Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Hashing vs. encryption (Score 2) 160

by zindorsky (#41449785) Attached to: Data Breach Reveals 100k Members' Plaintext Passwords

On Windows, Chrome protects its password database with Windows' Data Protection API. The DPAPI has several layers, but at the end its security rests entirely on the Windows account password. So .... you do have a master password in a way, but we all know how easy it is to recover Windows passwords.

Comment: Re:It's convenience and security. (Score 1) 835

by zindorsky (#37332312) Attached to: Why the Fax Machine Refuses To Die

Why are we even signing things anymore, when a digital signature would be a lot more secure and convenient?

Reality check: Could your mom digitally sign something today? Didn't think so.
And why not? Because digital signatures are in reality neither secure nor convenient. They require a fully functioning PKI, which is hardly convenient. Seriously, has anyone ever actually created a functioning PKI that is actually secure and/or used in the real world? The closest thing would be the SSL infrastructure and the recent CA compromises show how secure that is.
I know of what I speak: I used to work for an actual licensed CA.

Comment: SLL! HASH! ENCRYPTION! !!!1! (Score 0) 223

by zindorsky (#36340350) Attached to: Ask Slashdot: Is SHA-512 the Way To Go?

Oh. My. God.
If you do not know the difference between a hash algorithm and a cipher algorithm, then STEP AWAY FROM THE SECURITY!
DIY crypto is a good idea like DIY brain surgery is.
Rolling your own crypto system is like rolling your own mercenary army. It feels really awesome and at first it's all running around in the woods with your camo and guns and FUCK YEAH WE RULE. But then you meet reality and it's all OMFG WE GOT PWNED. and ALSO WE'RE DEAD

Comment: Interesting, but easily defeated (Score 2) 204

by zindorsky (#35422494) Attached to: Unmasking Anonymous Email Senders

I'm not saying the research is worthless, but their techniques are easily defeated.
It would be simple to write a program that would iteratively "fuzz" your message with typos, lowercase/uppercase toggling, etc. and check the result against their algorithm until the message could no longer be tied to you.
I'm sure someone could do it in 10 lines of Perl, or less.

Comment: Oblig. HItchhiker's Guide to the Galaxy (Score 4, Insightful) 49

by zindorsky (#35188574) Attached to: Send Kinect Gesture Recognition Data Over Infrared

The machine was rather difficult to operate. For years radios had been operated by means of pressing buttons and turning dials; then as the technology became more sophisticated the controls were made touch-sensitive--you merely had to brush the panels with your fingers; now all you had to do was wave your hand in the general direction of the components and hope. It saved a lot of muscular expenditure, of course, but meant that you had to sit infuriatingly still if you wanted to keep listening to the same program.

Thus spake the master programmer: "Time for you to leave." -- Geoffrey James, "The Tao of Programming"