The salt won't protect against poor passwords (common passwords and dictionary words) but it will help relatively good passwords stay secure in the face of ever-expanding collections of rainbow tables. For example there is a 5GB table currently available from freerainbowtables.com that allows you to look up the plain text for any MD5 hash of a string up to 6 characters, including a relatively good password like "F8% z5". Eventually they will expand to 7 characters, then 8... Adding salt makes a rainbow table attack much less practical. I would expect that even a 16-bit random salt would require a rainbow table to be 65,000 times as large.
If you don't want to give your customers a heart attack: add plenty of salt.
I like the auction idea. Not all TLD's are of equal value. Perhaps instead of a fixed price there should be a fixed minimum bid to cover costs and an auction of, say, 90 days to see who is willing to pay the most for the rights to control the new TLD. That should bring in enough revenue that the minimum bid could be brought down to a range that some smaller organizations could afford, like $1000.
Perhaps there should be an annual maintenance fee. How about 1% of the purchase price? If the fee is not paid the domain is re-auctioned to a new owner. I foresee problems with the new owner raising rates on sub-domain owners, either to milk them or to drive them away so the sub-domains can be re-sold... Not sure if/how I would propose controlling that.
That was "World Power Systems" and I remember the incident well. They were caught when someone noticed that one of the important signals on the S-100 edge connector was not connected.
For months I've not been manually deleting mail in my GMail spam mailbox. GMail automatically deletes spam messages older than 30 days. Now I can look at the 'unread messages' count on that mailbox to see how many spams have been caught in the last 30 days. At one point it was up over 6,000 but I noticed that it has been dropping. It's currently down by more than half to 2,881. Of course I don't know the exact cause of the reduction but I would not be surprised if spammers were avoiding GMail accounts.
I thought the distinction between passive and active RFID was that 'active' tags had a continuous power source. Passive RFID tags get their power, typically via induction, from the reader and therefore are relatively limited in transmit power and reading distance. This does not preclude them from having receivers and being read/write.
According to a KXAN (Austin, TX) news story (http://www.kxan.com/Global/story.asp?S=4927571) the sexual assault happened in the back seat of his car, not in his apartment. I'm surprised that the girl, even at 14, did not know that it's a BAD idea to get into the back seat of a parked car with a guy if you DON'T want to 'get horizontal'.
His defense: "I thought she was 15. Yes, I know that 18 is the age of consent here in Texas." o.0
This is an automatically generated Delivery Status Notification
Delivery to the following recipient failed permanently:
xxxxxxx@frontiernet.net
Technical details of permanent failure: PERM_FAILURE: SMTP Error (state 9): 554 Sorry, your mail server (py-out-1112.google.com[64.233.166.178]) is rejected using sbl-xbl.spamhaus.org. See http://postmaster.frontiernet.net/error.html#sbl-x bl
----- Original message -----
Received: by 10.35.115.18 with SMTP id s18mr2328477pym;
Wed, 14 Jun 2006 21:52:32 -0700 (PDT) Received: by 10.35.97.6 with HTTP; Wed, 14 Jun 2006 21:52:32 -0700 (PDT) Message-ID: Date: Thu, 15 Jun 2006 00:52:32 -0400 From: "John Wasser" To: "xxxxxxx" Subject: Re: printer setup repair In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References:
Slashdot Mirror
The salt won't protect against poor passwords (common passwords and dictionary words) but it will help relatively good passwords stay secure in the face of ever-expanding collections of rainbow tables. For example there is a 5GB table currently available from freerainbowtables.com that allows you to look up the plain text for any MD5 hash of a string up to 6 characters, including a relatively good password like "F8% z5". Eventually they will expand to 7 characters, then 8... Adding salt makes a rainbow table attack much less practical. I would expect that even a 16-bit random salt would require a rainbow table to be 65,000 times as large.
If you don't want to give your customers a heart attack: add plenty of salt.
I like the auction idea. Not all TLD's are of equal value. Perhaps instead of a fixed price there should be a fixed minimum bid to cover costs and an auction of, say, 90 days to see who is willing to pay the most for the rights to control the new TLD. That should bring in enough revenue that the minimum bid could be brought down to a range that some smaller organizations could afford, like $1000.
Perhaps there should be an annual maintenance fee. How about 1% of the purchase price? If the fee is not paid the domain is re-auctioned to a new owner. I foresee problems with the new owner raising rates on sub-domain owners, either to milk them or to drive them away so the sub-domains can be re-sold... Not sure if/how I would propose controlling that.
Do Lifesavers float? Maybe the Tropical Lime ones do because they contain lime but I don't think the Wintergreen ones will do any good at all.
That was "World Power Systems" and I remember the incident well. They were caught when someone noticed that one of the important signals on the S-100 edge connector was not connected.
You can read about it here:
http://www.brouhaha.com/~eric/retrocomputing/wps/
For months I've not been manually deleting mail in my GMail spam mailbox. GMail automatically deletes spam messages older than 30 days. Now I can look at the 'unread messages' count on that mailbox to see how many spams have been caught in the last 30 days. At one point it was up over 6,000 but I noticed that it has been dropping. It's currently down by more than half to 2,881. Of course I don't know the exact cause of the reduction but I would not be surprised if spammers were avoiding GMail accounts.
Perhaps it is just an error in translation and he meant 256KB and not 256GB. :-\
... and that's not nearly as much fun as comparing Apples to PC's.
I can see the letter now: "you just have to aunt the aunt function and aunt the aunt aunt period new paragraph no delete that select all dammit."
Sounds like they are trying to make the Graphic Omniscient Device. Don't they have to build a H.A.R.L.I.E. first?
I thought the distinction between passive and active RFID was that 'active' tags had a continuous power source. Passive RFID tags get their power, typically via induction, from the reader and therefore are relatively limited in transmit power and reading distance. This does not preclude them from having receivers and being read/write.
The little glass vial RFID tags made by TI come in both Read Only and Read/Write. http://www.ti.com/rfid/shtml/prod-trans.shtml#lowf req
Of course the HP device requires contact so it's not really an RFID tag at all. :-\
According to a KXAN (Austin, TX) news story (http://www.kxan.com/Global/story.asp?S=4927571) the sexual assault happened in the back seat of his car, not in his apartment. I'm surprised that the girl, even at 14, did not know that it's a BAD idea to get into the back seat of a parked car with a guy if you DON'T want to 'get horizontal'. His defense: "I thought she was 15. Yes, I know that 18 is the age of consent here in Texas." o.0
Mail Delivery Subsystem to me Jun 15 (2 days ago)
x bl
This is an automatically generated Delivery Status Notification
Delivery to the following recipient failed permanently:
xxxxxxx@frontiernet.net
Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 554 Sorry, your mail server (py-out-1112.google.com[64.233.166.178]) is rejected using sbl-xbl.spamhaus.org. See http://postmaster.frontiernet.net/error.html#sbl-
----- Original message -----
Received: by 10.35.115.18 with SMTP id s18mr2328477pym;
Wed, 14 Jun 2006 21:52:32 -0700 (PDT)
Received: by 10.35.97.6 with HTTP; Wed, 14 Jun 2006 21:52:32 -0700 (PDT)
Message-ID:
Date: Thu, 15 Jun 2006 00:52:32 -0400
From: "John Wasser"
To: "xxxxxxx"
Subject: Re: printer setup repair
In-Reply-To:
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: