Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Wrong target (Score 2) 56

by Just Some Guy (#49358493) Attached to: Google Loses Ruling In Safari Tracking Case

The target should be Apple not Google.

That's a stupendous way to end software development overnight. Yes, Apple had a bug. All software has bugs. They clearly intended for a different outcome and surely never expected Google to actively attack it.

Of the two, Apple made a mistake but acted with good intentions (at least on the surface, but there's no point going full tinfoil because then there's no point having a conversation about it). Google acted maliciously, and if someone's going to be held accountable for this then it should be them.

In before "lol fanboy": I would say exactly the opposite if, say, iCloud.com exploited a bug (not a feature: a bug) in Chrome to do the same thing. In this specific case, Apple seems to have acted honorably and Google unhonorably.

Encryption

Generate Memorizable Passphrases That Even the NSA Can't Guess 257

Posted by timothy
from the exercise-for-the-reader dept.
HughPickens.com writes Micah Lee writes at The Intercept that coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you'll probably do a bad job of it. It turns out humans are a species of patterns, and they are incapable of doing anything in a truly random fashion. But there is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. First, grab a copy of the Diceware word list, which contains 7,776 English words — 37 pages for those of you printing at home. You'll notice that next to each word is a five-digit number, with each digit being between 1 and 6. Now grab some six-sided dice (yes, actual real physical dice), and roll them several times, writing down the numbers that you get. You'll need a total of five dice rolls to come up with each word in your passphrase. Using Diceware, you end up with passphrases that look like "cap liz donna demon self", "bang vivo thread duct knob train", and "brig alert rope welsh foss rang orb". If you want a stronger passphrase you can use more words; if a weaker passphrase is ok for your purpose you can use less words. If you choose two words for your passphrase, there are 60,466,176 different potential passphrases. A five-word passphrase would be cracked in just under six months and a six-word passphrase would take 3,505 years, on average, at a trillion guesses a second.

After you've generated your passphrase, the next step is to commit it to memory.You should write your new passphrase down on a piece of paper and carry it with you for as long as you need. Each time you need to type it, try typing it from memory first, but look at the paper if you need to. Assuming you type it a couple times a day, it shouldn't take more than two or three days before you no longer need the paper, at which point you should destroy it. "Simple, random passphrases, in other words, are just as good at protecting the next whistleblowing spy as they are at securing your laptop," concludes Lee. "It's a shame that we live in a world where ordinary citizens need that level of protection, but as long as we do, the Diceware system makes it possible to get CIA-level protection without going through black ops training."

Comment: Re:python and java (Score 1) 482

by Just Some Guy (#49338871) Attached to: No, It's Not Always Quicker To Do Things In Memory

Python's string library isn't remotely what I'd call "overweight", but its strings are immutable. Some algorithms that are quick in other languages are slow in Python, and some operations that are risky in other languages (like using strings for hash keys) are trivial (and threadsafe) in Python. But regardless of the language involved, it's always a good idea to have a bare minimum of knowledge about it before you do something completely stupid.

Great spirits have always encountered violent opposition from mediocre minds. -- Albert Einstein

Working...