But we saw the same thing in reverse for internet access, you used to
own your own internet account, any ISP I've used has either required
some ID, or I've actually interacted with someone from the company. Now with broadband, lots of people may use the same internet account, so
endless logging into other sites.
Most normal users will provide "honest" answers.
On 26/08/18 16:44, Michael Black wrote:
But we saw the same thing in reverse for internet access, you used to
own your own internet account, any ISP I've used has either required
some ID, or I've actually interacted with someone from the company. Now >> with broadband, lots of people may use the same internet account, so
endless logging into other sites.
wait till its IP v6
On 2018-08-27, The Natural Philosopher <tnp@invalid.invalid> wrote:
On 26/08/18 16:44, Michael Black wrote:
But we saw the same thing in reverse for internet access, you used to
own your own internet account, any ISP I've used has either required
some ID, or I've actually interacted with someone from the company. Now >>> with broadband, lots of people may use the same internet account, so
endless logging into other sites.
wait till its IP v6
I am waiting more then 20 years...
I am waiting more then 20 years...
https://spectrum.ieee.org/computing/hardware/behind-intels-new-randomnumber-generator
https://spectrum.ieee.org/image/MTkxMTQ4OQ
"Uncertain Circuits:
When transistor 1 and transistor 2 are switched on, a coupled pair of inverters
force Node A and Node B into the same state [left]. When the clock pulse rises
[yellow, right], these transistors are turned off. Initially the output of both
inverters falls into an indeterminate state, but random thermal noise within the
inverters soon jostles one node into the logical 1 state and the other goes
to logical 0.
"
It's pretty conventional looking to me. No quantums were tortured on that one.
The most fun kind is lava-rand. The usage of lava lamps
(which are thermally driven by a heat source in the base),
to generate random numbers. Cloudflare didn't invent this,
and this is just an example.
https://blog.cloudflare.com/lavarand-in-production-the-nitty-gritty-technical-details/
"In the lobby of our San Francisco office, we have a wall of lava lamps
(pictured above). A video feed of this wall is used to generate entropy
that is made available to our production fleet."
The point is that _if_ you knew how to model the exact behaviour
that causes the "thermal noise", perhaps you could predict it
and thereby find that it isn't truly random. On the other hand,
the general assumption seems to be that it is intrinsically
random, and in practice I'm happy to believe that.
In comp.os.linux.misc Computer Nerd Kev <not@telling.you.invalid> wrote:
The point is that _if_ you knew how to model the exact behaviour
that causes the "thermal noise", perhaps you could predict it
and thereby find that it isn't truly random. On the other hand,
the general assumption seems to be that it is intrinsically
random, and in practice I'm happy to believe that.
Here's a description of a random number generator from my files that
almost doesn't rely on deeper physics and might output data that
is difficult (though I suspect not impossible) to predict:
####################################################################
From: rbmccammon@mmm.com (Roy McCammon)
Newsgroups: sci.electronics.components
Subject: Re: Random Number Generators
Date: 30 Apr 1996 20:56:48 GMT
Organization: 3M
Every time some smart guy thinks he has a source of cripto quality
random numbers, some smarter guy proves him wrong, so I wouldn't
dream of saying the following circuit can produce cryto quality random numbers, but you may want to try it.
The idea is to have two oscillators that have a random relationship to
each other, and then use one to sample the other. I would make two different types at very differnet frequencies and take care that there is no inadvertent
coupling through poor ground or power supply connections. At least one
would probably be very drifty.
Start with an about 10MHz crystal oscilator, and a 1000Hz rc oscilator such as a 555 or a few cmos gates. Uses high temperature coefficient capacitors like Z5U's and even thermisters if you are so inclined for the 1000 Hz oscilator. Run the 10 MHz to a flip flop set up to toggle. Call the
output of this flip flop T1. T1 has close to a 50% duty cycle. Call
the 1000Hz output T2.
Connect T1 to the serial input of a shift register (8 stages should be fine) and
T2 to the clock input of the shift register. Take your random bit stream
at the output of the last stage of the shift register. If you need absolute equal percentages of ones and zeros do this. Take your bits in pairs. Then let 01 be a one and 10 be a zero. Throw away 00 and 11. You can do similar things on greater numbers of bits if you are worried about higher order correlations. Gather the bits up into numbers of the size of your choice.
The purpose of the shift register is to suppress meta-stable outputs. Use only the last stage of the shift register.
Opinions expressed herein are my own and may not represent those of my employer.
