FileNotFoundStorage.com Design Document
-
Store the files like this:
https://onedrive.live.com/view.aspx?cid=B354B871CEE6BCA1&resid=B354B871CEE6BCA1!753&app=Word
-
Hash.
Apparently, a lot of it has been smoked in this thread...
Store the files like this:
Then print it out and export to JPEG via the industry-standard method.
Filed under: get some unpaid interns to do the photographs on an assembly line and you have a business rolling
-
Paula and the Bean by Ben Lubar.
A story of programming, adventure and love on the Indonesian island of Java.
3530 pages, rated PG 12; no prior programming knowledge necessary.
Follow young Paula on her voayge from her very first Java program ("hello world!"), through various adventures involving magic numbers, a spider and a grue, to her ultimate challenge of creating a bean.
"Paula and the Bean" is available from these suppliers:
@ben_lubar said:https://onedrive.live.com/view.aspx?cid=B354B871CEE6BCA1&resid=B354B871CEE6BCA1!753&app=Word
-
involving magic numbers, a spider and a grue,
Needs more Dwarf Fortress.
rated PG 12
Iiiii don't think so.
Filed under: we're too big kids to believe Paula getting her job was PG-12
-
Then print it out and export to JPEG via the industry-standard method.
JPEG2000. Because JPEG is too widely supported to be suitable for secure data transfer.
-
Ben? Are you okay? You posted a SkyDrive link instead of a Google Drive link...
Filed Under: we need a new tag cloud to attack
-
Allow for download of dummy file that contains no data/corrupted data
Or better yet: Allow for download of completely valid, yet incorrect file. Sure, they might occasionally get the right file, but even a massive WTF gives the right results once in a while. Of course for "security", this file would still be encrypted.
-
Requests to a file that doesn't exist (don't they all?) need to show a custom 404 error message screen that tries to be "helpful" by providing links to a bunch of other files that "might" be the one you are looking for, except they are also invalid and cause you to get the 404 screen again, with different links.
Wash, rinse, repeat.
-
Sold.
-
You could give them a page under their account which will list their current decryption key. This page will of course not be easily to find without assistance. To further complicate things, list all of their decrypt keys on this page, but forget to include which files they are associated with. If the re-encryption is put in place, you can do the same thing, just don't list the time period that the key was/is valid for. Then they just see a bunch of keys and have no idea where to use them.
-
+1
I ran out of daily likes on the likes thread, but @the_dragon has a good suggestion.
-
Listing decryption keys is pretty much pinnacle in not being secure.
-
But by not listing what they are for, you should be OK. You could even mix in some fake ones for added security.
-
- Not provide the file name back to the user (for security)
- Or the encryption key (for security)
- Or a link to the file (for security)
-
You could put them all into an APNG file, too.
Because no program that normal computer users use can open those!
-
I'm going to classify this as embedding into a random file type, or different file type (such as embedding a valid file inside of a png, and when accessed, still shows the png and not the data file.)
I like this idea.
-
Because no program that normal computer users use can open those!
Cue @ender walking in with Opera 12, being all smug.
-
Following the lavabit debacle, it seems to me that it's become obvious that any encrypted storage system shouldn't be accepting unencrypted data at all, even if it's providing a second layer of encryption at the server side - after all, the three letter agencies can easily ask for a "tap" of incoming or outgoing data.
Therefore, it seems to me that the storage solution should be performing encryption client side, before sending. I like the idea of using a befunge-a-like client side to do this. A lot.
Server-side, I think we can do better. Postscript is turing-complete; it could double as both transmission protocol and functional layer.
Another postscripty option would be a javascript application that renders textual information as a "typed" image using svg, injects that image as a TIFF into a postscript document, and sends it to the server. the server should then encrypt the image by overlaying it onto an image of a wooden table.
-
Mandatory user dialog (Zork):
DISK ERROR, FILE NOT FOUND.
A sinister figure appears before you seeming to float in the air.
In a low, sorrowful voice he says, "Alas, the very thing you asked for
is unknown in these dungeons." As he fades into the spreading darkness
there appears in his place a tastefully lettered sign reading:*error message here*
In some distance there is a hollow voice to be heard laughing.
-
It is dark, you cannot see. You are likely to be eaten by a grue.
-
See also (purposely a true WTF of a game): P.M.D.
-
-
-
No dumbass, with your torch.
-
Is it bad I was considering this already?
-
I haven't seen anything about this yet, so I thought I'd give it a go: No matter how good your security is, there is always a chance someone will hack your servers and steal your DB. You better not even store the encryption keys for the files that are uploaded. For security, of course.
-
@abarker stop changing your avatar, I keep thinking you're a new person.
-
-
See also (purposely a true WTF of a game): P.M.D.
I love how each ghost is a mini-ELIZA program.
Also, while we're at WTFy text adventures: http://iplayif.com/?story=http%3A%2F%2Fwww.ifarchive.org%2Fif-archive%2Fgames%2Fzcode%2FGoWest.zblorb
-
@abarker stop changing your avatar
But I'm The Avatar Changer.
I keep thinking you're a new person.
That's the point.
-
Instead of Avatar: The Last Airbender, we have @abarker, The Last AvatarChanger.
-
Stop making me like stuff outside the Likes Thread!
-
No. Share the love. Let the love flow through you!
-
You better not even store the encryption keys for the files that are uploaded. For security, of course.
Encryption keys? I'd put some keys in just to make it look more authentic to entice hackers to try to crack the files with the method they're being stored in.
Good luck to the hacker that takes a bunch of 64 character hashes of files and tries to "decrypt" them
-
CRC16 should be used instead.
I've worked on a legacy application that uses CRC16 password hashes. The benefit (?) to security is that it's absolutely impossible to recover the original password; there are so many passwords that work, there is no way to know which one is the real one. (The "salting" and "encryption" that they then applied to the hashed value were worthy of this forum too, but we can pass over them for now.)
I wrote an inefficient program that printed out a new password for the boss's login at least once per second. He switched to using the first password that it generated instead of his real password, since it is less typing (just a letter and a digit).
-
The bad ideas thread is over that way.
-
Evil Ideas is this way
-
You actually played it!
A propos Areola Borealis, you may want to have a look at the "teleports" ...
-
At least tell the reader that the encryption keys are encrypted "for security reasons" and that they can request the encryption key to be sent to them via post, which they should expect to receive within NaN days.