Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:For variable values of "practical" and "relevan (Score 1) 47

Indeed. Not a lot you can do even when you ignore the high effort needed and that it is a 2-sided collision. I do not dispute that you should not use SHA1 when you want security, but the actual attacks possible at this time are pretty much irrelevant. Your list just confirms that. It looks impressive (well, sort of), but when you take into account the effort of each attack and the possible gain, they become meaningless, because higher gains at lower effort are around plenty.

Comment Bullshit (Score 1) 265

Unless you are coding very simple business code, that is never going to work. You will get insecure code with bad or no error handling that does not even work for many inputs and is inefficient in every possible way in addition. Sure, replacing a very bad coder may work that way, but very bad coders have _negative_ productivity, because cleaning up after them is more expensive than coding things from scratch again.

So no, the kind of coding I do (and I do not do it as major occupation, I only do it when the task is difficult enough that our customers fail to find anybody else than can do it and the task is interesting) will not be replaced by AI anytime soon and very likely not ever.

Comment For variable values of "practical" and "relevant" (Score 2) 47

The thing is that there is not actually a lot you can do with an SHA1 hash collision. Sure, you may be able to impersonate a site by use of a fake certificate. But these are around anyways because of CAs with shoddy security and governments that do not understand the value of security and just coerce CAs in giving them out. So an SHA1 collision is actually a bit of overkill for that and likely the most expensive option by a large margin. So what else is left? I do not see anything.

Sure, if this was something Jonny hacker could do in his basement in a week and it was a one-sided collision (i.e. one document is already given when the attack starts, two-sided collisions where you create both documents are much, much easier to do), this may be some not very serious threat, but even that is not the case here.

What remains is a stunt that at best helps to estimate the difficulty of a not very relevant attack. Not that this is actually bad, good researchers demonstrate what their theories mean and a stunt is one form to do it, but the implications of this one are pretty minor.

Comment This is not a technological problem (Score 1) 84

It is a political one. If you travel to a country where they can demand your passwords, they can do equally bad things to you if you have a "travel-mode" configured. The problem is that they can demand your passwords. In a country that respects personal freedoms, that will not happen. Unfortunately, the citizens of most democratic countries are too unaware of history today to understand the value of those freedoms and how hard it was to get them and are not defending them. If you go to such a country, having them look at all your social media stuff from the inside may be the only option. Whether you want to go to a country run by honor-less and decency-less "authorities" that do these things with the general consent of the citizens there is another question.

Incidentally, doing a "travel mode" is easy: Create long random password that you cannot remember, write it down, set it as your account-password and leave the piece of paper it is on at home. Done.

Comment Re:Wealth inequality is a symptom, not the disease (Score 0) 450

Fascinating how you completely miss the problem. The problem is that in the US the fantastically rich get admired. There is no sane reason to do so. You can only get fantastically rich by inheriting (not your accomplishment) or reducing a lot of people from middle-class to poor.

Slashdot Top Deals

"The Avis WIZARD decides if you get to drive a car. Your head won't touch the pillow of a Sheraton unless their computer says it's okay." -- Arthur Miller