####################################################################
In comp.os.linux.misc Paul <nospam@needed.invalid> wrote:
https://spectrum.ieee.org/computing/hardware/behind-intels-new-randomnumber-generator
https://spectrum.ieee.org/image/MTkxMTQ4OQ
"Uncertain Circuits:
When transistor 1 and transistor 2 are switched on, a coupled pair of inverters
force Node A and Node B into the same state [left]. When the clock pulse rises
[yellow, right], these transistors are turned off. Initially the output of both
inverters falls into an indeterminate state, but random thermal noise within the
inverters soon jostles one node into the logical 1 state and the other goes
to logical 0.
"
It's pretty conventional looking to me. No quantums were tortured on that one.
Thanks for the link, that article was an interesting read. I'm not
sure about no quantums being tortured though, the root of the whole
thing is the "thermal noise", described later as "random atomic
vibrations". As I said before, I never managed to penetrate deeply
enough into this to understand it properly (and by now I've
forgotten everything that I did understand), but it certainly goes
further into physics than just electronic theory.
The point is that _if_ you knew how to model the exact behaviour
that causes the "thermal noise", perhaps you could predict it
and thereby find that it isn't truly random. On the other hand,
the general assumption seems to be that it is intrinsically
random, and in practice I'm happy to believe that.
The most fun kind is lava-rand. The usage of lava lamps
(which are thermally driven by a heat source in the base),
to generate random numbers. Cloudflare didn't invent this,
and this is just an example.
https://blog.cloudflare.com/lavarand-in-production-the-nitty-gritty-technical-details/
"In the lobby of our San Francisco office, we have a wall of lava lamps >> (pictured above). A video feed of this wall is used to generate entropy >> that is made available to our production fleet."
It's the best excuse that I can think of for building a wall of
lava lamps. :)
On 2018-08-27, Computer Nerd Kev <not@telling.you.invalid> wrote:
In comp.os.linux.misc Paul <nospam@needed.invalid> wrote:
https://spectrum.ieee.org/computing/hardware/behind-intels-new-randomnumber-generator
https://spectrum.ieee.org/image/MTkxMTQ4OQ
"Uncertain Circuits:
When transistor 1 and transistor 2 are switched on, a coupled pair of inverters
force Node A and Node B into the same state [left]. When the clock pulse rises
[yellow, right], these transistors are turned off. Initially the output of both
inverters falls into an indeterminate state, but random thermal noise within the
inverters soon jostles one node into the logical 1 state and the other goes
to logical 0.
"
It's pretty conventional looking to me. No quantums were tortured on that one.
Thanks for the link, that article was an interesting read. I'm not
sure about no quantums being tortured though, the root of the whole
thing is the "thermal noise", described later as "random atomic
vibrations". As I said before, I never managed to penetrate deeply
enough into this to understand it properly (and by now I've
forgotten everything that I did understand), but it certainly goes
further into physics than just electronic theory.
The point is that _if_ you knew how to model the exact behaviour
that causes the "thermal noise", perhaps you could predict it
and thereby find that it isn't truly random. On the other hand,
the general assumption seems to be that it is intrinsically
random, and in practice I'm happy to believe that.
The problem is that the thermal noise comes about because of the
interaction of the device with loads of other things in the vicinity.
Unless you knew exactly what the state of those other things are (atoms
for example) you do not know what their effect is on the thing you are
trying to use (the reversed biased junction for example) And there are
so so so many other things around that their effect become impossible to predict.
Now, it may be there are "echos" for example. Something affects the device of interest, that device affects back that something which then comes back
and affects the device again. That can produce long time correlations in
the output of the device. Ie, most physical devices have such
correlations, which, if you understand the device and its environment
well, could give you some information about the random stream. Ie,
biases need not just be "this device produces more ones than zeros" But
"if it produces a one now it has a higher probability of producing a one
10 milliseconds later", even if the average probability of producin one
of zero are equal.
The most fun kind is lava-rand. The usage of lava lamps
(which are thermally driven by a heat source in the base),
to generate random numbers. Cloudflare didn't invent this,
and this is just an example.
Well, no. They tend to operate by heating and cooling. The blob is
heated at the bottom, rises to the top where it cools and sinks back
down. That process is probably in large part predictable. Ie, lava lamps
are probably a terrible source of "random bits".
https://blog.cloudflare.com/lavarand-in-production-the-nitty-gritty-technical-details/
"In the lobby of our San Francisco office, we have a wall of lava lamps >>> (pictured above). A video feed of this wall is used to generate entropy >>> that is made available to our production fleet."
