Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Standing on shoulders (Score 1) 508 508

And yes, the subsidiary would owe Microsoft $0. But, unless Microsoft passed on the source code and build environment to me, they don't get the "Clause 1" exemption, and are liable under "Clause 2". Or are you talking about the "as written by Microsoft" version of the liability laws?

Comment: Re:Wait, what? (Score 1) 409 409

Like many coders, I thought you were supposed to calculate Hash(password + salt).

I've never seen anyone suggest Hash(password + username + salt) as an option. Is this something that the security industry has shown to be ineffective long ago, and I have just missed it?

To me this looks like it would stop two users with the same password getting the same hash (assuming the salt is system wide, not per user) and make it harder to replace the hash with a known one and get a known password.

Comment: Re:I'm not sure I like this... (Score 2) 58 58

If I'm running a mid size company and I hire an ad agency that gets paid for referrals (and it's a fly by night LLC), I'm really venerable now. I guess the anti-spam crowd will tell me not to hire a fly-by-night, but don't most successful businesses start that way? And how am I suppose to know?

If you realy were venerable then I would hope you would know better than to leave yourself vulnerable to a lawsuit by hireing dodgy contractors.

Comment: Re:5th Amendment (Score 2, Informative) 767 767

That's not how Public Key encryption generally works.

Encrypting something via Public Key system is slow, so what is generally done is a random key (128bit/256bit/1024bit/whatever) is generated, and some other system like IDEA/Blowfish/etc is used to encrypt the file with this random key. Then the random key itself is encrypted using the Public Key, and included in the output file (or this may be done first).

Encrypting the same file twice with PGP/GPG will result in different encrypted files. Here is what I got when I encrypted the same file twice:

$ ls -l whycopyrightdoc.ogg*
-rw-r--r-- 1 xxxx users 444876583 2008-12-09 16:27 whycopyrightdoc.ogg
-rw-r--r-- 1 xxxx users 442961134 2009-02-27 13:38 whycopyrightdoc.ogg.gpg
-rw-r--r-- 1 xxxx users 442961133 2009-02-27 13:33 whycopyrightdoc.ogg.gpg.1

$ cksum whycopyrightdoc.ogg*
2090966688 444876583 whycopyrightdoc.ogg
909254713 442961134 whycopyrightdoc.ogg.gpg
121574791 442961133 whycopyrightdoc.ogg.gpg.1

"Silent gratitude isn't very much use to anyone." -- G. B. Stearn

Working...