Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:Standing on shoulders (Score 1) 508 508

And yes, the subsidiary would owe Microsoft $0. But, unless Microsoft passed on the source code and build environment to me, they don't get the "Clause 1" exemption, and are liable under "Clause 2". Or are you talking about the "as written by Microsoft" version of the liability laws?

Comment Re:Wait, what? (Score 1) 409 409

Like many coders, I thought you were supposed to calculate Hash(password + salt).

I've never seen anyone suggest Hash(password + username + salt) as an option. Is this something that the security industry has shown to be ineffective long ago, and I have just missed it?

To me this looks like it would stop two users with the same password getting the same hash (assuming the salt is system wide, not per user) and make it harder to replace the hash with a known one and get a known password.

Comment Re:I'm not sure I like this... (Score 2) 58 58

If I'm running a mid size company and I hire an ad agency that gets paid for referrals (and it's a fly by night LLC), I'm really venerable now. I guess the anti-spam crowd will tell me not to hire a fly-by-night, but don't most successful businesses start that way? And how am I suppose to know?

If you realy were venerable then I would hope you would know better than to leave yourself vulnerable to a lawsuit by hireing dodgy contractors.

Comment Re:5th Amendment (Score 2, Informative) 767 767

That's not how Public Key encryption generally works.

Encrypting something via Public Key system is slow, so what is generally done is a random key (128bit/256bit/1024bit/whatever) is generated, and some other system like IDEA/Blowfish/etc is used to encrypt the file with this random key. Then the random key itself is encrypted using the Public Key, and included in the output file (or this may be done first).

Encrypting the same file twice with PGP/GPG will result in different encrypted files. Here is what I got when I encrypted the same file twice:

$ ls -l whycopyrightdoc.ogg*
-rw-r--r-- 1 xxxx users 444876583 2008-12-09 16:27 whycopyrightdoc.ogg
-rw-r--r-- 1 xxxx users 442961134 2009-02-27 13:38 whycopyrightdoc.ogg.gpg
-rw-r--r-- 1 xxxx users 442961133 2009-02-27 13:33 whycopyrightdoc.ogg.gpg.1

$ cksum whycopyrightdoc.ogg*
2090966688 444876583 whycopyrightdoc.ogg
909254713 442961134 whycopyrightdoc.ogg.gpg
121574791 442961133 whycopyrightdoc.ogg.gpg.1

"There is such a fine line between genius and stupidity." - David St. Hubbins, "Spinal Tap"

Working...