Legal for you, as an individual, to practice? Yes. Legal for a medical professional to prescribe to you? Doubtful.

I wish that I could, except that in his rush to claim credit for the death of OBL he outed them and most of them are now dead, killed in a retaliatory strike against their helicopter (according to Obama anyway). The circumstance can be speculated on endlessly but the fact remains, Obama, for political gain, exposed the identity of our service members and put them at increased risk. There was no need to mention which team from which branch of the military completed the mission as this is typically considered classified military information.

Perhaps I should of quoted what I was responding to, that would of cleared up any confusion. The parent was asking if the dollar is in a bubble why is it buying you less-and-less gold when it should be buying you more-and-more? The original argument being that gold was in a bubble. My reply was, as you read, the dollar was in a bubble which is deflating/bursting and thus worth less-and-less every day (when compared to gold).

I'd like to ignore it but you can't remove a fundamental part of the process for sake of an example and still be describing the same thing. The reason there is interest attached to the loan is (partly/mostly) because of the depreciation of the value of the dollar over time. They know it will be worth less when you pay it back which is why they want you to pay back more than you borrowed. The extra covers inflation and allows them to profit off the loan.

The dollar was in a bubble, a bubble that is deflating/bursting which is why it is worth less-and-less every day. .

If you only consider the "first" movies of theirs, Blade and Buffy (in that order) would be my favorites. Buffy (from the show) is not, too campy/ridiculous/soap-opera-ish. Blade (after the first movie) was just plain horrible. So, since they didn't limit them, I had to pick Van Helsing, which from both Bram Stoker's and the Van Helsing movie is a solid character that I prefer over the other choices.

The last choice, however, is factually wrong. Vampires (like Zombies) used to be people. :)

You miss one key point. Knowing you can fend for yourself without relying on others and being confident in that fact is the first step on the way to becoming a leader. That confidence and self-assuredness is necessary in becoming an authority, necessary to yourself. One who is not confident in himself cannot effectively lead.

Way to use an irrelevant point to avoid the argument. I made no such assumption. My point was that although the percentages of african-americans (referred to as AA's henceforth for brevity) voting for Gore and those voting for Obama from the pool of AA votes may be consistent, that does not prove that racism didn't have a significant impact on the election. As I pointed out above, if a much larger percentage of AA's voted in this election than in previous ones, than this influx of new voters may be attributed to racism. If it was a large enough change, it could have had a significant impact on the election. Although the new voters voted in a similar pattern (i.e. mostly Democrat) as existing ones, the fact they chose to vote this time may be a racial edge Obama received in the election.

Unfortunately, using only percentages clouds the real facts. 90% for Gore and 96% for Obama might be consistent (6% increase is big especially considering how close it is to unanimous) if the total number of people represented in both cases is the same (which I doubt). Using entirely made-up numbers: say there are 1,000,000 african-americans in America and 50% of them voted in Gore's election and 90% of those who voted, chose Gore. Then say, out of those same 1,000,000 african-americans, 90% of them voted in Obama's election and 96% of those who voted, chose Obama. This means Gore would have received 45% of the African-American vote and Obama would have received 93%. Would you still say the results are consistent?

Because the databases are remote (from Server A) and the DB servers are locked down and will only allow one record queries.

It seems perfectly feasible to me.

1) A part of the salt is static and hidden in application code. This means even in the DB of salts is compromised, deduction of the missing piece is still required (as well as knowledge of its existence).

2) In a example setup there are three servers, the Application/Authentication server that is accepting login requests (Server A), the Database server hosting the DB of password hashes (Server B), and the Database server hosting the DB of the password salts (Server C).

3) The servers are configured so that Server A can communicate with the outside world and servers B and C. Server B can only communicate with Server A. Server C can only communicate with Server A.

In this setup the only server than can be remotely compromised is Server A which does not have direct access to either the list of hashes or the list of salts. In order to get this information an attacker would have to take control of Server A and query both databases, one record at-a-time. The search/index key in both databases would be the username, so the attacker would also need the complete list of usernames as well.

Now, I dreamed up this scenario in about 5-10 minutes. Please explain why it's unfeasible and assume security is high priority consideration.

And if the salts were different on every password were secured separately from the password list, you'd have to try and deduce the salt first, two million times.

I was implying using a different/random salt value for every individual password. It is my understanding that it would be impossible to brute-force a password for a salted hash whose salt is not known. You can get the original value passed to the hash function but not the actual password. You would then have to try and deduce the salt. If this is true then separating the hash from the salt does add security.

Now I may be wrong, but that would only be the case if the salt was stored with the hashes, correct? Which to me seems rather dumb (from a security perspective, not a performance one). To maximize the benefit of salts, the password hashed and their associated salts should be stored in two different databases, running on different servers so that a hacker would have to compromise both to get access to the list. Lock down the Salt DB server so that's it's only able to communicate with the Hash DB server (and nothing else) and will only return one hash request at a time to it.

That's only if you do it without thinking about it first (i.e. use 200 random passwords). It's very easy to come up with your own system of starting with a base password then add things to the end (or beginning) that makes it unique for the particular site (i.e. using an abbreviation of the site name). You can even do this with different levels of base passwords (in case you are paranoid of a hacker specifically targeting you) one secure and one insecure. If you think that is still hard to remember, you can actually write down the modifications you made to the base word (without writing down the base word) and still be secure (this is usually to conform to ridiculous password requirements that, once published, makes the entire system less secure). It's not hard, it just requires a little thought and prior planning.

There, fixed that for ya.