Forgot your password?

Comment: Re:How the Patent System Destroys Innovation (Score 3, Insightful) 97

by AC-x (#47710829) Attached to: How Patent Trolls Destroy Innovation

Well, to me it's a combination of how patents are used and the fact too many vague, overly broad and (in the case of software) patents on general ideas rather than specific implementations are granted.

If less nonsense patents were approved, or if there was a second class of patents (for software etc) that had an extremely short term, most of the problems of patent trolling would go away.

There's nothing wrong with an inventor being able to protect an actual physical invention (without protected you'll be immediately priced out by cheap knock-offs), but no-one should be able to protect just a vague idea.

Comment: Re:Left or Right? (Score 1) 475

by AC-x (#47707419) Attached to: Google's Driverless Cars Capable of Exceeding Speed Limit

Driverless cars will also need to deal with completely different road signage in different countries too. I'd guess it'd just use GPS to work out what country it's in and follow the appropriate driving side/speed limits/road sign rules etc. (it needs to use GPS to know where it's going anyway).

Comment: Problem?? (Score 1) 191

by AC-x (#47661537) Attached to: Reversible Type-C USB Connector Ready For Production

The problem is that there are billions of existing USB devices and cables that will need adapters and new cables to work with new Type-C devices. It’s a lot like when Apple released the Lightning connector, but on an even grander scale.

What problem? My existing micro-usb devices won't need adapters, new devices with Type-C connectors will come with Type-C to Type-A cables, and when desktops/laptops start to come with Type-C connectors I'll just buy some new cables.

It's the same situation when micro-usb replaced mini-usb, I don't remember there being a problem on a "grand scale" then either.

Comment: Re: There we go again (Score 1) 383

by AC-x (#47653387) Attached to: DARPA Wants To Kill the Password

If the attacker is performing the attack "offline" then you've already lost the security battle. That's the point. If you lose your password database, assume the passwords are all broken, no matter whether you have "must have 3.2 uppercase and 4.35 lowercase letters, 0.6 special characters and as many numbers as you like, so long as it doesn't start or end with a number" rules or let them use plain English sentences.

The point is a decent password scheme will make brute force attacks a lot more difficult. Relying only on "never getting hacked" isn't a good policy, so taking a complete approach to security as a whole (such as also coming up with a better password scheme) will always be better than only concentrating on one aspect. Coming up with a password scheme that is both more secure and easy to remember is one of the big unsolved IT security problems of course.

A hashed " " is as meaningful as a hashed "a" so "cat dog run fast" is better than a very random 8-char password.

Not quite, according to Randall 4 common words has an entropy of 44 bits (as long as they are chosen randomly). 8 random characters (uppercase, lowercase, numbers) has around 47.6 bits of entropy. If you have GPU that can chew through hundreds of millions of hashes a second (the record is 350 billion/sec for a 25 GPU cluster) you'd still ideally want more entropy than that though.

Comment: Re: There we go again (Score 1) 383

by AC-x (#47650447) Attached to: DARPA Wants To Kill the Password

You are making a lot of assumptions there; but, ok, I guess...

There are no assumptions here, it's well known that a high percentage of users reuse the same password for multiple sites, including their email. Therefore if you crack an average user's account on a site you've got a good chance of also having their email address password. Obviously having control of someone's email is ground zero as far as getting account credentials is concerned, but even if they use a different password for email there could be connected sites (such as the Sony example in the link) that many users use the same login for, so a breach in a "low importance" service could expose users on more important service from the same company.

Comment: Re: There we go again (Score 1) 383

by AC-x (#47650253) Attached to: DARPA Wants To Kill the Password

You should still only allow a certain number of failed login attempts for a given username. Sure it's rare to brute force via an online login, but it's worth doing to protect a user's account. Sure it sucks for that individual user to have the small possibility of being locked out their account temporarily, but it's not as bad as losing their account and also discourages any hacker from hammering your server and sending your entire site down in an actual DOS.

Comment: Re: There we go again (Score 1) 383

by AC-x (#47649135) Attached to: DARPA Wants To Kill the Password

I fully understood what he put forth and repeatedly stated that it had no relation to the context of my original statement.

Sorry Desler you can't just say I was only talking about dictionary attacks on rate limited login portals, so no-one is allowed to talk about anything else, if you're going to mention dictionary attacks then attacking hashes will always be part of that discussion whether you want it to be or not.

Pound for pound, the amoeba is the most vicious animal on earth.