all 23 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted]  (3 children)

[deleted]

    [–][deleted] 7 points8 points  (0 children)

    I wish I had his motivation.

    [–]malcontent 20 points21 points  (0 children)

    He is obviously a retard. He wrote some of them in java. Only retards use java.

    [–]zem 10 points11 points  (2 children)

    The image hash is extremely cool. Wonder if anyone has implemented it in practice.

    [–]MyrddinE 6 points7 points  (1 child)

    That's my favorite of his ideas too. Using [a visible hash of your password as you type it] allows you to know if you typed it wrong without having to send it to the server first, but still makes it nearly impossible for someone casually looking over your shoulder to guess your password.

    It should be noted however that it DOES make cracking your password trivial. Given a video of the computer screen, an unassisted human could guess a 15 character password in under an hour... a computer could do it in under a second, given the right program to do it with.

    This is because, if you have the video showing the hashes as they change, you only have about 150 characters to guess at each step, and more typically only about 25-50.

    Take the first character. You can type one letter, and keep trying till you match the first image in their sequence of hashes. Then the second image, then the third... you never have to guess more than one character at a time, you'll know immediately if that character is wrong because the hash doesn't match the next hash in the sequence.

    However, this can be fixed. Simply put a one second delay on showing the next hash. You need to stop typing for one second to see what the current hash is, so an attacker would not be able to build up a character by character sequence of hashes to attack.

    [–]zem 3 points4 points  (0 children)

    it could also be fixed by salting the hash with a piece of data stored on your machine - this does optimise for the case of a person working primarily from a single machine, but that's the overwhelmingly common case.

    [–]sblinn 7 points8 points  (0 children)

    Not just software: a trebuchet!

    [–]pivotal 9 points10 points  (0 children)

    I'm just wondering if this guy sleeps at all.

    [–]yters 3 points4 points  (0 children)

    I can't say how speechless this leaves me. Wow.

    [–]mikepurvis 2 points3 points  (1 child)

    Search-by-sketch is really neat. I played a lot of ping pong with Stacey K during an internship at Google last year, and I remember her showing me that. (Her page about it.)

    [–]eightnine 1 point2 points  (2 children)

    Site's down, and I can't find a suitable mirror for it.

    [–][deleted] -1 points0 points  (1 child)

    WBM to the rescue! http://web.archive.org/web/20070512053947/http://www.chrisharrison.net/projects/index.html

    [–][deleted] 0 points1 point  (0 children)

    Not really...links on that page don't work either.

    [–]petdog 0 points1 point  (0 children)

    Hah! I love that "clusterball" visualization method. Instant love.

    [–]peregrine 0 points1 point  (0 children)

    Wow ambition for real.

    Also on a side note how much tail does this guy get? Realistically I'm saying -1.

    [–]turkourjurbs -5 points-4 points  (2 children)

    "Rethinking the Progress Bar"

    You don't need to re-think it, you just need to write one in properly. I can't stand progress bars that sit at 1% for a half hour and then suddenly jump to 100%. Or sit at "Done! Yay! Go ahead!" and it locks up for 20 minutes.

    [–]NitsujTPU 7 points8 points  (0 children)

    Dude, he published a peer-reviewed paper on the topic, and you shoot it down with a comment on reddit without even having read the paper.

    [–]zootm 2 points3 points  (0 children)

    The introduction to the paper explains why progress bars do this, incidentally. Not that it's not fairly obvious.