Comment: Re:and where is exactly the problem? (Score 1) 913
I guess the moral of the story is that if you are going to flee to another country, try some place like Canada or Sweden first.
Should we really be blaming the victim like that?
Comment: Re:3d is annoying (Score 2) 404
You're a funny guy
What do you mean? I'm funny how? I'm funny like I'm a clown? I amuse you?
Comment: Re:You know... (Score 1) 231
The link you provide supports that this is selection bias - he cracked 26025 out of 93688 passwords, and then made the brilliant deduction that boils down to "of those passwords that I easily cracked, most were found to be easily cracked". No shit, Sherlock.
I didn't say that the link disproves that the selection bias exists---it simply doesn't exhibit that selection bias, because it represents a sample of all passwords used on a site. The top 30 passwords were not "the top 30 that were cracked"; they were the top 30 passwords used on the site at all. I could determine this because they were stored as unsalted MD5 hashes.
Sure, that 36% of passwords are easily cracked is bad in itself, but that's another thing entirely. It can't be used as statistics to extrapolate anything using the word "most". It only applies to that subset of weak password.
Yes, I don't dispute that.
I also have to arrest you for " I found that 36% of all passwords were easily discoverable using a rainbow table". This is incorrect. 100% of all passwords are easily discoverable using a rainbow table. 36% may be easily discoverable using a partial rainbow table, which is not the same thing.
What is the difference between a rainbow table and a "partial rainbow table", in your view? Do you think a "rainbow table" means a table containing all possible passwords? Considering that many hash functions have an infinite number of possible inputs, there's no such thing as a rainbow table, according to that definition. It also seems to contradict the usage by Philippe Oechslin in the paper which introduced the term.
Comment: Re:You know... (Score 4, Insightful) 231
Every time I go to pastebin.com and look at the hacked sites the passwords are always weak, extremely weak
No surprise there.
, virtually no one uses strong passwords.
Non sequitur. The published passwords are weak because that's the passwords that were easily cracked. Those who have strong passwords are underrepresented on the lists precisely because they have stronger passwords so they weren't brute-forced easily.
Sure, but every now and then, some *site* uses a poor hash, which allows people like me to do research on password strength and frequency. These results don't exhibit the selection bias you're talking about, because they're a full dump of passwords on the site. This is just for one specific site, but I found that 36% of all passwords were easily discoverable using a rainbow table, 33% of passwords weren't unique, and 1 in 72 users had the password "super123" for some reason.
I actually had a list of email addresses and their corresponding passwords for the site. I wouldn't be surprised if a lot of these passwords could also be used to get access to their corresponding GMail/Yahoo/Hotmail accounts (but I didn't test it out, because I enjoy not being in jail).
Comment: We need a GAME CONSOLE that's secretly a COMPUTER! (Score 1) 348
My idea is totally new and never been done before!
Comment: Re:Lesson of the day: (Score 0) 270
Trololololo!
Comment: Re:Misleading summary (Score 1) 741
I don't see why they couldn't just do surveillance on him and wait for him to, for example, actually purchase some of the items on his shopping list.
Comment: Re:A mistake (Score 1) 346
Part of the problem is that the Javascript programming model is inherently single-threaded, so even if your Javascript engine is multi-threaded, it must fake being single-threaded. It could be that it makes more sense to just use a single-threaded Javascript engine.
Comment: Re:You had me at.. (Score 1) 346
Netflix uses Silverlight.
Comment: FTFY (Score 1) 404
Technology is eroding government control of Canadian culture.