Follow Slashdot stories on Twitter


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:everyone who passed a math class knows (Score 1) 138

by rot26 (#49349417) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say
Unless the diceware lists are not known to the attackers, how is this any better than any collection of 6 bit numbers? And if you're counting on the attackers not knowing about this method, you've degenerated into security by obscurity. What am I missing? And why did some wanker delete essentially this same response from another thread?

Comment: Most Importantly: MAKE SURE BAD GUYS DON'T KNOW (Score 1) 2

by rot26 (#49349103) Attached to: Passphrases You Can Memorize That Even The NSA Can't Guess
Am I missing something here? How does this make the password/phrase any more secure than 5 (ect) 6 bit digits? It depends on the hackers not knowing about the diceware lists, which devolves simply into security by obscurity. Now if the list were different for each person who downloaded it, that would help SOMEWHAT, but this would still by no means be secure.

Somebody point out what I am missing, please.

+ - Passphrases You Can Memorize That Even The NSA Can't Guess 2

Submitted by (3830033) writes "Micah Lee writes at The Intercept that coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you’ll probably do a bad job of it. It turns out humans are a species of patterns, and they are incapable of doing anything in a truly random fashion. But there is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. First, grab a copy of the Diceware word list, which contains 7,776 English words — 37 pages for those of you printing at home. You’ll notice that next to each word is a five-digit number, with each digit being between 1 and 6. Now grab some six-sided dice (yes, actual real physical dice), and roll them several times, writing down the numbers that you get. You’ll need a total of five dice rolls to come up with each word in your passphrase. Using Diceware, you end up with passphrases that look like “cap liz donna demon self”, “bang vivo thread duct knob train”, and “brig alert rope welsh foss rang orb”. If you want a stronger passphrase you can use more words; if a weaker passphrase is ok for your purpose you can use less words. If you choose two words for your passphrase, there are 60,466,176 different potential passphrases. A five-word passphrase would be cracked in just under six months and a six-word passphrase would take 3,505 years, on average, at a trillion guesses a second.

After you’ve generated your passphrase, the next step is to commit it to memory.You should write your new passphrase down on a piece of paper and carry it with you for as long as you need. Each time you need to type it, try typing it from memory first, but look at the paper if you need to. Assuming you type it a couple times a day, it shouldn’t take more than two or three days before you no longer need the paper, at which point you should destroy it. "Simple, random passphrases, in other words, are just as good at protecting the next whistleblowing spy as they are at securing your laptop," concludes Lee. "It’s a shame that we live in a world where ordinary citizens need that level of protection, but as long as we do, the Diceware system makes it possible to get CIA-level protection without going through black ops training""

Comment: Re: mod redemption (Score 1) 214

by rot26 (#49306099) Attached to: Gabe Newell Understands Half-Life Fans, Not Promising Any Sequels
Thank you. :-)

Mod points +11, -12.

So I lose but also had the opportunity to collect +11 mod points. I'm not sure how that affects my karma, but since I've had excellent karma since before most of you started shaving your pubes and hanging around bus station toilets, I'm pretty sure I'm gold.

Comment: Re:Godaddy are thieving wankers dot com (Score 1) 69

by rot26 (#49305971) Attached to: GoDaddy Accounts Vulnerable To Social Engineering (and Photoshop)
No, no coincidence. This has happened to me multiple time, though not with godaddy because I've never been tempted to use them. It's such a simple, obvious bit of asshattery that many registrars do this, although (excuse my lack of definitive information) I don't believe they actually register the domain name, there is some additional asshattery that allows them to tie the name up for a short period without actually having to pay money for it... which means that after a few days (???) it will become available again. Of course, everything I just said could be wrong.

but I don't think so

+ - What's the best videoconferencing solution for elders you've come across so far?

Submitted by gardas
gardas (2599959) writes "Technology has brought us together; except for some of our loved ones, who have serious difficulty adopting it. I have failed miserably trying to find a solution to talk my older family. My grandfather compared videoconferencing to speaking with spirits, and got rid of a highly configured laptop I had brought him (remote admin; one-button shutdown; Skype auto-answer), because it was too complicated. I also tried Logitech's HDTV camera with no success: It wouldn't control the TV fully so it still needed a lot of user interaction to switch the TV input back after a call, etc. I see lots of big-button cell phones, but no analog in videoconferencing.

The question: What is the best videoconferencing solution for elders you've come across so far?"

Comment: Re:Email lets you organize your thoughts (Score 1) 115

by rot26 (#49211629) Attached to: Preferred way to communicate with co-workers?
My co-workers who don't use email do that for a reason... they don't want to be accountable for what they say. My boss will sometimes send me an email asking me to come over to his office, where he will tell me something that he could have said in the email, but didn't want it to be on the record. Not much I can do about that but for anybody who isn't my boss, they know if I don't get it in an email I will ignore it. Because I can cover my ass too.

The major difference between bonds and bond traders is that the bonds will eventually mature.