It's the best excuse that I can think of for building a wall of
lava lamps. :)
As a source amongst many others it might be useful. As the only source
it is probably terrible.
The problem is that the thermal noise comes about because of the
interaction of the device with loads of other things in the vicinity.
Unless you knew exactly what the state of those other things are (atoms
for example) you do not know what their effect is on the thing you are
trying to use (the reversed biased junction for example) And there are
so so so many other things around that their effect become impossible to predict.
Now, it may be there are "echos" for example. Something affects the device of interest, that device affects back that something which then comes back
and affects the device again. That can produce long time correlations in
the output of the device. Ie, most physical devices have such
correlations, which, if you understand the device and its environment
well, could give you some information about the random stream. Ie,
biases need not just be "this device produces more ones than zeros" But
"if it produces a one now it has a higher probability of producing a one
10 milliseconds later", even if the average probability of producin one
of zero are equal.
They tend to operate by heating and cooling. The blob is
heated at the bottom, rises to the top where it cools and sinks back
down. That process is probably in large part predictable. Ie, lava lamps
are probably a terrible source of "random bits".
At Sun, 26 Aug 2018 16:40:53 -0500 John Hasler <jhasler@newsguy.com> wrote:
Michael Black writes:
What I find interesting is sites that let you sign up without being
physically present. My bank account was like that, I had to supply
some ifnormation that they did know, but wasn't likely to be readilu
available.
The bank doesn't need to know "who you are" (whatever that means). They
just need to be able to be sure that the person taking money out is the
one who opened the account (or an agent of that person).
Government, of course, has other ideas.
Yeah, it is nearly impossible to actually open a "My Social Security" account.
ssa.gov security checks ask for certain info and if it does not match *exactly*, it fails. Eg "51 Locke Hill Road" is different from "51 Locke Hill
Rd" for example. If ssa.gov does not happen to have your phone number on file
and you happen to enter it on the sign up form, you are screwed (you won't be
able to create an account). And when you call them on the phone to get the system to reset itself, the person who answers the phone cannot actually fix it. It is so secure, it protects you from using (stealing?) your own identity.
On Sun, 26 Aug 2018 21:11:02 -0500, Robert Heller wrote:
At Sun, 26 Aug 2018 16:40:53 -0500 John Hasler <jhasler@newsguy.com> wrote: >>> Michael Black writes:
What I find interesting is sites that let you sign up without being
physically present. My bank account was like that, I had to supply
some ifnormation that they did know, but wasn't likely to be readilu
available.
The bank doesn't need to know "who you are" (whatever that means). They >>> just need to be able to be sure that the person taking money out is the
one who opened the account (or an agent of that person).
Government, of course, has other ideas.
Yeah, it is nearly impossible to actually open a "My Social Security" account.
ssa.gov security checks ask for certain info and if it does not match
*exactly*, it fails. Eg "51 Locke Hill Road" is different from "51 Locke Hill
Rd" for example. If ssa.gov does not happen to have your phone number on file
and you happen to enter it on the sign up form, you are screwed (you won't be
able to create an account). And when you call them on the phone to get the >> system to reset itself, the person who answers the phone cannot actually fix >> it. It is so secure, it protects you from using (stealing?) your own identity.
+1!
On 28/08/18 01:17, William Unruh wrote:
They tend to operate by heating and cooling. The blob is
heated at the bottom, rises to the top where it cools and sinks back
down. That process is probably in large part predictable. Ie, lava lamps
are probably a terrible source of "random bits".
Well William, I thought about that, and it occurred to me that there is
a difference between deterministic, and determinable.
There is a reason why Formula one car designers use wind tunnels.
Because although the turbulent airflow over a car is deterministic, in
the limit, it is not fully *determinable*. CFD* software simply cannot
do the job adequately.
(Any more than the same software cabn actually compute climate change
when the atmosphere is massively turbulet which iis the case).
I,e do not fall into the error of thinking that because something is deterministic - like a pencil staning on it's point - it is possible to determined which way it will fall, in practice.
Lava lamps are wonderful examples of chaotic, fully determisitic, yet totally indeterminable, motion.
*Computaional fluid dynamics.
