Leo's Blog
If Everything Just Worked...
What would you do if you could count on technology always just working? What's stopping you? I'm honestly curious...
Continue Reading: If Everything Just Worked...
https://askleo.com/21965
Featured
Stop Spreading Manure
It's an example of yet another brouhaha. A report a few years ago that Google blatantly admitted that you should have no expectation of privacy whatsoever when using their services. The internet went crazy. Many sources seemed to say, "How outrageous! We told you so! Google is evil!" Mainstream news outlets picked up stories from smaller publishers and they all seemed to confirm the entire sordid mess.
Except the internet was wrong. Manure, to use a polite term, was being spread far, wide, and fast.
That's where things get complicated.
Continue Reading: Stop Spreading Manure
https://askleo.com/9419
•
What Security Software Do You Recommend?
As you might imagine, I get questions like this all the time. As a result, I do have recommendations for security software and techniques to stay safe in various articles all over Ask Leo!
To make your life a little easier, here's a short version that sums it all up.
Continue Reading: What Security Software Do You Recommend?
https://askleo.com/3517
Sponsor
Previous Issue
- Ask Leo! #594 - Getting Old is Getting Old, Different Passwords, Backing Up Multiple Disks, and more...
- Why Is It So Important to Use a Different Password on Every Site?
- How Should I Back Up My Hard Drive with Several Partitions to an External Drive?
- On Aging and Being "Too Old"
Most recent forum posts
Questions recently posted at The Ask Leo! Forum. If you see "Answer Needed!", maybe you can help!
- Fragmentation
- What happened to my Screenshot? It's disappeared!!
- can't open pdf files
- Browser problems / admin permissions
- To Yahoo or not to Yahoo?
- Replacement for MozBackup
- print the folders and their contents in Hotmail (Answer Needed!)
- How can I permanently get rid of Dropbox?
- vista sp2 int exp 9 cant install 800f081f
- autosaved while only part saved in doc how recover
- deleted personal folders still shown in properties
- direct iPad email client wanted
- Files are empty after copied from pc to flashpen
- Disc drive not showing
More: All forum questions in need of an answer.
Glossary Term
rainbow table
A rainbow table is a complete list of all possible passwords up to a given length, with their corresponding hash for a given hashing algorithm.
When implemented properly, passwords are never stored directly by software. Instead, a mathematical hash is stored instead. For example instead of storing the password "iforgot", software might store a value calculated from that password, such as "62072d95acb588c7ee9d6fa0c6c85155". When someone logs in using the password, the hash is calculated again, and if it matches the saved hash then the password must have been entered correctly.
This approach safeguards passwords themselves because the password cannot be recovered from the hash. Even if the hash were exposed, as is often the case in large scale data breaches, it would be of little value to a hacker as they would be unable to determine the corresponding password.
A rainbow table takes a brute force approach to this problem. For a given maximum password length the hash values for all possible passwords are calculated and stored in a table. If a hash is known it can simply be looked up in the table to determine the corresponding password with no further calculation required.
Rainbow tables have severe limitations that make them less useful than we might fear.
- Password length. A rainbow table for 8 character passwords might be on the order of 20 trillion entries in length – currently a somewhat manageable number. Tables for a 10 character password requires over 4 quadrillion entries, and for a 12 character password it approaches 9 quintillion. The time to create such large tables, as well as the space to store them, remains impractical.
- Algorithm-specific. There are several standard hashing algorithms, and which was used would have to be known. A rainbow table would need to be created for each different algorithm. In addition, some algorithms are designed specifically to be slow; while fast enough for single-password use, when applied to all possible passwords it becomes impractical.
- Easily invalidated. Hashing algorithms are now often applied not on the password alone, but on some modification of the password. For example rather than just hashing "password", an implementation might hash "accountname-password". This breaks the general purpose nature of rainbow tables.
Current best practice in password storage is to use all three: long passwords, a "slow" hashing algorithm, and a modified hash.
Glossary Terms are featured selections from The Ask Leo! Glossary.
Have a term you'd like defined? Submit it here.
Featured Comments
Stop Spreading Manure
Ray Smith writes:
While the "ham dog" incident was quite amusing....
.... it also served to prove an important point: namely, that some people are quick to believe even the most improbable stories. In the case of the "ham dog" story, that may not be too much of a problem; however, if it's a story about, say, vaccines causing babies to be born with chimp-like faces or a story about measles being completely harmless, then it becomes much more of a problem. Some people will believe it and base their actions/inactions on that belief.
On Aging and Being "Too Old"
Randee T. writes:
Right on Leo! I too get that from "old people" when I ask them if they have a Facebook account or are a member of some organization that posts on it's website.
I mention that Facebook is a great way to keep in touch with family members and share pictures etc. Plus I tell them being on the computer it good for their brains and dexterity. Poo Poo..they aren't interested. They worked on a computer at work and now want to stay away from them.
I tell them that the New Yorker cartoonist Hirschfield worked up until the day he died at 100 drawing for the magazine!
I love being on my computer and I have an Android phone. I know how to work on Adobe Photoshop and I love learning new stuff
from your FB page, BrainDrippings, Wired, Metal Floss, and other like pages and I love watching TED video's.
I am not afraid of Technology. I find it amazing and lots of time beyond me, but so what!
I like the homey background on this video instead of the blue background. Thanks Leo!
Alex writes:
I suppose what it boils down to is when I was younger I would be more willing to spend time on learning things that would be seldom utilised.
Advancing age becomes a barrier to that because you wish to make the best use of your more limited time. So I do feel to say you are too old is valid in the context of time left and desire of how to use that time and doesn't necessarily imply that you are saying you can't physically or mentally do something.
Leo writes:
Not wanting to spend the time has nothing (or at least little) to do with age. There are young people who don't want to spend the time, or don't see it as a priority. So ... don't hide behind age, just say you don't want to take the time....
Ask Leo! on Business
Recent posts...
Let's Get Mobile
Providing a good experience for visitors on mobile devices is important for a number of reasons. Fortunately, there are ways to make it relatively easy.
Read: Let's Get Mobile
On Writing: You're Now A Writer
A content marketing strategy implies that you have, and create, content for your audience. That means embracing the fact that you're a writer.
Read: On Writing: You're Now A Writer
Leo's Books
|
|
|
|
|
|
|
|
|
More Ask Leo!
Facebook -
YouTube -
Google+ -
Twitter
Amazon -
GoodReads
More..
Administration
Need more help with or have questions about the newsletter? Check out the newsletter administration page.
Help Ask Leo! Just forward this message, in its entirety (but without your unsubscribe link below) to your friends. Or, just point them at https://newsletter.askleo.com for their own FREE subscription!
Newsletter contents Copyright © 2016,
Leo A. Notenboom & Puget Sound Software, LLC.
Ask Leo! is a registered trademark ® of Puget Sound Software,
LLC
