scrypt is deliberately designed to use a large amount of memory when calculating hashes, which makes it much more difficult to parallelize using a GPU (which don't have much RAM available), hence making it much much slower to attack.
scrypt cracking is still embarrassingly parallel even if it's hard to run on a GPU. I understand the term "asymptotically more" to refer to big O notation, where constant factors like that are ignored.
Well it's hard to state what exact n is here, but you'd probably be increasing both the calculation time and memory requirements at 2^n, so you need roughly 1/k of an entire computer to calculate even as Moore's law marches on and factors increase, but PBKDF2 parallelizes more and more.
I think the point was that if some dumb protocol were misusing HMAC (and I'm not good enough at thinking about protocols to imagine how it might do so), it could be vulnerable to collisions generated this way.
My professor once told us that we were thinking of Australopithecines, a recent hominid, all wrong.
While we thought of early human ancestors as less intelligent versions of ourselves, the correct analogy was to a modern Velociraptor: fast to the point of running animals to death, fiercely intelligent, and with unparalleled group coordination.
Arguably the last of the giant dinosaurs was the Moa, a bird with claws that could eviscerate a human with a single swipe, and our species wiped them out as a prey animal.
The combination of unusual tricep structure (also found in cats and the extinct great sloth), remarkably mobile shoulder structure (inherited from our primate ancestors) and grippy hands (thumbs!) gives us remarkable downward thrusting power useful for smashing, grabbing and throwing.
One of the earliest inventions, the spear-thrower, enhanced that ability even more, giving us the ability to kill big game from a distance with near impunity. (It works by increasing the lever arm. Think of a lacrosse stick.)
How does this provide any better performance to the company using it? If anything it's doubling the work requirement because now you have to do 2 rounds of bcrypt/etc instead of 1.
Are you serious? Opinions like these are exactly why women are having a hard time in tech in the first place. If I have to spend every waking moment at work obsessing about whether a single comment will make my female coworkers label me as a sexist asshole, then you bet I'll avoid working with them as much as possible.
Rather than obsessing every waking moment, or shutting your eyes and ignoring the topic altogether -- both of which seem extreme -- you can perhaps find a balance:
Read the article, consider its merits, and do what you can when you can.
Perhaps you should consider what happens when a colleague has to spend time thinking about whether or not the comments you've failed to police yourself are actually threatening, creepy, or indicative of other much more harmful behaviors you may be capable of?
>when a colleague has to spend time thinking about whether or not the comments you've failed to police yourself are actually threatening, creepy, or indicative of other much more harmful behaviors you may be capable of
If they have to spend time thinking about whether or not it was actually threatening or creepy they might be digging a little too deep to find those meanings.
Because so many of these points are demeaning, right? Practically everyone I've ever met uses "you guys" in place of "you all", etc, with no derogatory intent. Certainly anyone familiar with the western US would realize and understand this. My mom and dad are both technically illiterate, and I gladly use both as examples. I would never assume a woman is non-technical _at a technical conference_, but everywhere else in the country the average woman is far less likely to be in a technical career than the average man, by simple probability. IT IS UNUSUAL.
Making assumptions about individuals based on your interpretation of statistics about their gender is inherently sexist. Most of us do it, but that doesn't make it less harmful.
