Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment Re:Yes, SHA1 security is questionable.. (Score 1) 217

You and the author of the article both seem to be missing one important aspect of password hashing. You're never supposed to apply a particular hashing algorithm directly to a password. Instead the user's password should be combined with some salt(random data) and then hashed. The resulting hash can still be brute forced, but any resulting hashes can't be used as collisions for other stored hashes as they require a different known salt to be used. In other words, while it took the author 49 minutes he only had to compute 6^n number of hashes where n is the number of possible characters per position (lowercase, uppercase, numeric?). If each hashed password had a different known salt appended, he would have had to compute 14 * 6^n number of hashes. This is an order of magnitude larger than the original time. Of course, this only applies if the salt is known. If the salt is unknown during the brute-force it's practically impossible to discover the original password.

Comment $10,000 (Score 1) 16

Sadly it seems a lot of people still think $10,000 is a briefcase full of cash. Lets break it down shall we.. Assuming they used standard US bills we get the following:

  1. $10,000 = $100 x 100 bills = 1 stack of 100, $100 bills
  2. $10,000 = $50 x 200 bills = 2 stacks of 100, $50 bills
  3. $10,000 = $20 x 500 bills = 5 stacks of 100, $20 bills
  4. $10,000 = $10 x 1000 bills = 10 stacks of 100, $10 bills
  5. $10,000 = $5 x 2000 bills = 20 stacks of 100, $5 bills
  6. $10,000 = $1 x 10000 bills = 100 stacks of 100, $1 bills

At 0:14 when they open the case you can clearly see several stacks marked as $100, some as $50, and some as $5. If the briefcase truly has $10,000 in it, the stacks marked with $100 bills must be filled with something other than $100 bills as a single stack would equal the amount the briefcase was said to hold. Given the variety of bills in the case, it appears they went to a lot of trouble to convince us that they gave away $10,000 USD. The reality is they probably didn't, and that the entire thing was just as staged as the briefcase full of cash.

Comment Re:And who ... (Score 1) 297

I completely agree. Remove the word "lawful" from all sections and I'll be much more supportive of their efforts. If all content and application communications were protected under the First Amendment then word "lawful' would only serve to restrict that right in the future by designating specific things as "unlawful". The last thing we need is government overview of what applications or content are considered "lawful".

Comment Re:Science =! Public Policy (Score 1) 899

I blame the sorry state of US public education, where the science teachers can make the fascinating into something as dull as watching paint dry.

When it comes to schooling, we sure as hell don't get what we pay for.

The missing element is competition at the primary and high school level. We still have competition at the university level, and the USA still has world-class universities. When students have a choice of where to go, incompetence isn't rewarded.

Setting the question of whether government should fund schooling aside, it's quite obvious that granting public schools a monopoly on the disposal of taxpayer funds has been a disaster. When they fail, they beat their chests and demand more funding. It's asinine.

-jcr

Comment Re:My experience with city-wide Wifi (Score 5, Insightful) 259

TFA is referring not to de-facto ubiquitous coverage by multiple independent access points, but by a single, centrally run mesh of access points owned and operated (at least partially) by the municipal government.

At least in the USA, this has largely been quashed by the telcos in the courts, claiming that such networks are unfair competition to their price gouging mobile data plans.

Comment Re:Bye Bye Monopoly (Score 1) 295

The problem is that you need jailbroken iphone...

This may be true for the moment, but now that someone is actually capitalizing on jailbroken iphones, Apple's attempts to completely restrict people from installing what they want on their devices could be construed as anti-competitive behavior by a judge. That is, if they were to secure all flaws in the phone's operating system via an update and not provide people with the availability to install software from a competing vendor, Apple could face some serious fines for effectively trying to eliminate the competition.

If this ever winds up in court, Apple might try to argue that jailbroken iphones are against the DMCA. The competing store however might argue that it was done for "compatibility" purposes, which last I recall was allowed under current copyright laws. In the end if something like this does ever happen, it'll definitely be a case worth paying attention to.

Comment PBS (Score 3, Interesting) 325

PBS had a great 1 hour segment on this not too long ago. Their segment covered the rapid decline in albatrosses due to offspring being fed the plastic from the pacific. I haven't been able to find the complete coverage of the segment I saw on my local PBS station, but I have managed to locate part of it here titled: World's Oceans Face Problem of Plastic Pollution

Comment Re:Abandon Email (Score 1) 284

While I agree that web based email clients may be the way of the future, it will be a long time before messaging services provided by sites like MySpace or Facebook replace traditional email services. The main problem with these services is their inability to relay messages to users of different sites.

From a technical POV, the move to web based email services could actually be considered a good thing since it abstracts the underlying system from the user. That is to say, users need not know how it works or how to make it work, only that it does what they expect it to do. If web based email were to completely replace desktop email clients, we would be free to modify and correct the shortfalls of the current system without having to conform to protocols imposed by existing desktop based email clients.

Data Storage

US District Court Says Calculating a Hash Value = Search 623

bfwebster writes "Orin Kerr over at The Volokh Conspiracy (a great legal blog, BTW) reports on a US District Court ruling issued just last week which finds that doing hash calculations on a hard drive is a form of search and thus subject to 4th Amendment limitations. In this particular case, the US District Court suppressed evidence of child pornography on a hard drive because proper warrants were not obtained before imaging the hard drive and calculating MD5 hash values for the individual files on the drive, some of which ended up matching known MD5 hash values for known child pornography image and video files. More details at Kerr's posting." Update: 10/28 16:23 GMT by T : Headline updated to reflect that this is a Federal District Court located in Pennsylvania, rather than a court of the Commonwealth itself.

Slashdot Top Deals

There is no likelihood man can ever tap the power of the atom. -- Robert Millikan, Nobel Prize in Physics, 1923

Working...