If you know much about passwords / security / etc don’t read on, you’ll only get bored (unless I’ve got it wrong, so feel free to read and correct!). Anyway,  I was explaining some basics to someone the other day & though there might be others interested.

Passwords have a long tradition of identifying friends from foe by exchanging a secret data. The problem is, once it’s exchanged in the open it’s no longer secret. Whispering may work but if you have to shout it, put it in a letter or plain text email it isn’t going to stay secret.

Say my password is “3″ (numbers are easier to work with and we know computers turn everything into numbers sooner or later so lets start with them). You know it is 3, you ask me for it and if I give it you, know it’s me - trouble is everyone else overheard it so now its useless..

Instead you pass me a number and I add it to mine and pass it back, if it adds up to what you add it up to it’s still me - you say “5″, I say “8″ you figure out 5+3=8 so yes it’s me. Now any listeners in have got to know or figure out the formula and then calculate my password. If we are using a publicly defined standard formula (which on a computer system we probably are) they know the formula so they can figure out from 5+X=8, X=8-5 that my password is 3. If they don’t know the formula they can probably figure it if they hear enough exchanges.

What we need is a formula that isn’t so easy to work backwards - like a square. You say “5″ I add it to 3, square it and say 64. You do the same calculation and get 64, yes it’s me. Now the listener has to do the inverse function, 64=(5+X)^2,  X=square root of (64)-5. Easy with 1 digit numbers or a calculator not so easy with big numbers and just a paper and pencil.

That’s how most security works, don’t exchange the password but mess up some random data with it in such a way that the sender can mess it up them same way and check your answer. Anyone listening CAN figure out the password by reversing the “messing up” process but if we make it complicated enough they will requires years of super computing to figure it out (a figure quoted for RSA 129 digit key is 5,000 years of 1 million instructions per second computing).
A step on from this is public key encryption where I tell you how to mess it up but only I can un-mess it - loosely speaking! http://en.wikipedia.org/wiki/Public-key_cryptography is a bit more accurate

http://www.ephesus.com/Encryption/PGP-Steps.html, and http://home.clara.net/heureka/sunrise/pgpsec.htm seem quite informative too.

For access to my company’s intranet I have to go through a VPN; because of problems with the servers I was getting between 100K and 150K download speeds. Faster than my old dial up but a vast number of sites just aren’t usable at that speed.

Unfortunately that includes just about all our intranet sites - oh well, I’ll be working offline today!

UK Freecycle moderators break away from US network | Environment | guardian.co.uk

Hmm, as a long(ish) time supporter and ex-mod of my local group it all seems a bit messy. At least the Guardian article seems to think that.

Actually it seems OK, What do you need for this kind of thing? An email list, a set of workable rules, some volunteer mods lots of members - there is little need for a management structure (and no need for power crazed Americans, not that I’m saying they are!).

Freecycle is dead, long live the freecycle?

I’m sort of dubious about politicians’ ability to say sorry for anything except their own mistakes but I guess Gordon Brown’s apology regarding the treatment of Alan Turing is welcome. http://www.number10.gov.uk/Page20571

Having just been to the Greenbelt Festival, a christian environment in which gays get a better hearing than most, and having heard some of what Bishop Gene Robinson had to say I am more aware than usual of appalling treatment gays have (and still do in too many environments) receive.

On a personal note, I’m old enough to remember some of the abuses of the 70’s (but no earlier!) and I’m only one generation removed from Turing. My old prof from university days did at one time share an office with Alan Turing - indeed it was joked round the department that was the more likely the cause of his suicide. Maybe not in great taste, but it was the 70’s.

Well sort of, there are a couple of wires but they are more easily managed than the usual. A cable from the mains to the pad and a permanently installed adaptor in your device (oo-er missus).

http://www.wildcharge.com/

I don’t know how new this is but it’s new to me. Anyone tried it?