Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Cloud-Based, Ray-Traced Games On Intel Tablets

mazesc So? (91 comments)

Will this be news everytime a new device is targeted?

more than 3 years ago
top

Cheap GPUs Rendering Strong Passwords Useless

mazesc Re:What about salting? (615 comments)

ah, i was stupid - time delay obviously makes no sense in offline cracking

more than 3 years ago
top

Cheap GPUs Rendering Strong Passwords Useless

mazesc Re:What about salting? (615 comments)

You are right of course, but if you would just store extremely long salts for that reason, it would make more sense to include a time delay between computations. Are such long salts used in practice?

more than 3 years ago
top

Cheap GPUs Rendering Strong Passwords Useless

mazesc Re:What about salting? (615 comments)

It just protects from precomputation of the hash values of the passwords. If there were no salts then the hash value of a given password would look the same in every database (if the same hash function was used). So if you would precompute a rainbow table, where you store the password next to the hash value of the password, you could attack every database easily in the same way by just comparing the hash values and using the password stored next to it in the rainbow table.
Now, with salting we get a unique hash value even if the password stays the same, rendering precomputation useless. The salt, however, is stored in plaintext next to the hash value: (hash, salt).

This does obviously not keep an attacker from computing the hash value = hash(password + salt) - it just helps against rainbow tables.

If you would still want to precompute a rainbow table the amount of memory needed would make it impractical. With n bit salts you would have to store 2^n entries for each password.

more than 3 years ago
top

Cheap GPUs Rendering Strong Passwords Useless

mazesc Re:What about salting? (615 comments)

You are misunderstanding it. Salting only protects from precomputed tables containing (password, hash) entries (rainbow tables) when using a unique salt. I didn't read TFA, but I assume this is a simple brute-force attack. The attacker would just add the salt to each guess, which does not make it any more difficult.

more than 3 years ago
top

Ask Slashdot: Is SHA-512 the Way To Go?

mazesc Re:SHA-1 is fine, but go for SHA-512 (223 comments)

The 5 remaining SHA-3 candidates, however, are new designs. The current SHA algorithms (up to SHA-512) are based on MD4 and have some operations added to incorporate the higher number of message blocks into the hash.

MD4, and MD5 have been badly broken years ago. Some collisions were even calculated by hand. SHA-1 was under heavy attack before the SHA-3 competition started, but there have not been any collisions found yet. Bart Preneel has a great slide as an overview of the state of hash functions based on MD4: http://homes.esat.kuleuven.be/~preneel/preneel_hash_icics10v1.pdf (slide 46)

more than 3 years ago
top

Peugeot EX1 Sets Electric Car Lap Record At Nuerburgring

mazesc Re:Nordschleife presumably (241 comments)

Yes, but it could also be the combined layout. It is unlikely because Nordschleife is driven usually, but you can't be sure because of that.

more than 3 years ago
top

Peugeot EX1 Sets Electric Car Lap Record At Nuerburgring

mazesc Nordschleife presumably (241 comments)

I guess the article refers to the Nordschleife layout? 9 minutes would be awful around the GP layout, but it would be great around the combined layout ... (Nürburgring)

As the article is only shiny pictures and almost no information it is hard to tell.

more than 3 years ago
top

Ask Slashdot: How Prepared Are You For a Major Emergency?

mazesc Re:Seen a few (562 comments)

And don't forget your towel.

I never leave my house without my towel and the "Hitchhiker's Guide to the Galaxy".

more than 3 years ago
top

PS3 Hacker Claims He's Jailbroken 3.60 Firmware

mazesc Re:Unbreakable? (176 comments)

So you mean it is not Sony's fault then? Because if I remember correctly their random number usage was totally flawed and therefore it was no real challenge.

Obligatory http://xkcd.com/221/

more than 3 years ago
top

Nuclear Emergency Declared At 2 Plants In Japan

mazesc Re:So much for the safety of nuclear energy (752 comments)

You are comparing apples to oranges.

Drugs shouldn't have much to do with nuclear energy safety. Moreover, if you start asking about coal mine accidents, you should also consider uranium mining accidents. I have to admit I didn't find much about any accidents, but there are a few. (and probably I would have found more if I had been looking harder) Of course, with nuclear energy you often can't directly find correlation with accidents. What about permanent disposal. How do you know everything will be OK with the nuclear waste we have produced up to now. It has only been a few decades of nuclear energy, so it will take some time before these materials are not dangerous any more.

more than 3 years ago
top

Tiny Transistors Could Be Used To Track Cash

mazesc RFID? (175 comments)

Privacy problems aside: So basically these "tiny transistors" are RFID chips?

From TFA:

These low-voltage transistors could one day provide added security or tracking by transmitting information wirelessly to a scanner.

Security for whom btw? For the banks I assume?

more than 3 years ago
top

Laptop Design For Disassembly

mazesc Re:Manufacturers don't want it (188 comments)

I think manufacturers could be forced to do it. The same way they have been forced to use the same type of phone chargers by the EU.

more than 3 years ago
top

How Watchmen Killed 'R'-rated Fantasy Movies

mazesc Watchmen a box-office disappointment? (771 comments)

I didn't read TFA, but why is Watchmen considered a box-office disappointment? According to this it grossed $185 million and had a budget of $130 million.

more than 3 years ago
top

Windows Phone 7 To Get Multi-Tasking, IE9, Xbox Integration

mazesc Re:Multi-tasking (266 comments)

Exactly. It's just awful, how slowly things are evolving in these locked down mobile systems.

more than 3 years ago
top

Are Gamers Safer Drivers?

mazesc Re:Anecdote (220 comments)

As long as he only drops bananas ...

Man, I hate those red turtles!

more than 3 years ago
top

Abusing HTTP Status Codes To Expose Private Info

mazesc How it works (133 comments)

As the page is slashdotted, I just wanted to post how it is done here:

For GMail, he added an image to his own GMail account, which he set to "visible for everyone". On his own site he added an invisible img and tries to access the image in his GMail account. He then triggers a javascript function depending on the outcome of the img inclusion (onload or onerror), so he can make the decision, if the visitor of his website is logged in to GMail.

For Facebook, Twitter and Digg he uses http status codes. He tries to access some URL (https://www.facebook.com/imike3) via javascript and depending on the status code he gets, he can decide whether you are logged in or not. This attack doesn't work with IE or Opera, because they do not trigger the onload/onerror events when receiving invalid js.

more than 3 years ago

Submissions

mazesc hasn't submitted any stories.

Journals

mazesc has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...