izakage | 3 years ago | on: A Love Letter to Geocities Sites
Another one with similar graphics might have been “HTML Goodies”
izakage's comments
izakage | 13 years ago | on: "j" for switching directories - hacking "cd" with python
There's also "dirs" to view the directory stack!
izakage | 13 years ago | on: Apple Adds Two-Step Verification to iCloud and Apple ID
If passwords were hashed+salted client-side, an attacker could use the hash+salt in exactly the same way as they would a 'raw' password.
So the answer is no; the strength measurement would be done on the server when the password is being hashed or verified.
izakage | 13 years ago | on: What Coke Contains
Here's a link to the mentioned video:
izakage | 13 years ago | on: OSX password script for everyone to know
I was simply trying to clarify the challenge-response mechanism for the parent poster, not suggesting you use keychain dongles everywhere.
Regardless, the idea that the plaintext password doesn't have to leave the device (whether the device is a dongle, your phone, or the keychain application) is a valuable consequence of the challenge-response mechanism, and I wish support for it were more widespread.
izakage | 13 years ago | on: OSX password script for everyone to know
The server sends a challenge to the client. The client computes response = f(challenge, password), and sends the response. Then the server compares the response with its own computation of f(challenge, password). Since f is some type of hash function, we can assume that the client knew the actual password, as it would have been too hard computationally to come up with the correct response without it.
In such a scheme, the keychain can do the computation and the password never leaves the keychain. We can even go as far as to have the keychain be separate hardware (eg USB dongle), so the password never even has to exist on the client's computer at all.
izakage | 13 years ago | on: The White House just open sourced their first Github repo
I am curious about GPL compatibility in this situation. According to [1], software developed by US federal government cannot be licensed under the GPL since it is automatically in the public domain. However, the github repo readme makes the following claim:
"The project utilizes code licensed under the terms of the GNU General Public License and therefore is licensed under GPL v2 or later."
While I applaud this effort and wish to see more like it in the future, is there a possible issue with licensing here?
[1] http://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html#GP...
page 1