Follow Slashdot stories on Twitter


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Do not use standard passwords (Score 2) 198

by falzer (#40285393) Attached to: Lessons Learned From Cracking 2M LinkedIn Passwords

What next? You use 15 or 20 character passwords, or a passphrase of several words.

But for the server side, use key strengthening with something like bcrypt or scrypt.
If it takes 1 second on very fast hardware to hash a single password, then your attacker has to also spend a lot of time on each hash attempt.
scrypt was also designed with custom hardware attacks in mind (it uses lots of memory) so it is still slow and expensive even if the attacker has key derivation logic in an asic or fpga.

If it takes a tenth of a second for an attacker to derive a key (or hash) from a password then a 10 character password is still incredibly strong.
If the passwords have salt (as they should) even a plain english dictionary attack on a 2M password file will take years to finish.

As faster hardware becomes available, you adapt by changing the key derivation parameters.

Comment: Reminds me of a sound demo. (Score 1) 381

by falzer (#38155952) Attached to: Dell's Misleading Graphics Card Buying Advice

I can't remember what software it was, but it included samples labeled "8-bit" and "16-bit" to demonstrate the difference between 8 and 16 bits/sample audio.
I assumed the 8-bit audio file was deliberately made noisy and grainy, because it sounded much worse than the 16 bit file downsampled to 8.

Comment: Re:Who generates 512-bit RSA keys these days? (Score 1) 80

by falzer (#37951956) Attached to: Microsoft, Mozilla and Google Ban Malaysian Intermediate CA

>RSA for example needs two prime numbers as a keypair, so while the key length might be 512 bit, there are actually not that many from those 2^512 numbers to choose from. Also, certain key values are prone to attacks.

How many is not that many? Bruce Schneier in Cryptography Engineering calculates that 1 in 1386 numbers in the 2^2000 bit range is prime. In the 2^512 range primes are even more frequent, according to prime counting estimates.

Comment: Re:Taught? (Score 2) 176

by falzer (#37900206) Attached to: Why Fingernails On a Chalkboard Sound Painful

It would get very tiresome for everyone to have to explain from axioms and first principles every opinion they held, even if they did reflect upon and study them.
Alternately, do you think people who agree with you on whatever subject have also been "culturally informed" that way?

I am, of course, not talking about capitalism, communism, chalk, or cottonballs, but wearing socks with sandals.

I am more bored than you could ever possibly be. Go back to work.