Des (deskitty) wrote,
Des
deskitty

  • Mood:
  • Music:
I had some odd dreams last night. One was about fixing ensuing's computer (and yes, that is odd for me to have a dream about). The other was about waking up (this morning) to find that elvendude had IMed me and my AIM client had somehow managed to sprout some rudimentary AI, figure out it was him, add him to my buddy list and give him the right nickname (my system for assigning nicknames to people is inconsistent and only makes vague sense).

I find the concept of an AIM client with artificial intelligence to be vaguely disturbing. Suppose it started having my conversations for me? That could get messy.

>>>

I woke up (actually woke up, as opposed to "woke up" in a dream) to this in my inbox this morning. This probably isn't much to worry about, at least for now ... but part of computing is understanding the risks. [Read it before you go any further.]

Now, hashing is not the same as cryptography. So if you use, say, SSL to send your credit card over to Amazon, or PGP to encrypt email to your SO ... you're probably still reasonably safe. (Even PGP signatures are safe, because those use SHA1, which is a different--and stronger--algorithm which hasn't yet been broken.)

However, a lot of password systems (including most standard Linux boxen) use MD5. As far as I can tell from looking at their current CVS sources, LiveJournal uses MD5 for storing passwords internally.

But, for the most part, people don't need to worry. Those MD5 hashes are most often stored in a reasonably-protected database behind a firewall. So it would be very difficult for an attacker to even get the hash in the first place. And really, if someone can get enough access to LJ's database to get your password hash, they can probably read all your private entries anyway so it doesn't really matter.

-- Des
Subscribe

  • Prop 35: More Internet Tracking That Doesn't Work

    If you live in California, you've probably heard about Proposition 35, the Californians Against Sexual Exploitation ("CASE") Act. For those not…

  • Open Letter to Bay Area Rapid Transit

    Dear BART, I am appalled and extremely disappointed in BART's decision to terminate wireless service in some San Francisco stations and the…

  • Obama = Bush #2? Maybe...

    This whole thing stinks to high heaven. Imprisoning people indefinitely flies in the face of the Rule of Law, not to mention Due Process rights in…

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 2 comments