What is holding all the sites back from better password as mentioned the md5(salt+md5(password))?
What do website admins think of "Here is a 25 GPU cluster that can go after MD5 hashes" arstechnica.com efforts?
Power and CPU time per user is the expensive over many users over years with new encryption?
Not generally, no. While strong encryption is considered an expensive operation, for a typical system, authentication is something that is relatively rarely done and the computing expense is a tiny part of the overall.
The trick is to make the hashing algorithm inexpensive enough that it isn't a burden on the authenticating system, but expensive enough that it's impractical to attack the hashes, now and a for a reasonable time going forward. As more computing power becomes available, that balance point shifts. Where that point lies at any given time is left as an exercise for people more knowledgeable than I.
Lack of easy software upgrades? ie would users have to re join as "new" encryption is added?
No, that would not be necessary. The authentication system needs to track the hashing method used for each user's credentials, and users can be required to do a password change and inherit more secure hashing algorithms (this leaves "abandoned" accounts potentially vulnerable, but that can be dealt with as well). The challenge comes when the operator is at the mercy of the software vendor to implement the functionality, or when they lack the motivation / skills / etc to do it themselves.
Maybe next time put some small bags of crushed white powder (e.g. corn flour, or crushed paracetamol), under the seats. And maybe a few pieces of plastic with C4 written on them (you know, like plastic explosives, not many people are going to know what plastic means in that context). Sue the airport when your car gets destroyed in a controlled detonation. Buy a new, better, car.
I'm quite sure that nothing could possibly go wrong with this plan.
They proved that if you make it convenient enough, people will put up with unreasonable restrictions.
I'd say that Steam's success is de facto evidience that a large group of people find Steam's restrictions quite reasonable.
If I buy something, I expect to receive in exchange for my money everything I need to make use of it in perpetuity. If I still have to rely upon their servers, I have not received what I paid for.
So, you expect something that the seller is not offering? It sounds like services such as Steam are not for you.
Note further that you DID receive what you paid for, you just failed to pay for what you wanted.
I always thought it would be interesting way to figure out a way to seed surveillance and information gathering networks with unique information you could then watch for to see where it "leaks out".
Unsurprisingly, you aren't the first to think of this.
Really? My experience has been the opposite. I've had a number of salaried jobs in the U.S. over the last 25 years and the only ones that paid monthly were public service (i.e. government) jobs.
All of the provide sector jobs paid twice monthly.
It only impacted people unwilling to get bank accounts they could use for direct deposit. Even people with very bad credit can usually get a passbook savings account, where they are free to draw money without charge. I know.. it happened to me about 20 years ago.
You may be unaware of some changes in the banking industry. "Excess" transaction charges for savings accounts have become commonplace, and are on par with NSF-fee charges (e.g. make more than N [where N ~= 3] withdrawals from a checking account per month, you get hit with a substantial fee).
Slashdot Mirror
Do not want your creeping salespeople shadowing me.
Do not want your club card / loyalty program tracking me.
Really do not want your tracking app.
What is holding all the sites back from better password as mentioned the md5(salt+md5(password))?
What do website admins think of "Here is a 25 GPU cluster that can go after MD5 hashes" arstechnica.com efforts?
Power and CPU time per user is the expensive over many users over years with new encryption?
Not generally, no. While strong encryption is considered an expensive operation, for a typical system, authentication is something that is relatively rarely done and the computing expense is a tiny part of the overall.
The trick is to make the hashing algorithm inexpensive enough that it isn't a burden on the authenticating system, but expensive enough that it's impractical to attack the hashes, now and a for a reasonable time going forward. As more computing power becomes available, that balance point shifts. Where that point lies at any given time is left as an exercise for people more knowledgeable than I.
Lack of easy software upgrades? ie would users have to re join as "new" encryption is added?
No, that would not be necessary. The authentication system needs to track the hashing method used for each user's credentials, and users can be required to do a password change and inherit more secure hashing algorithms (this leaves "abandoned" accounts potentially vulnerable, but that can be dealt with as well). The challenge comes when the operator is at the mercy of the software vendor to implement the functionality, or when they lack the motivation / skills / etc to do it themselves.
Would you prefer that they kept silent? I wouldn't. Personally, I prefer an appropriate amount of transparency to silence and bullshit.
That is precisely how Social Security works.
Only by equivocating the terms "return" and "benefits". They are not the same thing. A more accurate analog for SS would be insurance.
P.S. In before "insurance is a Ponzi scheme!"
Remember, it's not a big truck we're dealing with here.
Of course it isn't, don't be absurd.
It's a convoy of big trucks.
This explains why my wages have kept up with the cost of living so nicely....
Oh, wait.
It appears you failed to notice that whooshing sound sailing over your head.
P.S. The summary is employing irony. Perhaps you've heard of it?
I think you're going to find that difficult now.
Wow, if that isn't about the shrillest over-reaction to image linking I have ever seen...
What assholes.
Tom Cruise hasn't had a $100M movie that wasn't a Mission: Impossible sequel in eight years
Tom's last three films:
Rock of Ages grossed only $59M
Jack Reacher grossed $216M
Oblivion has grossed $285M
Other notiables - War of the Worlds grossed over $700M, Valkyrie grossed over $200M, Knight and Day $261M.
That's most of his non-MI sequel films over the last 8 years.
You were saying?
C'mon, dude, I just ate.
Maybe next time put some small bags of crushed white powder (e.g. corn flour, or crushed paracetamol), under the seats. And maybe a few pieces of plastic with C4 written on them (you know, like plastic explosives, not many people are going to know what plastic means in that context). Sue the airport when your car gets destroyed in a controlled detonation. Buy a new, better, car.
I'm quite sure that nothing could possibly go wrong with this plan.
You've got digital in your analog.
Somewhere in here there's a "Yo, dawg" meme.
I got nothing.
No. Around here we frame our posts in the form of car analogies.
Do try to keep up.
Seriously? That's like $70 in dog money.
Since parsec is an antiquated unit
Since when? The parsec is a very handy unit when you're measuring distance to stars from Earth using the parallax method.
This isn't the Kessel Run, you insensitive clod.
They proved that if you make it convenient enough, people will put up with unreasonable restrictions.
I'd say that Steam's success is de facto evidience that a large group of people find Steam's restrictions quite reasonable.
If I buy something, I expect to receive in exchange for my money everything I need to make use of it in perpetuity. If I still have to rely upon their servers, I have not received what I paid for.
So, you expect something that the seller is not offering? It sounds like services such as Steam are not for you.
Note further that you DID receive what you paid for, you just failed to pay for what you wanted.
I always thought it would be interesting way to figure out a way to seed surveillance and information gathering networks with unique information you could then watch for to see where it "leaks out".
Unsurprisingly, you aren't the first to think of this.
http://en.wikipedia.org/wiki/Canary_trap
Never mind. Wow, do I feel dumb.
WTF? Why is parent un-moddable?
They won't be charging me.
Really? My experience has been the opposite. I've had a number of salaried jobs in the U.S. over the last 25 years and the only ones that paid monthly were public service (i.e. government) jobs.
All of the provide sector jobs paid twice monthly.
It only impacted people unwilling to get bank accounts they could use for direct deposit. Even people with very bad credit can usually get a passbook savings account, where they are free to draw money without charge. I know .. it happened to me about 20 years ago.
You may be unaware of some changes in the banking industry. "Excess" transaction charges for savings accounts have become commonplace, and are on par with NSF-fee charges (e.g. make more than N [where N ~= 3] withdrawals from a checking account per month, you get hit with a substantial fee).
Checks can be cashed at the bank they are written from FOR FREE without a back account.
Not at Bank of America, they can't - and probably others as well.
Educate yourself before spewing bullshit.
Indeed.