Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment It depends what you mean by 'site wide' (Score 2) 151

If you want your files encrypted 'at rest' so that if someone comes and pulls your HDD (or software equivalent) then you can implement a strategy similar to:

(a)Encrypt all content with individual symmetric keys (one key per piece of content) - prefix each piece of content with a key ID (for key lookup on exit) - there are many ways to associate content with a key - prefixing is just the simplest
(b)Encrypt those keys (which you'll need stored locally for performance reasons) with a randomly generated one-time pad stored on a removable hardware device (HSM/USB for example)
(c)Decrypt files as appropriate as they exit your webserver - observe the key ID of the content, ask a process on your machine to give you the symmetric key for that ID, decrypt the content, send it back to the requesting connection.

Don't store the master key and/or one time pad locally, simply have a daemon/service/long running process on your web server require (at startup) you to plugin your hardware device (e.g. read a file from a mount that is only there when you plug the thing in.) This means that stealing the content doesn't do them much good (if they crack a key it's only for that particular piece of content, they'll have to crack lots of keys), and if they get the locally stored symmetric key file it doesn't do them much good either because you're protecting that with a VERY strong key and/or cipher which is stored air-gapped - they'd have to not only steal all the files involved, they'd have to inject into the service/daemon that issues symmetric keys.

This type of approach has performance implications of course, and to make it truly close to unbreakable requires more specifics (process injection prevention, signing and impersonation attack prevention, both on the key request side and the service/daemon unlocking scheme, et cetera) - this would be quite a discouraging system to attempt to break.

My $0.02, YMMV

Comment Why do people pay attention to Kurzweil? (Score 3, Interesting) 161

He's the absolute king at predicting stuff that never happens. He's always talking 10 years ahead - everything with him is "In , is going to happen..."

He's absolute crap - he reminds me of guys who talk all kinds of bollocks about crypto and don't actually understand modular arithmetic ;).

Comment Re:Comparision with competition (Score 1) 353

Ridiculous. You can run nVidia installs silently on Windows if you choose. I have also seen executable based installers on Linux that show advertisements.

It's the same silly argument where people blame Microsoft for all BSODs when, again nVidia being the majority culprit, bad drivers are the root cause - then people like yourself say "well, Microsoft should build a driver model that doesn't allow for BSODs."

Comment Re:Translation (Score 1) 203

That's kind of funny because I had heard there were problems with vs 2012 - especially the betas, but they'd been fixed by the time is moved to it. That was about 8 months into it's lifecycle. Never experienced your problems - again, on all the OS variants I have to support today. Kind of curious that you're using vs 2012 when it's 2017 and anyone who paid for MSDN was eligible for 2013. If you're using the express version, that's even weirder. I'm not aware of any libraries or frameworks that are stuck on vs 2012. Almost seems unbelievable...

Comment Re:Translation (Score 3, Informative) 203

Visual Studio crashes on a whim? Weird, I use it every single day across multiple machines and virtual machines (Win 7,8.1,10, x86 and x64) when debugging Qt applications, and for writing tools for the Windows side of the house - the last crash I experienced was in a 3rd party plugin for Visual Studio 2010 over 5 years ago. I've been using it on the Windows side for decades (all the way back to Visual C++ 1.5 days when I used it and Borland C++) and never had problems with crashing (not that it never crashed, but it rare.)

Submission + - Google has demonstrated a successful practical attack against SHA-1 (googleblog.com)

Artem Tashkinov writes: Ten years after of SHA-1 was first introduced, Google has announced the first practical technique for generating an SHA-1 collision. It required two years of research between the CWI Institute in Amsterdam and Google. As a proof of the attack, Google has released two PDF files that have identical SHA-1 hashes but different content. The amount of computations required to carry out the attack is staggering: nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total which took 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase.

Google says that people should migrate to newer hashing algorithms like SHA-256 and SHA-3, however it's worth noting that there are currently no ways of finding a collision for both MD5 and SHA-1 hashes simultaneously which means that we still can use old proven hardware accelerated hash functions to be on the safe side.

Comment Re:Cures cancer? Gives sight to the blind? Regrows (Score 1) 343

I guess you missed the "for example." Rather than talk about the differences between 72, 80, and the various flavors along the way and their shortcomings - I pointed out something small but important that counters the silly article's "SmallTalk is the magic bullet!" voice.

I still think SmallTalk is cool, and in 85 it was SERIOUSLY cool (image based persistence? Awesome...) Like all other languages - it has issues.

Comment Cures cancer? Gives sight to the blind? Regrows (Score 1) 343

...limbs?

Easy with the hype :).

SmallTalk is cool - and for its time it was incredible really - but it has warts that have held it back forever (including the stupidify of the major players in the market.)

For example - algebraic precedence. When 5 + 5 * 5 = 50 - you're going to have problems with adoption.

In any case - it's a nice shiny hammer. You should have it next to all your other hammers in the toolbox.

Submission + - Princess Leia is gone :( (cnn.com)

Assmasher writes: Carrie Fisher has passed away, aged 60, died yesterday. She was tough as nails on screen as Leia, but a complex, funny, and somewhat fragile person off it. Thanks for the greatness. Oh — and f*** 2016.

Slashdot Top Deals

"The pathology is to want control, not that you ever get it, because of course you never do." -- Gregory Bateson

Working...