Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:It's an accidentally-on-purpose. (Score 1) 203

by aaaaaaargh! (#49734423) Attached to: Australian Law Could Criminalize the Teaching of Encryption

The key problem is that politicians rarely want to take the responsibility for abolishing a law, unless it is from 1900 and concerns lending vacuum cleaners to your neighbour in Colorado, whereas being a sharp 'law and order guy' often helps in getting more voters (mostly thanks to hysteric mass media). Hence, the laws accumulate and are getting broader and broader.

Comment: Re:Irresponsible of who?? (Score 1) 119

Who cares? People died and everything should be done to prevent a similar accident in the future.

Oh, man, I'm glad you're here to tell us how policy making and risk assessment works. Let's just ground all flights of all planes forever. The least we can do is everything.

Comment: Re:The downside of owning the internet (Score 1) 57

It is obviously not the right way, at least not to people who know how the Internet works. That's what this whole discussion is about.

The right way to deal with objectionable content is to take down the content from the server on which it is stored. Not from search engines. (There are fully distributed search engines, wonder how this nonsensical EU rule works with them.)

Comment: Re:So how does this work? (Score 1) 152

by aaaaaaargh! (#49675467) Attached to: The Best Way To Protect Real Passwords: Create Fake Ones

Count me amongst the skeptics.

What the NoCrack authors try to achieve is a solution where every incorrect guess at the master password still provides a set of (incorrect but at least sometimes plausible) passwords.

That's a bad design. If the attacker can access the password file, then he will usually also be able to save your fake passwords from within the password manager. Think about your wife trying to find out the password for your porn collection. So either she may (perhaps inadvertently) delete the original ones, which would be a disaster, or you need to have padding space in the original file so the attacker cannot detect that you have saved the additional files. And you cannot have an arbitrary amount of padding space, of course.

What makes sense is to allow some attempts and then create fake passwords and save them encrypted with the fake masterpassword in the already padded database file (so there is no difference in file size). However, that only works if the password manager always modifies the password file in some way whenever it is opened, since otherwise the attacker can choose *not* to modify and save the file (which would be the wise choice anyway, from his perspective) and can easily recognize that he has been served fakes by monitoring file activity. It doesn't bring any advantage when the attacker is reverse engineering the code or debugging it.

What somehow works against offline attackers would be a variant of a 'fully bijective encryption' that was advocated many times by some crackpot on sci.crypt 15 years ago. I forgot his name. In the present case, this would mean that the encryption scheme is hand-crafted in such a way that the ciphertext is mapped to seemingly valid cleartext no matter what master passphrase is provided, and there is no check for correctness. I suppose that's what the authors were working on, but I'm pretty sure that this can only work convincingly if the passwords are random-generated in the first place. It will fail with user-provided passphrases (or, worse, it could become cryptographically insecure). The proof is left as an exercise to the reader. (just kidding)

My 2 cents. But thanks for the linked paper, I'll check it out.

Don't hit the keys so hard, it hurts.