LWN.net Logo

Security quotes of the week

Achieving any real security requires that password verification take on the order of hundreds of milliseconds or even whole seconds. Unfortunately this hasn't been the experience of the past 20 years. MD5 was launched over 20 years ago and is still the most common implementation I see in the wild, though it's gone from being relatively expensive to evaluate to extremely cheap. Moore's Law has indeed broken MD5 as a password hash and no serious application should still use it. Human memory isn't more of a problem today than it used to be though. The problem is that we've chosen to let password verification become too cheap.
-- Joseph Bonneau

Beyond that, there's the fact that Facebook "likes" and profile settings aren't necessarily accurate reflections of reality. A search for "Married people who like Prostitutes" seems more likely to turn up people who thought it would be funny to hit "like" on a page called "Prostitutes" than actual johns. And note that those "Islamic men interested in men who live in Tehran, Iran" all say they're interested in both males and females, which probably just means that they interpreted "interested in" in a non-sexual way and decided not to discriminate by gender. Still, I wouldn't envy the hypothetical position of a Chinese citizen trying to convince Communist Party agents that he hit "like" on the "Falun Gong" page ironically or by accident.
-- Will Oremus on Facebook's new search in Slate
(Log in to post comments)

Security quotes of the week

Posted Jan 24, 2013 15:42 UTC (Thu) by dashesy (subscriber, #74652) [Link]

The Will Oremus article is almost correct. I know the phrase "interested in" part is more interpreted as "interested in doing business with" or "interested in becoming a friend with". It is more a lack of language comprehension and to some extent cultural difference; while most people know what "Interested in" means as a phrase, it is the culture that defines it in the context not the language.

Security quotes of the week

Posted Jan 25, 2013 19:45 UTC (Fri) by Beolach (subscriber, #77384) [Link]

Re: Facebook privacy:
An oldie but a goodie. We need more people who do this.

Security quotes of the week

Posted Feb 6, 2013 1:09 UTC (Wed) by Baylink (subscriber, #755) [Link]

One word: Parallela.

Resuable passwords are officially over.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds