Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: Re:Standing on shoulders (Score 1) 508

by PacMan (#37561008) Attached to: Outlining a World Where Software Makers Are Liable For Flaws
And yes, the subsidiary would owe Microsoft $0. But, unless Microsoft passed on the source code and build environment to me, they don't get the "Clause 1" exemption, and are liable under "Clause 2". Or are you talking about the "as written by Microsoft" version of the liability laws?

Comment: Re:Wait, what? (Score 1) 409

by PacMan (#35156588) Attached to: Are You Sure SHA-1+Salt Is Enough For Passwords?

Like many coders, I thought you were supposed to calculate Hash(password + salt).

I've never seen anyone suggest Hash(password + username + salt) as an option. Is this something that the security industry has shown to be ineffective long ago, and I have just missed it?

To me this looks like it would stop two users with the same password getting the same hash (assuming the salt is system wide, not per user) and make it harder to replace the hash with a known one and get a known password.

Comment: Re:I'm not sure I like this... (Score 2) 58

by PacMan (#34935376) Attached to: California Spam Law Upheld By Appeals Court

If I'm running a mid size company and I hire an ad agency that gets paid for referrals (and it's a fly by night LLC), I'm really venerable now. I guess the anti-spam crowd will tell me not to hire a fly-by-night, but don't most successful businesses start that way? And how am I suppose to know?

If you realy were venerable then I would hope you would know better than to leave yourself vulnerable to a lawsuit by hireing dodgy contractors.

Comment: Re:5th Amendment (Score 2, Informative) 767

by PacMan (#27007671) Attached to: US District Ct. Says Defendant Must Provide Decrypted Data
That's not how Public Key encryption generally works.

Encrypting something via Public Key system is slow, so what is generally done is a random key (128bit/256bit/1024bit/whatever) is generated, and some other system like IDEA/Blowfish/etc is used to encrypt the file with this random key. Then the random key itself is encrypted using the Public Key, and included in the output file (or this may be done first).

Encrypting the same file twice with PGP/GPG will result in different encrypted files. Here is what I got when I encrypted the same file twice:

$ ls -l whycopyrightdoc.ogg*
-rw-r--r-- 1 xxxx users 444876583 2008-12-09 16:27 whycopyrightdoc.ogg
-rw-r--r-- 1 xxxx users 442961134 2009-02-27 13:38 whycopyrightdoc.ogg.gpg
-rw-r--r-- 1 xxxx users 442961133 2009-02-27 13:33 whycopyrightdoc.ogg.gpg.1

$ cksum whycopyrightdoc.ogg*
2090966688 444876583 whycopyrightdoc.ogg
909254713 442961134 whycopyrightdoc.ogg.gpg
121574791 442961133 whycopyrightdoc.ogg.gpg.1

Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984

Working...