Forgot your password?
typodupeerror

Comment: Re:Who doesn't hash/encrypt passwords? (Score 1) 304

by bmckeever (#32932606) Attached to: OAuth, OpenID Password Crack Could Affect Millions

I assume that you can copy and paste, so apparently the article has been updated. It now reads: "On some systems, the server will check a cryptographic signature on a token...".

But the answer to your question is yes, it matters. When the place it fails to match changes, this information is leaked by the response time. This is how an attacker extracts information from random guesses.

Comment: Re:And that attitude is the whole problem (Score 1) 773

by bmckeever (#32615492) Attached to: Falsehoods Programmers Believe About Names

You know, attitudes like yours are IMHO the root of all that's wrong with computers today. And I'm saying that as a programmer, not as Jane Grandma. The whole idiotic OCD idea that you _must_ make up rules about everything, and that your rules are more important than what people are actually trying to do. The idea that if even someone's name doesn't fit "your" database, then you can just brush them off and have a beer.

Your message is more than 140 characters long, and doesn't fit in my database.

Comment: Re:This is a random comment. (Score 1) 395

by bmckeever (#31235824) Attached to: New Method for Random Number Generation Developed

> it can be a small problem, I think, when "non-random" sequences are removed from possible random number generations. [...] it may take a fair slice out of the available keyspace

This is true, and could be a problem if everyone's PIN were randomly generated. Since most PINs are selected by users and conform to a known, decidedly non-uniform distribution, this actually makes sense. If it's known that e.g. 1234 is over-represented in the pool of PINs, that would be one of the first ones an attacker would try. Therefore, it makes sense to filter that out. But note that it's the over-representation of the PIN and the fact that attackers are aware of this skew that makes it worth avoiding, and not anything inherently insecure about "runs" or "pairs".

Games

Revisiting the "Holy Trinity" of MMORPG Classes 362

Posted by Soulskill
from the or-druid-as-the-case-may-be dept.
A feature at Gamasutra examines one of the foundations of many MMORPGs — the idea that class roles within such a game fall into three basic categories: tank, healer, and damage dealer. The article evaluates the pros and cons of such an arrangement and takes a look at some alternatives. "Eliminating specialized roles means that we do away with boxing a class into a single role. Without Tanks, each class would have features that would help them participate in and survive many different encounters like heavy armor, strong avoidance, or some class or magical abilities that allow them to disengage from direct combat. Without specialized DPS, all classes should be able to do damage in order to defeat enemies. Some classes might specialize in damage type, like area of effect (AoE) damage; others might be able to exploit enemy weaknesses, and some might just be good at swinging a sharpened bit of metal in the right direction at a rapid rate. This design isn't just about having each class able to fill any trinity role. MMO combat would feel more dynamic in this system. Every player would have to react to combat events and defend against attacks."

Comment: Re:Three options (Score 1) 1032

by bmckeever (#26874563) Attached to: How To Keep Rats From Eating My Cables?

Absolutely. I find myself using most of my moderator points marking posts as off-topic. A reply (even an insightful, informative, funny one) to an off-topic comment is itself off-topic. I've even considered saying so in my sig. And yes, I am aware of the irony of posting this, as it has nothing to do with rats or cables.

Aren't you glad you're not getting all the government you pay for now?

Working...