[mp3]http://podcast.bogosity.tv/mp3s/BogosityPodcast-2013-11-18.mp3[/mp3]
Co-Hosts: Jonathan Loesche and Jakob Morris (AnCapBrony) https://twitter.com/AnCapBrony
Follow-up: Password Security
- Facebook Warns Users After Adobe Breach http://krebsonsecurity.com/2013/11/facebook-warns-users-after-adobe-breach/
- Anatomy of a hack: How crackers ransack passwords like "qeadzcwrsfxv1331" http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
News of the Bogus:
- 12:55 - Cops Called for Underboob Cosplay Controversy http://kotaku.com/cops-called-for-underboob-cosplay-controversy-1464257715
- 15:01 - DOJ Refuses To Let Tech Companies See Legal Arguments It's Making Against Them http://www.techdirt.com/articles/20131112/22472025222/doj-refuses-to-let-tech-companies-see-legal-arguments-its-making-against-them.shtml
- 17:49 - Raising the minimum wage is all the rage, but the winners aren't who you think http://rare.us/story/raising-the-minimum-wage-is-all-the-rage-but-the-winners-arent-who-you-think/
24:43 -
Biggest Bogon Emitter: Barack Obama http://dailycaller.com/2013/11/05/obama-denies-you-can-keep-it-videotaped-promises/?sc=1850820228461930801
- House approves bill to allow people to keep insurance http://www.usatoday.com/story/news/politics/2013/11/15/house-cancelled-plans-bill/3576071/
29:36 -
Idiot Extraordinaire: Faith Salie http://www.cbsnews.com/8301-3445_162-57563689/
This Week's Quote: "Politics is an extension of war by other means...Once you know which side you're on, you must support all arguments of that side, and attack all arguments that appear to favor the enemy side...People who would be level-headed about evenhandedly weighing all sides of an issue in their professional life as scientists, can suddenly turn into slogan-chanting zombies when there's a Blue or Green position on an issue." —Eliezer Yudkowsky
Note: The Bogosity Podcast will be taking two weeks off for the Thanksgiving holidays. (All right, all right, and the Doctor Who 50th anniversary as well.) See you in December!
if you need a second co-host, give me a call and ill be happy to do it again.
If you check the history of password cracking, it turns out that older style UNIX systems (which often had maximum password lengths) have been in real trouble for at least 20 years. Prior to password shadowing, everyone had to have access to the password file, so everyone had access to all the usernames, and all the password hashes and their salts. If the maximum length was 8 characters (which was a real limit on many systems), storage got cheap enough about 20 years ago to store lookup tables of all possible passwords hashed with all possible salts on reasonably priced hardware.
Quote from: evensgrey on November 21, 2013, 09:35:37 AM
If you check the history of password cracking, it turns out that older style UNIX systems (which often had maximum password lengths) have been in real trouble for at least 20 years. Prior to password shadowing, everyone had to have access to the password file, so everyone had access to all the usernames, and all the password hashes and their salts. If the maximum length was 8 characters (which was a real limit on many systems), storage got cheap enough about 20 years ago to store lookup tables of all possible passwords hashed with all possible salts on reasonably priced hardware.
That was never the case on systems like Linux or BSD, which always had shadowing and also a greater number of salts. Linux Mint uses SHA512 out of the box (so probably Ubuntu does, too). You'd have to get superuser access to even BEGIN to crack them, in which case, it's all over.