Announcement

Collapse
No announcement yet.

Cheap GPUs render strong passwords useless

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • There are probably at least a dozen modern art museums in the world that currently have toilets on display. However, their plumbing probably doesn't work, so it's unlikely that a plumber will ever work on an art piece.
    <p style="font-size:1024px">HTML is disabled in signatures </p>

    Comment


    • The vast majority of people who hire plumbers are not looking for someone who can create beauty. They just want the toilet fixed.

      Comment


      • That's not what porn would have you know.
        If there is no sound in space, how come you can hear the lasers?
        ){ :|:& };:

        Comment


        • Originally posted by Koyaanisqatsi View Post
          *sigh*

          Perhaps I should ask you to elaborate on why you think it is not a good practice for developers to follow?
          (\__/)
          (='.'=)
          (")_(") This is Bunny. Copy and paste bunny into your signature to help him gain world domination.

          Comment


          • For the same reason I already gave: it's generally a poorly implemented solution that assumes "private" information is actually private when it is easily discoverable. It's most often used as either a secondary authentication factor or for password recovery. Password recovery is the really bad part since it is essentially a proxy password that can be used to reset the real thing, turning easily discoverable information into information that is supposed to be private. All it does is add an attack vector.

            As an authentication factor, there are a couple of problems. I already mentioned that it doesn't add much beyond a password since–even assuming we're only dealing with automated attacks–the answers to many questions are either minable now or will be soon. (The only reason this could be considered too sophisticated an attack or too much effort is all the other low-hanging fruit out there makes it unnecessary, but that's like the joke about not outrunning a bear, just outrunning your slowest friend.) The suggestion that people just fake their answers is fine for the users that understand what's going on, but if you think that's going to happen on a large scale there will be one of two results: either most people will ignore you and answer the questions honestly, or they'll try to follow the suggestion, promptly forget what their semi-related answer was, and end up calling support. Either way, not a good result for the majority of users who either gain very little protection or end up costing time and money to get squared away. Building a solution that requires users to follow unwritten instructions is just bad design.

            There's also a bit of a security theater aspect to it. People feel more secure because those questions are there, but when the questions are trivial they're no more than a speed bump. But since they're there, users think their account is safe and developers aren't pressed to find a better solution. Yeah, SecurID was breached recently, but two-factor hardware authentication is one of the better solutions out there. Even NSTIC went in that direction, though I'm not exactly thrilled with a lot of their proposal. Despite this, non-techs look at these foolish little questions and think they're sufficient...there's even a court case right now that looks like it will rule them to be a reasonable security measure. Most of Europe already knows better, but because developers have pushed a half-assed solution we now have a US court that is about to declare it good enough.
            "In the beginning was the Word. Then came the ******* word processor." -Dan Simmons, Hyperion

            Comment


            • Originally posted by Dauphin View Post
              He's currently managing a team, across three continents and two planets, that is writing a programme that can auto-respond with pwnage. It will increase his productivity 327% (or thereabouts, the maths guys aren't available to explain it to him), giving him plenty of time to not write his own code.
              ITYM "it will increase his productivity exponentially"!

              Missed opportunity.
              Jon Miller: MikeH speaks the truth
              Jon Miller: MikeH is a shockingly revolting dolt and a masturbatory urine-reeking sideshow freak whose word is as valuable as an aging cow paddy.
              We've got both kinds

              Comment


              • Originally posted by Asher View Post
                First class schools use something like this:
                I graduated less than 2 years ago...and we had chalk boards?
                You just wasted six ... no, seven ... seconds of your life reading this sentence.

                Comment


                • Originally posted by Hauldren Collider View Post
                  That's not what porn would have you know.
                  "The Christian way has not been tried and found wanting, it has been found to be hard and left untried" - GK Chesterton.

                  "The most obvious predicition about the future is that it will be mostly like the past" - Alain de Botton

                  Comment


                  • I have a 30 minute 1 on 1 meeting with Bill Buxton this afternoon. Suck it, *****es!

                    If you don't know who he is, you don't care anyway.

                    I am excited.

                    One of his former pupils may have been one of Kuci's profs...
                    "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
                    Ben Kenobi: "That means I'm doing something right. "

                    Comment


                    • Where is the math in steelwork and taxi driving?
                      Quite a bit of spatial reasoning. Knowing where you are and being able to calculate the fastest route from a to b? Most experienced drivers basically keep a city map inside their head. I know I did when I drove for years.
                      Scouse Git (2) La Fayette Adam Smith Solomwi and Loinburger will not be forgotten.
                      "Remember the night we broke the windows in this old house? This is what I wished for..."
                      2015 APOLYTON FANTASY FOOTBALL CHAMPION!

                      Comment


                      • However, their plumbing probably doesn't work, so it's unlikely that a plumber will ever work on an art piece.
                        That is just ****. Zero craftsmenship, just tossing stuff together and pissing all over everybody.

                        Ever try to design plumbing?
                        Scouse Git (2) La Fayette Adam Smith Solomwi and Loinburger will not be forgotten.
                        "Remember the night we broke the windows in this old house? This is what I wished for..."
                        2015 APOLYTON FANTASY FOOTBALL CHAMPION!

                        Comment


                        • Originally posted by gribbler View Post
                          Toilets are not objects of beauty. ****.
                          Ever heard of "Fountain" by Marcel Duchamp?
                          "Flutie was better than Kelly, Elway, Esiason and Cunningham." - Ben Kenobi
                          "I have nothing against Wilson, but he's nowhere near the same calibre of QB as Flutie. Flutie threw for 5k+ yards in the CFL." -Ben Kenobi

                          Comment


                          • Originally posted by Ben Kenobi View Post
                            Quite a bit of spatial reasoning. Knowing where you are and being able to calculate the fastest route from a to b? Most experienced drivers basically keep a city map inside their head. I know I did when I drove for years.
                            When did you come up with this "everything is either math or art" thing? Have you always believed it, or did you invent it for this thread?
                            <p style="font-size:1024px">HTML is disabled in signatures </p>

                            Comment


                            • BK OWNED YOU ALL

                              I need a foot massage

                              Comment


                              • <p style="font-size:1024px">HTML is disabled in signatures </p>

                                Comment

                                Working...
                                X