Actuaries and programmers think in the same way, sometimes.
You’d think that a really big software company, like Adobe, would know what it’s doing But no. You may have noticed that there was a big data breach: millions of usernames and (encrypted) passwords were stolen. But they were encrypted, so no big deal, right?
Ah. Well. That’s the point. As this article explains, it was indeed the encrypted passwords that were stolen, not the hashes (if this is gobbledygook to you, the article has a very clear explanation of what this means). As the password hints were stolen too, it turns out to be really easy to decrypt many of them.
Now, I am by no means a security expert. And for websites I build nowadays, I use a ready-rolled solution (usually WordPress). But when I wrote things from scratch, even I knew better than to store the encrypted passwords. I may not have used the most secure hacking algorithm, or proper salting, but I didn’t encrypt the passwords.
(HT Bruce Shneier)
There’s been a hiatus in my blog recently. It was due to life getting very very busy and a bit out of control, but I think it’s back to normal now. It was all out of control in a very good way, incidentally!
So something approaching normal service will now resume. We apologise for any inconvenience caused.
Following the micromort, a 1-in-a-million chance of sudden death, we now have the microlife, which is 30 minutes off your life expectancy.
Both micromorts and microlives are good units for comparing risks:
Here are some things that would, on average, cost a 30-year-old man 1 microlife:
The full article, which is well worth reading, explores the relationship between microlives and micromorts, and points out that different branches of the UK government appear to place similar values on them.
Some things I’ve found interesting: