Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Are You Sure SHA-1+Salt Is Enough For Passwords? 409

Posted by CmdrTaco
from the good-enough-for-govt-work dept.
Melchett writes "It's all too common that Web (and other) applications use MD5, SHA1, or SHA-256 to hash user passwords, and more enlightened developers even salt the password. And over the years I've seen heated discussions on just how salt values should be generated and on how long they should be. Unfortunately in most cases people overlook the fact that MD and SHA hash families are designed for computational speed, and the quality of your salt values doesn't really matter when an attacker has gained full control, as happened with When an attacker has root access, they will get your passwords, salt, and the code that you use to verify the passwords."

+ - LinuxFest Northwest 2007

Submitted by
Hunter Gatherer Peng
Hunter Gatherer Peng writes "LinuxFest Northwest 2007, is just seven days away. Hear speakers from Red Hat, Google, SuSE/Novell, OLPC project, MySQL, Sofware Freedom Law Center, Linden Labs, OSTG, Linux Fund, over 40 speakers, 42 exhibitors per day and several exhibitors will be actively recruiting. Admission and parking are free for both days, April 28th and 29th in Bellingham Wash. This is a huge free Linux/OSS community event, don't miss it."

Moving a Development Team from C++ to Java? 204

Posted by Cliff
from the language-defection dept.
Nicros asks: "I work for a company that is working toward an FDA approved software development process. We have always used C++ in a Windows environment, and we have more than 6 years of code, applications and libraries developed. Because of our long and convoluted software development history, our existing architecture is difficult to manage for a group of our relatively small size (5 FTEs), and development times are rather slow. Our IT director has made the decision that, to speed up development times, we need to re-architect all of our existing code, from C++ to Java." What would be the best way to go about handling such a migration? In a general sense, how would you go about moving a development team from one language to another?

Comment: The script in question... (Score 1) 99

by Brian Hatch (#13192041) Attached to: Stealing the Network: How to Own an Identity
If you want to translate Dvorak to/from Qwerty, go snag this decrypt script I wrote a long time ago. It's NOT what was used for the chapter. (You'd know why if you read the chapter.)

The quick way to switch your actual keyboard is to use setxkbmap, or loadkeys, but if then you'd need to type in all the comments here to have them translate. This script would work as a filter, which is more convienient.

Also, if you want to switch back and forth, or are on an old system that doesn't have alternate keyboards available in X11, I use tod/toq, from the Tools section of Hacking Linux Exposed website.

If you're wondering why there aren't many posts by the other authors, that's because they're all in or recovering from Las Vegas....

User Journal

Journal: Onsight Training. Yes, James Lee rocks.

Journal by Brian Hatch
Wow, that was cool to wake up this morning and read an askslashdot about good places to get training and see Onsight listed! I absolutely think James is the shit. He's the guy who bullied me into learning (and loving) perl. He tought one of my undergrad classes, way back when. He certainly deserves the kudos, but it's cool seeing anonymous strangers on slashdot agreeing.

Saliva causes cancer, but only if swallowed in small amounts over a long period of time. -- George Carlin