Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
User Journal

Journal Journal: in which i am a noob all over again 17

Journal by CleverNickName

I haven't posted a journal here in almost three years, because I couldn't find the button to start a new entry. ...yeah, it turns out that it's at the bottom of the page.

So... hi, Slashdot. I used to be really active here, but now I mostly lurk and read. I've missed you.

Comment Re:use? (Score 2, Funny) 59

by bigjocker (#37458776) Attached to: 30,000-Core Cluster On Amazon EC2

They are using it to pump the economy. The heating produced by this cluster must be cooled with extra air conditioning systems, increasing the demand for power and for air conditioning unis, thus creating new jobs and incentivizing the research for new energy sources.

Submission + - ICANN to let thousands of TLDs bloom (latimes.com)

Submitted by
bigjocker
bigjocker writes: "According to the Los Angeles Times "The group that governs Internet domain names is opening up the system so that companies and organizations can apply to create their own versions of .com, .org or .gov. Under the new rules, instead of a coke.com, Coca-Cola might control the domain .coke and assign Web addresses such as drink.coke or bottle.coke". I don't know about you, but I'm getting in line to register snort.coke"

Comment Re:Might not be bad... (Score 3, Informative) 645

by bigjocker (#35954690) Attached to: 77 Million Accounts Stolen From Playstation Network

No, they not. That's the point of double hashing. If you know 'xyz' you still need to know 'opqr' to send a valid hash (remember that you need to hash 'xyz-opqr' with the session salt). Since the server never sends 'opqr' to the client, the only way to generate it is through HASH(xyz + plaintext_password).

Comment Re:Might not be bad... (Score 2) 645

by bigjocker (#35953896) Attached to: 77 Million Accounts Stolen From Playstation Network

This is nonsense. You can double hash passwords. That's the correct way:

plaintext: 1234
salt: xyz
salt+plaintext hash: opqr
you store on DB: xyz-opqr

when the user requests the login page, the server creates a new salt, stores it in the session (server side) and sends the two salts to the client (session one and DB one):

server extracts salt from DB: xyz
server creates a session salt: abc
client receives session salt: abc
client receives DB salt: xyz
user enters password: 1234
client hashes using DB salt: opqr
1st hash is: opqr
1st hash with salt is: xyz-opqr
client hashes using session salt: hijk
2nd hash is: hijk
client sends the twice hashed password to the server: hijk

Now the server hashes the DB password using the session salt (that was stored on the server side session, remember not to trust the info from the client), and the two should be the same, without the server needing to know the plaintext password.

This is basic auth and security stuff. Which means sony must have hired some second hand programmers to develop this whole system. Creepy indeed.

Comment Re:Was a wise move by Apple (Score 4, Insightful) 342

by bigjocker (#35604228) Attached to: How Mac OS X, 10 Today, Changed Apple's World

OSX is what Linux wants to be when it grows up.

Don't get me wrong, I love Linux, I use it since 95, and I wouldn't install anything different to a server. But right now Linux interface (yes, Gnome, I'm talking about you) feels so old it's frustrating. And don't get me started about the beautiful-but-hiper-unstable KDE ... If KDE's stylists wold support Gnome's good but aesthetically blind developers, we may be on to something.

But right now Linux feels stuck on FVWM95, while OSX provides a CLI just as powerful (MacPorts rule, BTW) and a consistent-yet-usable-yet-nice-looking GUI.

Slashdot Top Deals

Scientists will study your brain to learn more about your distant cousin, Man.

Close