Evidon provides reports to different types of companies that give them information about what trackers appear where, how prevalent they are and/or whether they're in compliance with privacy laws. High-level reports, not "your data."
pokoleo forgot to mention that 1. GhostRank, the feedback feature of Ghostery, is very explicitly opt-in: no data is collected unless you enable it, and 2. We anonymize all of the data that's collected. We have no interest in tracking individual GhostRank users. What's interesting to us is being able to say "This tracker appears on the most websites, or causes the biggest slow-down of a page load on average."
Because it makes sense. These sorts of things normal are allowed to go through so that horrible unintended consequences can be wrought on the unsuspecting.
So I assume it has multiple returns? Some smart built in error class I could actually see that removing the need for exceptions, yes.
One new way I've found interesting in obj c is giving functions (an) error handling block argument(s). It nicely does what java unhandled exceptions warnings do: make the user aware of his actions.
It's not that the size doesn't matter; it's just that it's not as significant. It becomes very, very hard to compute rainbow tables after just a few random bytes. No matter how long the salt is, it doesn't do anything to prevent somebody from trying to guess the original input for a given digest using a brute force approach, though. So usually the salt has less than e.g. 256 bits of entropy just because it takes up less space.
Sure, a very large salt might slow down the first iteration a little (but not necessarily subsequent ones, and it wouldn't require more memory, at least with most hash functions), so you're almost always better off just stretching the key--then you save the storage costs too.
OpenID and OAuth really did a lot, but there's just nothing called "don't use passwords." Fingerprint readers suck. Anything biometric that doesn't suck costs too much, and 99% of people don't have them. A good KDF is not bad in comparison to a centralized authentication server considering other factors.
Someone, somewhere will be storing user passwords/digests for the foreseeable future. And they will do it incorrectly.
Sure, but the number of those people should become vanishingly small over time.
HN is full of web developers rolling unnecessary username/password solutions. The fact that this is such a hot issue - as opposed to esoterica like TCP frame size - shows that far too many developers are homebrewing solutions rather than outsourcing.
I agree, but "outsourcing" includes using libraries written by people who know what they're doing. (And not using libraries written by people who know what they're doing, but which are the wrong tools for the job.)
So something like a HMAC digest generated using a pepper stored in the source code/binary or on disk before passing it to bcrypt/scrypt? :)
This only really protects against SQL injection attacks, though/when there is actually a separation between where you store the bcrypt digests and where you store the pepper. (Granted, there are a lot of SQL injection attacks.)
Exactly, most commonly with these things is that the db was dumped which does not imply that the source code was accessed. If the source code was accessed they normally don't need a db dump. (unless it was read-only)
The first section of the article IMHO was not needed in regards to a simple hash. Forums have been hashing their passwords with salts for how long now ?
Evidon provides reports to different types of companies that give them information about what trackers appear where, how prevalent they are and/or whether they're in compliance with privacy laws. High-level reports, not "your data."
pokoleo forgot to mention that 1. GhostRank, the feedback feature of Ghostery, is very explicitly opt-in: no data is collected unless you enable it, and 2. We anonymize all of the data that's collected. We have no interest in tracking individual GhostRank users. What's interesting to us is being able to say "This tracker appears on the most websites, or causes the biggest slow-down of a page load on average."
More details here:
- http://purplebox.ghostery.com/?p=1016023438
- http://www.ghostery.com/faq#q14