A great example of this that I've seen is: Shine a spotlight at the moon (from Earth) and sweep it across the surface. You can move the spot faster than the speed of light, thus the wave moves faster than c, but no individual photon moves faster than c, and no information is conveyed faster than c.

http://en.wikipedia.org/wiki/Internship#United_States

I'll second this. Another similar option is Sandboxie. It sandboxes the browser, preventing any exploits from escaping into the rest of the system. Also, make sure they are using Chrome or Firefox. And finally, ad-blocking software makes a huge difference.

The point is to minimize the amount of information you actually have. You don't need to know the password itself, you only need to know that they know the password. So, you store just enough information to be able to check that the person attempting to log in knows the password.

Very interesting and insightful troll. I was tempted to mod you up, but I figured a reply would be preferred.

Originally I disagreed with your post, but upon attempting to reply, I found that I agree that "both sides are equally bad/dishonest/wrong" is a cop-out, but I disagree that it's embarrassing. It's only embarrassing if you aren't doing anything to back up your belief, and voting is a good start, but it isn't enough.

Ever since this first started being discussed, I've been thinking M/W/F and T/Th/Sa makes a lot of sense. (a different route for each.) You could toss in 5 or 6 day delivery for commercial addresses.

As I've learned, the correct answer is, "Sure, but it'll cost them $n megabucks, and it will take x amount of time." (I'm sure rimcrazy also figured this out since then.)

Thank you, that answers my question perfectly. An immoral act is immoral in and of itself. Someone's suicide does not affect the morality of the original act.

I've long believed that suicide is nobody's fault except for the one who committed the act. However, I very much want to blame the DA for pushing him to commit suicide. I realize it's an emotional response, but there must be some basis in fact. At what point does provoking someone who then commits suicide become the moral and ethical responsibility of the provocateur?

I know I'm responding to a troll, but it hits upon an issue I've been thinking about for some time. It's well known how DAs threaten disproportionate punishments in order to get a plea bargain. And it's easy to see how this might get someone who was previously not seriously considering suicide to start doing so. Where should the line be drawn? Online/offline bullying? Threats of imprisonment? Threats of physical violence and/or torture? Or is it never someone else's fault?

I do not think that means what you think it means.

"Security through obscurity" is being deliberately insecure and relying on other people not knowing about the insecurity as your defense.

Something like this relies on the fact that choosing a random address is much easier than guessing a random address that was previously chosen. This flaw results in forcing the victim to choose a non-random address when they intend to choose a random one. And "address spraying" works by increasing the size of the target the attacker must hit from a single exact address to a large number of ranges which covers most of the available addresses.

Mega holding a copy of your encrypted key does not reduce security, and slightly improves security. A password generally has a laughably low number of bits. Anyone who knows or can guess your password can get your key and thus your files. Not very surprising. There is no way around the crypto entropy being limited by the password entropy. However, if your password has 2048 bits of entropy, then the attacker must crack 2048 bits of entropy to recover your key and your files.

Password entropy is an incredibly difficult problem to solve. xkcd has what has become the canonical example of this. 28 bits of entropy for a "typical" password. 44 bits of entropy for 4 random words strung together. The mega key is 2048 bits, which is roughly equivalent to 186 random words strung together or about 311 completely random typed characters. Anyone attempting to crack your crypto is going to attack the password, not the mega key.

The security increase comes from two factors. The net effect of padding your password so that its length is unknown, and the real world security from using a known, trusted and tested security algorithm.

In summary, your encryption isn't any more or less secure than the password you use. If it helps, you can think of the key stored on the servers as a salt, and the password you type in as the actual key.

(Also, if they were so inclined, why would they capture the decrypted key rather than just capturing the password itself?)

Sort-of. If you make a mistake in your crypto, you can make things substantially less secure. A mistake, such as using the same key for both encryption steps. Also, encryption is not necessarily additive. Encrypting something multiple times with different keys may not improve the security, or may improve the security less than the cumulative total number of key bits indicate.

As an example, let's take the caesar cipher. If you encrypt twice with a key of 13, you end up with no encryption at all. If you encrypt once with a key of 15 and a second time with a key of 12, you end up with exactly the same security as encryption once with a key of 1.

"Just following orders" is wrong not because someone higher up gave the order. It's wrong because despite the government condoning the action, the person doing it should know better. Therefore "everyone does it" is pretty much the same thing as "just following orders".

ITYM assault weapon.

[...]

I don't know what it says about me, but I wasn't. It's a bit frightening that I read and grokked it without a second thought. It didn't register until I reread it a couple of times.