posted Jul 21, 2016, 2:51 AM by Sami Lehtinen
updated Jul 23, 2016, 2:10 AM
- Diceware - I can't believe I haven't written about this topic. Of course this is all old stuff and I've as everyone else has known about this for ages. But just not mentioning is a fail. Anyway. Diceware is one way to generate passwords. I don't personally really like it, because it makes passwords so long. I prefer higher level of entropy and shorter passwords. Yet as mentioned before, I often consider passwords just as pre-shared keys Don't care about the content, as long as it's random enough. Only thing which I think is great with Diceware is the fact that it can actually make entering complex passwords fast on mobile, where there's Swype or similar keyboard in use. Because the words being used are already in dictionary it could be great. Only bad thing is that most of apps actually disable dictionary when entering password. Which basically works against this entry method. Then you have to write really long password without dictionary, which is painful. Even more painful than entering shorter complex password? Also shorter complex passwords can be learned without any problem when being used daily. I'm not providing any examples, because I have my own set of password derivation systems.
EFF New Wordlists for random Passphrases
- "It contains many vulgar words" - Hahah. I wonder why people are so
sensitive about passwords. If your totally random password is
ub1G sH17 h3!d.
What's wrong with that. Trust me, it's totally random. Nothing
personal. Some password generators even have rules of filtering out
offending passwords. But why? It reduces number of available options and
- Dvorak - Another thing, which everybody should know. I've known and used. But it seems that I haven't blogged about it. I've even used Finnish DAS version of it for a few years. Unfortunately many environments doesn't provide it by default. It would be just so awesome if Windows & Linux & Android would allow to select Finnish (DAS) keyboard when required. But without pre-existing support, it's too annoying to configure it. Even if number of systems I use daily is quite limited.
- How hard can it be to turn on Mobile Hotspot and join it with a laptop. There are just so freaking hopeless people out there. Sigh. Well, it worked, but it took more than one hour. It seems that WiFi (WLAN) is some kind of higher class of science with requires 10 years of academic studies + 10 years of experience to setup and use.
- Absolutely awesome postmortem from Status Exchange Network. Also gives a good view how trivially easy it is to DDoS a website to it's knees, if it contains absolutely horrible and extremely bad recursive code. It's a good question why this trimming happens and view time and not when the data is being saved? Afaik, it's also a bad choice. Why to do same task several times, if doing it once is enough? - Laughable fail, but that happens. I've often mentioned that many programmers don't have a clue what their code actually does. It just works. This should be one of the classic examples.
- Some neat stuff Windows 10 Anniversary update contains: TCP Fast Open (TFO) for zero RTT TCP connection setup. IETF RFC 7413, Initial Congestion Window 10 (ICW10) by default for faster TCP slow start, TCP Recent ACKnowledgment (RACK) for better loss recovery (experimental IETF draft), Tail Loss Probe (TLP) for better Retransmit Timeout response (experimental IETF draft) and TCP LEDBAT for background connections IETF RFC 6817. - Yet all of those options were preknown to me, many of those weren't actually used. Except TFO. I've often also tweak TCP stack settings for systems which require some tuning. It's neat to hear that those are being used by default and do not require registry or tuning with sysctl on Linux. But as we've seen, it'll probably take a long time before applications and server software supports those features. Except of course some high end projects like web browsers and most common web servers, etc.