Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Let's use good password strength checkers! (Score 1) 498

Attackers use probabilistic models to break passwords, but the rules that we typically use to defend against them are typically quite bad.

So, there is a pretty good password strength checker that we can use: .

But we can even do better: a couple of years ago, with a colleague, I've written a paper to show how you can evaluate pretty precisely how much work attacks using probabilistic models need to break your passwords (; since then, I've released the code online ( If anybody is interested in using it in the real world, please contact me!


Submission + - An Algorithm For Better Password Checking

della writes: Password checkers — those things that tell you whether your password is strong or not — are good: various studies have found that they make users choose better passwords. Unfortunately, nowadays attackers use probabilistic strategies based on natural language processing to guess passwords earlier, and most checkers consist of heuristic rules that don't reflect well probabilistic attacks. To do better you could in theory simulate the attack, but if your password is not that bad, that would be very expensive or just unfeasible.
In a paper I wrote with Maurizio Filippone and presented at ACM's CCS conference, we show how you can take an attack model and a password, and through a simple formula come up quickly with a reliable estimation of how many guesses that attack would need to guess the password. You can use this to roll a better password checker, or — as we've also done in the paper — to compare different attacks. The MIT Technology Review also covers our work.

Comment The reasons of one of the voters (Score 1) 848

It's very arguable that building nuclear plants is not progress. Before jumping to conclusions, please take into account some points from a person that voted against the government's nuclear plan. To make a long story short, Italy is very different from the US.

- Italy was already out of nuclear, the vote was on whether to re-enter. Investing on nuclear would mean spending a large amount of money now, to reap the benefits in, optimistically, 15 years (in Italy, times to build infrastructure are much longer than other countries). Can you be sure that nuclear power plants, with the uncertainties on the price of nuclear fuel, will not be obsolete in 15 years?
- It's impossible, AFAIK, to estimate the true cost of nuclear energy: handling nuclear waste on the long term is basically an unsolved problem.
- Italy doesn't have nuclear weapons: this raises costs with respect to countries that already have a big budget in nuclear military uses.
- Each part of Italy has seismic risk: in general much lower than Japan, but this is still a deterrent
- Italy is densely populated (one fifth the population of USA in one thirtieth of the area) and full of mountains: any place you build a nuclear plant -- or you place waste -- you'll be very close to a lot of people
- Italy is a country with, unfortunately, very high corruption and low discipline: we're worried that a society which is not able to keep regular waste out of the roads of one of its main cities might do something very dangerous with nuclear waste -- remember, we have no desert far from everybody where to bury it. The huge investments needed for nuclear energy will raise the interest of mafias and corrupt politicians: we can't at all assume they're acting for the collective good.
- Italy is a country with abundant possibilities in terms of hydroelectric, solar and geothermal power generation. It's weird that the rainy Germany has so much more solar than us! In addition, take into account that when sun is not working, we can still buy (at very low costs!) the excess energy from the French power plants.
- Last but not least, the vote had the beneficial effect of being a huge blow for Berlusconi's government. The discussion on how much he damaged is country is, however, off topic. Three other topics were voted simultaneously, one of them canceling a law made "ad-hoc" to allow him to postpone his trials.

Does the vote make more sense, now?

Slashdot Top Deals

The reason computer chips are so small is computers don't eat much.