Forgot your password?
typodupeerror

Comment: crap. as promised: repost (Score 2, Interesting) 420

by SaberTaylor (#24594993) Attached to: Password Resets Worse Than Reusing Old password

repost of comment: 'passwords are bad use asymmetric keys' on Tuesday August 12, @08:07AM (#24566319)

the copy-paste, then the amendment:

The solution to authentication is something like the IronKey (a hardened USB drive for storing passwords) but with asymmetric crypto.

So you would go to Gmail, gmail would send a challenge that goes to the browser. A library on your browser would send the challenge to the USB device. The USB device would respond by signing the challenge asymmetrically, and that signature would route back through the browser to Gmail. Then you have 1 authenticated session until you destroy it. For sake of convenience imagine the implementation as using PGP -- public key, private key. Gmail has the public key, your USB device has the private key.

This is great since you could read your webmail on a friend's computer, or post Slashdot comments without leaving behind a persistent authentication token (barring a fake logout screen). Or there could be a keylogger on your home computer but it wouldn't be able to scrape persistent passwords and pass those on.

The only reason that humans don't use asymmetric security is that we're too stupid. Otherwise if we wanted high security we would be looking at screens of cyphertext and reversing the one-way function (a^b=c) in our heads. Given that we're too dumb, why not do not put our authenticator on a device that goes on a keychain with our other keys? (And you could make a backup just like with your other keys.)

[...]
-- amendment --

- no I'm not talking about a simple USB drive. That's why the IronKey is dumb since a rooted PC could mirror it.
- the usb device could have all sorts of fancy stuff like LED screen or PIN, i.e. it's not just a flashdrive as I said, it does public-private key crypto -- you can't read all its private data by plugging it in. the point is to get support for asymmetric authentication and allow the free market to provide the level of extra nuisance consumers want.
- 90% don't want this, which is good, happy for them, I'm part of the 10%. So the legacy symmetric password support wouldn't go away and the 10% who want asymmetric passwords on a hardened low complexity (complexity is the enemy of security -- that's why your PC is as leaky as a sieve) device would have that option.
- i like bullet points
- proof-of-concept on a smartphone might be helpful.

United States

+ - Book Exposes Election Rigging, Proves Fraud->

Submitted by
Gottesser
Gottesser writes "Book Exposes Election Rigging, Proves Fraud ISBN 978-0-979-8722-3-5 A new book, "Witness to a Crime: A Citizens' Audit of an American Election" not only proves fraud in Elections but shows the mechanisms that were used to perpetrate the fraud. The book, based on analysis of over 30,000 photographs of ballots, signature books, and poll books basically proves, once and for all, that over a dozen counties in Ohio in 2004 were rigged in advance and on election night. The evidence is absolutely damning. Follow up studies show rigging continuing in 2006. The importance of this work cannot be overstated. There is evidence of large scale election rigging in this country since 2000 and earlier. Obviously, understanding the problem is of importance in dealing with it. The author, Dr. Richard Hayes Phillips, also provided material for fully one third of Bobby Kennedy's Rolling Stone article "Was The 2004 Election Stolen" (http://www.rollingstone.com/news/story/10432334/was_the_2004_election_stolen ) and is the ONLY guy to actually look at the ballots, signature books and poll books in Ohio.

The book's website is located here: http://www.witnesstoacrime.com./ On the website there are sample chapters available. One of those chapters covers the Homeland Security lock down in Warren County Ohio, 2004 that was planned five days in advance along with, for the first time in print, a discussion of what the Board of Elections was doing to the ballots for three hours behind locked doors. Photographs of the actual ballots show, for the first time, the mechanisms by which rigging was carried out. http://www.witnesstoacrime.com/warren.pdf

Another chapter "Shreds of Evidence" http://www.freepress.org/images/departments/2706_Shreds.pdf describes destruction of election records in 56 of 88 Ohio counties despite a court order to protect them."

Link to Original Source
United States

+ - New book based on proof of election rigging-> 3

Submitted by
Troy Seman
Troy Seman writes "Dr. Richard Hayes Phillips, who provided the material for fully one third of Bobby Kennedy's Rolling Stone article "Was The 2004 Election Stolen" ( http://www.rollingstone.com/news/story/10432334/was_the_2004_election_stolen ) is the ONLY guy to actually look at the evidence of election rigging in Ohio. He now has a book out based on his analysis of over 30,000 photographs of ballots signature books, and poll books. He basically proves, once and for all, that over a dozen counties in Ohio in 2004 were rigged in advance and on election night. The evidence is absolutely damning. Follow up studies show rigging continuing in 2006 in Ohio as well as records destruction. Phillips not only proves the election rigging but can also show several mechanisms that were used, a couple of which show collusion at levels of government higher than the county level and therefore indicate conspiracty. He's got a website up for the book at http://www.witnesstoacrime.com/"
Link to Original Source
User Journal

Journal: replacing Slashdot .signature

Journal by SaberTaylor
Old slashdot .signature:
In Bipartisanship Russia, Republocrats are Bolsheviks.
New slashdot .signature:
If you need text styles to communicate then you don't have a message.

"The four building blocks of the universe are fire, water, gravel and vinyl." -- Dave Barry

Working...