On 2018-08-27, Computer Nerd Kev <not@telling.you.invalid> wrote:
In comp.os.linux.misc Paul <nospam@needed.invalid> wrote:
"Uncertain Circuits:
When transistor 1 and transistor 2 are switched on, a coupled pair of inverters
force Node A and Node B into the same state [left]. When the clock pulse rises
[yellow, right], these transistors are turned off. Initially the output of both
inverters falls into an indeterminate state, but random thermal noise within the
inverters soon jostles one node into the logical 1 state and the other goes
to logical 0.
"
It's pretty conventional looking to me. No quantums were tortured on that one.
Thanks for the link, that article was an interesting read. I'm not
sure about no quantums being tortured though, the root of the whole
thing is the "thermal noise", described later as "random atomic
vibrations". As I said before, I never managed to penetrate deeply
enough into this to understand it properly (and by now I've
forgotten everything that I did understand), but it certainly goes
further into physics than just electronic theory.
The point is that _if_ you knew how to model the exact behaviour
that causes the "thermal noise", perhaps you could predict it
and thereby find that it isn't truly random. On the other hand,
the general assumption seems to be that it is intrinsically
random, and in practice I'm happy to believe that.
The problem is that the thermal noise comes about because of the
interaction of the device with loads of other things in the vicinity.
Unless you knew exactly what the state of those other things are (atoms
for example) you do not know what their effect is on the thing you are
trying to use (the reversed biased junction for example) And there are
so so so many other things around that their effect become impossible to predict.
Now, it may be there are "echos" for example. Something affects the device of interest, that device affects back that something which then comes back
and affects the device again. That can produce long time correlations in
the output of the device. Ie, most physical devices have such
correlations, which, if you understand the device and its environment
well, could give you some information about the random stream. Ie,
biases need not just be "this device produces more ones than zeros" But
"if it produces a one now it has a higher probability of producing a one
10 milliseconds later", even if the average probability of producin one
of zero are equal.
In comp.os.linux.misc William Unruh <unruh@invalid.ca> wrote:
On 2018-08-27, Computer Nerd Kev <not@telling.you.invalid> wrote:
In comp.os.linux.misc Paul <nospam@needed.invalid> wrote:
"Uncertain Circuits:
When transistor 1 and transistor 2 are switched on, a coupled pair of inverters
force Node A and Node B into the same state [left]. When the clock pulse rises
[yellow, right], these transistors are turned off. Initially the output of both
inverters falls into an indeterminate state, but random thermal noise within the
inverters soon jostles one node into the logical 1 state and the other goes
to logical 0.
"
It's pretty conventional looking to me. No quantums were tortured on that one.
Thanks for the link, that article was an interesting read. I'm not
sure about no quantums being tortured though, the root of the whole
thing is the "thermal noise", described later as "random atomic
vibrations". As I said before, I never managed to penetrate deeply
enough into this to understand it properly (and by now I've
forgotten everything that I did understand), but it certainly goes
further into physics than just electronic theory.
The point is that _if_ you knew how to model the exact behaviour
that causes the "thermal noise", perhaps you could predict it
and thereby find that it isn't truly random. On the other hand,
the general assumption seems to be that it is intrinsically
random, and in practice I'm happy to believe that.
The problem is that the thermal noise comes about because of the
interaction of the device with loads of other things in the vicinity.
Unless you knew exactly what the state of those other things are (atoms
for example) you do not know what their effect is on the thing you are
trying to use (the reversed biased junction for example) And there are
so so so many other things around that their effect become impossible to
predict.
Now, it may be there are "echos" for example. Something affects the device of
interest, that device affects back that something which then comes back
and affects the device again. That can produce long time correlations in
the output of the device. Ie, most physical devices have such
correlations, which, if you understand the device and its environment
well, could give you some information about the random stream. Ie,
biases need not just be "this device produces more ones than zeros" But
"if it produces a one now it has a higher probability of producing a one
10 milliseconds later", even if the average probability of producin one
of zero are equal.
Yes, however a circuit that relies on quantum events that
there is not believed to be any method for calculating regardless
of practicality should be (at least) more reliable in that regard
than one that relies on chaotic interactions. The circuit that I
originally referred to (reverse biased transistor) has been
described as relying on the effect of "quantum tunnelling" and
so, presumably, is not reliant on a chaotic system. But, like I
also said, I failed to find out exactly what "quantum tunnelling"
means.
On 2018-08-28, Computer Nerd Kev <not@telling.you.invalid> wrote:
The circuit that I
originally referred to (reverse biased transistor) has been
described as relying on the effect of "quantum tunnelling" and
so, presumably, is not reliant on a chaotic system. But, like I
also said, I failed to find out exactly what "quantum tunnelling"
means.
