from? :P
My point is that this error isn't a malformed CSS, or a deprecated HTML 4 attribute. But a *NEW* proprietary attribute that doesn't belong there in the first place.
Just to inform you, I posted a comment in the designer's log.
Tried the search page.
Results *seem* xhtml strict (didn't validate tho), but something awful:
It renders wrong in Firefox. The pulldown menu overflows the border (font too big), i have to press ctrl - twice to fix it.
Also, the "next" button is on the rightmost corner of the webpage. I have to scroll sideways (unless i'm running my browser in fullscreen) and the results are in an incredibly huge font.
I guess the designers should have tried other configurations before releasing the thing. Oh well.
It may be WELL-FORMED XHTML, but it introduces a proprietary attribute (so... Microsoft).
Respect for web standards... yeah right. IMO they just did an optimization of their design... and certainly they did NOT have in mind any consideration for web standards. They nerver had.
using your cellphone while driving is forbidden and punishable by law.
:(
Well, at least in theory
I got the patent #1,234,566: "Stating a public complaint in a public forum about speaking against software patents in a public forum".
You owe me $234,230.95. Pay now, or I'll call my lawyers.
Who today uses Kazaa for file transfers, as opposed to Shareaza? Kazaa is infested with fake files (as I've been told... *whistles innocently*), viruses, leechers who don't share a thing, etc etc.
Shareaza, on the other hand...
How about "Heisenberg and the Quantums".
Now all we need is some singer called Heisenberg. *grabs white pages*
Aa...
It was THEM. Oh, no, they're here!! *ZAP* ARGHHHHHH
You have the worst pig latin abilities I have ever seen.
Oh you think it's piglatin? B-)
Then you haven't decyphered it yet, muahahaha!
The courts have already ruled that the sending of spam itself is protected by free speech, so long as you do not falsely advertise or advertise that you will provide something that is already illegal.
But they're STEALING RESOURCES to do so. It would be as if some vandals took over CBS and started selling their own viagra and stuff. SPAM is illegitimate not because it advertises, but because it uses YOUR RESOURCES to do so. Your bandwidth, your servers, etc.
Free spech has nothing to do with this.
>2) Make it illegal to have ANY financial relationship, direct or indirect, with spammers no matter their origin.
Doesn't that go against the basics of a free market system? What would be the grounds for doing this?
If you're earning money from ILLEGAL ACTIVITIES (which is assured by item 1), then you're a criminal. Period.
I'm suggesting this because the European Union ALREADY ruled any kind of unsolicited advertising, illegal. It's the E-Privacy Directive Proposal.
If it was done, it can be done.
(OK i admit it, maybe I have some technical flaws. But just contact the EuroCAUCE guys. They obviously know what they're doing).
1) Make it illegal to send SPAM from the US. :)
2) Make it illegal to have ANY financial relationship, direct or indirect, with spammers no matter their origin.
3) Make all earnings coming from products sold thru SPAM, illegal. People will have then to do moneylaundring, which is illegal, too!
Even when spammers use foreign ISPs, many reside in the U.S. With my proposals 2) and 3), you're forcing them to MOVE OUT.