Comments for Miha Valencic

Comment on O negibnem dojemanju by miha

miha — Tue, 09 Aug 2011 08:25:07 +0000

Iz teksta je razvidno da to vsekakor ni zadnja stopnja. Ne vem pa katera je. Bo treba na dopustu se kaj o zenu prebrat…

Comment on O negibnem dojemanju by NT

NT — Tue, 09 Aug 2011 08:17:51 +0000

Je kje navedena tudi ali je to zadnja stopnja duhovnega razvoja ali predstopnja oziroma predpriprava za naprej? Ko dojameš, da nekje obtičiš in veš, da lahko samo rasteš.

Comment on Oh really? Password too long? by miha

miha — Sat, 26 Feb 2011 14:26:03 +0000

Peter, and be sure to read the comments in Thomas’ article. They are also very informative (albeit numerous).

Comment on Oh really? Password too long? by miha

miha — Sat, 26 Feb 2011 14:17:56 +0000

Petar, authenticating RPC-style calls is a different matter. You can do it in the same way as web apps work though -- by establishing a session beforehand and just passing session token to the methods. Or, you can cache credential checks on the backend for that matter. The point is that you need the right tool for the right job. As for bcrypt's slowness with regards to todays standards -- let's say it is much slower than MD5. It's slowness also dependes on the "number of rounds" that you configure (you can have different number of rounds per password, if you wish - more rounds, more secure (and slower). The slowness of bcrypt is not due to poor implementation but rather due to the mathematics involved in it. Different approaches, using CUDA for calculations etc. might make computation faster -- but most probably faster for other calculations (and algorithms) as well. There was a very good article by Thomas Ptacek, and this Stackoverflow page is also informative. You might consider scrypt if you really want to protect against parallel attacks on password hashes. The point being, don't use MD5, and don't, for the love of [insert your Diety], limit password length.

Comment on Oh really? Password too long? by Petar Repac

Petar Repac — Wed, 23 Feb 2011 10:10:29 +0000

Hmm, the reasoning for use bcrypt (it’s first time I hear of it) doesn’t seem good to me.
1) what if you want to allow RPC style calls to your system, then outside system have to authenticate and you are intentionally slowing it down, it is better to build in some kind of logic that every failed attempt slows down next attempt
2) bcrypt is maybe slow by today standards, but Moore’s low still apply
3) maybe will someone derive order of magnitude faster implementation of bcrypt tomorrow

Other than that limiting password length is odd at least.

Comment on Netduino – the beginning by miha

miha — Wed, 23 Feb 2011 07:34:06 +0000

Jim, I bought a cellular shield for Netduino which I plan to use. The shield itself has more functionality than I need at the moment, is quite expensive, but GSM is the only option I have. The alert will be sent via SMS and commands will be received via SMS as well.

Comment on Netduino – the beginning by Jim

Jim — Tue, 08 Feb 2011 17:33:24 +0000

Very nice, how are you planning on doing the SMS piece? My furnace recently went out so I’m going to build some type of temperature alert system and am just now trying to figure out how the alert will be sent. I thought about using the Skype API or even integrating with a real phone but I haven’t looked into it yet.

Comment on Copyright, disclaimer and terms of use by jimmboi

jimmboi — Sat, 17 Apr 2010 07:30:09 +0000

Do you have copy writer for so good articles? If so please give me contacts, because this really rocks!

Comment on WURFL .NET API by miha

miha — Tue, 02 Feb 2010 09:38:51 +0000

You’re welcome.

Comment on WURFL .NET API by ming

ming — Tue, 02 Feb 2010 09:24:14 +0000

真心谢谢！