A situation is which if one regarded the system as made of particles,
all of the particles would be reflected, but if one regarded it as made
of waves, a tiny bit of the wave would get through. Loosely, the
amplitude squared of the wave that got through, over the amplitude
squared of the incoming wave corresponds in the quantum case to a
probability of that small ratio of the particle coming through.
Tunneling because for the particles it is as if there had been a tiny
tunnel bored through that barrier to let some particles through.
That probability is not because on does not understand everything that influences whether or not the particle can get through, but a raw
probability that just is.
a circuit that relies on quantum events that
there is not believed to be any method for calculating regardless
of practicality should be (at least) more reliable in that regard
than one that relies on chaotic interactions.
That probability is not because on does not understand everything that influences whether or not the particle can get through, but a raw
probability that just is.
On 29/08/18 02:22, William Unruh wrote:
That probability is not because on does not understand everything that
influences whether or not the particle can get through, but a raw
probability that just is.
Well that of course is what they are arguing about over at CERN etc. :-)
Is the apparent randomness in fact an emergent property of a deeper possibly chaotic deterministic system :-)
Personally I do not know.
On 2018-08-29, The Natural Philosopher <tnp@invalid.invalid> wrote:
On 29/08/18 02:22, William Unruh wrote:
That probability is not because on does not understand everything that
influences whether or not the particle can get through, but a raw
probability that just is.
Well that of course is what they are arguing about over at CERN etc. :-)
Is the apparent randomness in fact an emergent property of a deeper
possibly chaotic deterministic system :-)
JS Bell who believed that, then proved that there are situations in
which you can prove that mathematically, that that cannot be the case,
Personally I do not know.
Is the apparent randomness in fact an emergent property of a deeper
possibly chaotic deterministic system
JS Bell who believed that, then proved that there are situations in
which you can prove that mathematically, that that cannot be the case,
I am not sure asbout that. I think it cannot be the case for SOME mathematical processes but all?
On 29/08/18 13:25, William Unruh wrote:
On 2018-08-29, The Natural Philosopher <tnp@invalid.invalid> wrote:
On 29/08/18 02:22, William Unruh wrote:
That probability is not because on does not understand everything that >>>> influences whether or not the particle can get through, but a raw
probability that just is.
Well that of course is what they are arguing about over at CERN etc. :-) >>>
Is the apparent randomness in fact an emergent property of a deeper
possibly chaotic deterministic system :-)
JS Bell who believed that, then proved that there are situations in
which you can prove that mathematically, that that cannot be the case,
I am not sure asbout that. I think it cannot be the case for SOME mathematical processes but all?
Personally I do not know.
On 29/08/18 00:00, Computer Nerd Kev wrote:
a circuit that relies on quantum events that
there is not believed to be any method for calculating regardless
of practicality should be (at least) more reliable in that regard
than one that relies on chaotic interactions.
I am not sure that is in fact true.
But I am not enough of a mathematician to tell.
The Natural Philosopher wrote:
Is the apparent randomness in fact an emergent property of a deeper
possibly chaotic deterministic system
William Unruh wrote:
JS Bell who believed that, then proved that there are situations in
which you can prove that mathematically, that that cannot be the case,
The Natural Philosopher writes:
I am not sure asbout that. I think it cannot be the case for SOME
mathematical processes but all?
Bell's theorem: <https://en.wikipedia.org/wiki/Bell%27s_theorem>
Tests of it: <https://en.wikipedia.org/wiki/Bell_test_experiments>
Ah. '*Local* hidden variables'
Thats the get-out clause.
The Natural Philosopher writes:
Ah. '*Local* hidden variables'
Thats the get-out clause.
It's not that easy to give up locality. <https://en.wikipedia.org/wiki/Principle_of_locality>
On 30/08/18 13:48, John Hasler wrote:
The Natural Philosopher writes:
Ah. '*Local* hidden variables'
Thats the get-out clause.
It's not that easy to give up locality.
<https://en.wikipedia.org/wiki/Principle_of_locality>
Oh yes it is!
On 2018-08-30, The Natural Philosopher <tnp@invalid.invalid> wrote:
On 30/08/18 13:48, John Hasler wrote:
The Natural Philosopher writes:
Ah. '*Local* hidden variables'
Thats the get-out clause.
It's not that easy to give up locality.
<https://en.wikipedia.org/wiki/Principle_of_locality>
Oh yes it is!
