Comment Re:Advice from above ("upstairs") (Score 1) 265
Having actually been around a cat in a bag, the only thing that would have given it away after it settled down was the purring.
Having actually been around a cat in a bag, the only thing that would have given it away after it settled down was the purring.
The main reason I have always done, those extra thirty seconds at the store to quickly check the contents is a whole lot less time than would be required to return to the store and try to beg for a replacement or my money back.
How often does it pay off?
This paper indicates 1) that in Lightstone notation, the real number
http://www.math.umt.edu/tmme/vol7no1/TMME_vol7no1_2010_article1_pp.3_30.pdf
Finally, you still have not shown any flaw in the original (or any other) proof, as far as I've seen.
So where is the flaw in TFA's proof?
When do all the apps save their state to disk so they can be recovered like that?
It was originally designed to allow a small inventor to not taken over or forced out of the market by a big company.
In theory, it was originally designed to encourage invention, and ensure that inventions got publicized. Protection for inventors is the means, not the end. I'm not even sure there was such a thing as big companies when US patent law was created.
I saw some of those bikes last weekend. Guess what? They were RED!!
Nominally, meaning in name only.
No, not all possible algorithms, but specifically the Dvorak one would surely be near the top of the list. I'm not saying it won't help, I'm just saying if it's something important you should make sure it's a strong password regardless. That way you don't have to worry about whether the obscurity is working.
Fair enough. My point is that plenty of security systems rely on secrets, but not on security through obscurity.
I was thinking of office computers rather than servers. If you have someone covertly surveilling a computer, then either your security is inadequate, or whatever they might take/disrupt is not worth the security measures it would require to defeat that. But basically yes, if your physical security is compromised, which could easily be the case in an insider attack, you're probably in trouble. As for keylogging, that would only be a vulnerability because the password is next to the machine, right? I don't know a whole lot about keyloggers other than I don't want one.
I would say not by any useful definition. The real principle is that if a system depends on its design not being known, it's secure only through obscurity. The Dvorak system is like that, because if anybody knows you're using a substitution cypher, especially which one, it loses its security.
A good encryption system doesn't rely on security through obscurity just because the keys need to be kept secret. After all, any security system involves secrets, so such a broad definition of security through obscurity would render the term effectively meaningless.
The problem with this approach is that it fails if the password file itself becomes compromised. If that occurs the hacker can simply hash "passw@rd" and then look for any accounts using that hash.
Unless there's salt, which I hope there would be. That would not make the attack impossible, just much, much, slower.
That's security through obscurity. It's basically a substitution cypher that relies on the attacker not knowing it's being used. It's maybe fine for something like your slashdot account, but should not be relied on for real security.
In a corporate context, insider attacks are the most common. So having passwords laying around the office could really be a security concern.
The hardest part of climbing the ladder of success is getting through the crowd at the bottom.
