Become a fan of Slashdot on Facebook


Forgot your password?

Comment Re:a few hours for one key would be good (Score 1) 236

That would mean nobody is going to break MY key

Yes, obviously the NSA buried a billion dollars of equipment in concrete at the bottom of the Mariana once they finished decrypting Al Qaeda's keys an hour after buying it.

No, your key is #125125215 in the queue. Though since you expressed an interest, I'm sure they can bump it up to be decrypted in the next few months.

Comment Re:specifically, HASHING multiple times weakens it (Score 2) 236

I thought this meant the encryption is applied 5000 times:

People choose crappy passwords like ABCDE so rather than using "ABCDE" as the encryption key (which wouldn't look very random at all and therefore be very bad) for encrypting the content, the password is hashed to something that hopefully looks random, then that hash is used as the key for encryption.

The purpose of repeating that hashing process is to slow down brute force guessing against your password itself, not to protect the contents from cryptanalysis or against brute forcing all the possible hashes directly. If I want to see if your password is AAAAA, I have to repeat the algorithm 5000 times to see if the resulting hash can be used to decrypt the contents. If I don't care what your password is, I could just guess hashes starting with 0x1 to 0xFFF.... The reason attackers put up with the 5000 rounds of hashing is that even if it takes a second to calculate each password's hash, they'd still guess "ABCDE" before they guess which of the 2^x possible keys it produced.

Comment Re:Question: multi-layer encryption (Score 1) 236

It pretty much depends on whether your encryption algorithm may have an alternate key kz where decrypt(k1,decrypt(k2,ct)) = decrypt(kz,ct) and especially where that alternate key may be derivable from the other keys kz=f2(k1,k2)

As an example, consider xor: (plaintext xor key1) xor key2 is equivalent to plaintext xor (key1 xor key2), thus kz is (key1 xor key2).

Comment Re:Did not notice effect at all... (Score 1) 51

Hadn't heard of this McGurk effect before. I was thinking it was something related to how I can still hear the noisy user interface elements in apps and games in my head when I have the sound muted and mouse over those menus that go "tink".

As for the McGurk video I saw of a man saying baa, it worked on me until the voice over told me the man was saying baa. Then I could look at the guy's lips and still hear baa.

Comment Re:Lets talk legality (Score 1) 130

Amazon can sell books for any price they like, down to $0, and the publisher cannot complain. Does that sound right to you? It means if a publisher irks Amazon, they can send book profits spiraling down.

No they can't, not by setting the price to $0. Amazon pays the publisher the wholesale rate of the book, then charges the customer whatever Amazon thinks the customer will pay. If they set the price to $0, the publisher will get rich off of Amazon's losses. Of course, if they were pissed off enough they could charge $10000 and then the profits would spiral.... across to some other retailer who isn't being a jackass.

You know, how competition is supposed to work.

Comment Re:Source code (Score 2) 211

"Every utility I write has an -h switch, which describes the switches option-by-option, followed by short description of the function of the utility, plus gives links to additional documentation."

That's nice. If I ever get attacked by a switch in the wild i'll know I can use -h to tell me what that switch is.

Now that I know what every switch is, tell me how to use them to achieve my goals.

That's what really makes the difference between being a reference and being instructions.

Comment Re:so what are the licensing fees? (Score 1) 85

Trolls generally don't announce what they're selling up front and the sealed settlements generally prohibit anyone saying what they're paying, but it appears that they want about 7-8% for each patent, which means that if your product has more than 4-5 patents in it, your patent payments will quickly become larger than your payroll. If it has more than 12 or so, your software becomes impossible to produce.

Sewing machines had this problem years ago, where rather than patenting a thing, people had run up patents on every little individual piece of the thing from the motor to the needle, so now you have patents on interactive help menus and file dialogs and filesystems in addition to patents on finding out how long you have to wait for your bus to arrive. The solution back then was The Sewing Machine Patent Combine which pooled together the patents and paid the members their share of the royalties from them. Setting aside how it would permanently destroy free (beer or speech) software, that worked fine when there were only 3 patent holders, but history has shown that the more holders there are the more likely someone is to fuck over the combine for profit (eg Rambus screwing over JEDEC by not disclosing its patents to the pool). Why would someone settle for a fraction of the patent pool when they could suck 7-8% direct from the source, especially when the proceeds would have to be divvied up between tens of thousands (if not more) patents?

Comment Re:The problem with robots (Score 1) 736

The experiment worked for Ford, why should it not work for the rest of us?

Why should playing the lotto not work for the rest of us?

Some things work until a significant percentage of people do them, then it quits working. If all work is done by robots, how do you draw a salary to buy the things the robots made?

Comment Re:Why hold back? (Score 1) 736

Where did "&c." come from as what I'm interpreting as a synonym to "etc."?

Random answerr: et cetera is Latin. et, specifically, is Latin for "and" (I'll be damned if I can remember enough highschool Latin to tell you what cetera meant). & is the character for "and".

Now, what'll really blow your mind is that the & character actually started out as a fancy way to write et.

Slashdot Top Deals

The flow chart is a most thoroughly oversold piece of program documentation. -- Frederick Brooks, "The Mythical Man Month"