For someone who does not care about physics or explaining the work, sure
its easy. But if I really have to know about the whole universe to
understand my little region of it, it makes the job impossible.
Except QM does not work that way, which makes on suspect that locality
really has nothing to do with situation. In fact Bell used locality to
make the classical system look as much like QM as possible, not to differentiate it. I have written a (not uncontroversial) paper on that.
On 30/08/18 13:48, John Hasler wrote:
The Natural Philosopher writes:
Ah. '*Local* hidden variables'
Thats the get-out clause.
It's not that easy to give up locality.
<https://en.wikipedia.org/wiki/Principle_of_locality>
Oh yes it is!
Richard Kettlewell <invalid@invalid.invalid> writes:
Ivan Shmakov <ivan@siamics.net> writes:
As a concrete example: suppose your password is 8 random lower-case
characters; suppose it uses crypt(3) with MD5 with 1003 rounds
(which is/was the Glibc default);
your attacker gets the ciphertext of the password
I make that 3E11*3600/1003/720=1.5E9 candidate passwords per
dollar, or $140 dollars to do an exhaustive search.
Yes; that's a fairly specific threat model, which I'd describe as
"the attacker gets one of your passwords and uses that to deduce
some other." That's a huge problem for those who use a single
password, perhaps with slight alteration, across several resources.
i. e. most people.
Now, if that's not the case; the attacker getting the ciphertext
means that the resource was compromised. And somehow, I cannot
readily imagine a plausible scenario where the password's ciphertext
can get leaked without the adversary getting control over other,
more important parts of the system.
Argument from incredulity notwithstanding, it happens all the time.
Yahoo, LinkedIn and Adobe are some high-profile examples from the
last few years.
So, the point is that instead of spending their time causing
inconvenience to their targets, the attackers instead get the
hashes, and can have thousands of accounts compromised at
their leisure? That actually makes sense; not to mention that
it makes possible to sell the data to third parties.
Still, one another thing to recommend is to change one's
password as soon as the leak is known.
Yahoo, LinkedIn and Adobe are some high-profile examples from the
last few years.
Thankfully, I couldn't care less about these specific
companies' leaks.
If that's indeed the case, shouldn't we move the emphasis to
using unique passwords, from the current "be sure to include at
least one punctuation, digit, a capital letter, a kanji and an
emoji; make your password at least 99 characters long; and never
use a dictionary word, of any language, in all of it, ever"?
This is why all of the literature is always hammering on "longer
passwords" and "use more of the possible letters/characters/bytes". Increasing the number of possible letters/bytes in use, and/or the
length (updating the math above for a longer password is an exercise
left for the interested reader) is the most effective way to thwart
attacks. And 'random generation' of the password is the easiest way
for humans to "use more of the possible letters/bytes" available as the password value.
Richard Kettlewell <invalid@invalid.invalid> writes:
Ivan Shmakov <ivan@siamics.net> writes:
As a concrete example: suppose your password is 8 random lower-case
characters; suppose it uses crypt(3) with MD5 with 1003 rounds
(which is/was the Glibc default);
I haven't yet checked the source, but the manual [1] doesn't
seem to mention the hash function being applied repeatedly.
[1] http://gnu.org/s/libc/manual/html_node/
If that's indeed the case, shouldn't we move the emphasis to
using unique passwords, from the current "be sure to include at
least one punctuation, digit, a capital letter, a kanji and an
emoji; make your password at least 99 characters long; and never
use a dictionary word, of any language, in all of it, ever"?
Now, if that's not the case; the attacker getting the ciphertext
means that the resource was compromised. And somehow, I cannot
readily imagine a plausible scenario where the password's ciphertext
can get leaked without the adversary getting control over other,
more important parts of the system.
Argument from incredulity notwithstanding, it happens all the time.
So, the point is that instead of spending their time causing
inconvenience to their targets, the attackers instead get the
hashes, and can have thousands of accounts compromised at their
leisure? That actually makes sense; not to mention that it
makes possible to sell the data to third parties.
Still, one another thing to recommend is to change one's
password as soon as the leak is known.
| Sysop: | DaiTengu |
|---|---|
| Location: | Appleton, WI |
| Users: | 1,030 |
| Nodes: | 10 (1 / 9) |
| Uptime: | 202:27:54 |
| Calls: | 13,341 |
| Calls today: | 4 |
| Files: | 186,574 |
| D/L today: |
3,851 files (1,205M bytes) |
| Messages: | 3,357,120 |