Hacker News new | ask | show | jobs
by merrington 2964 days ago
How many non-engineers would you expect to take the interest/time to investigate rainbow tables after this? Also, if you follow the link to the actual presentation (https://sudo.pagerduty.com/for_everyone/#hashing for the lazy) then you'll see the author DOES indeed call it hashing, before switching to "magic" so as to make it easier for individuals without a technical background to not have to constantly think about what the term means.

Also, if you continue to RTFA,

> That said, I didn’t want to mislead people. So we chose to be clear to them that there is a technical term; it’s just not going to be important for the rest of the content.

If it's someone job to provide reports/updates on something related to the concept, yes they should know it, for anyone else in a non-technical role, why does it really matter?
2 comments
fjsolwmv 2963 days ago
It doesn't make it easier though. Hashing makes a hash of the password -- chops it and scrambles it so you can see what it came from. Calling everything "magic" just conflates everything with e everything else, confusing everyone.
link
flipp3r 2964 days ago
> Also, if you continue to RTFA,

I RTFpresentations even. Naming Hashing and then switching to Magic is just confusing for everyone involved. Again; it completely ruins effective communication.

> for anyone else in a non-technical role, why does it really matter?

They're getting security training on the topic of hashing. How does it not matter?? Employees will have to adjust their communication to toddler level anytime they need to talk about security to others.

link
scrollaway 2964 days ago
> They're getting security training on the topic of hashing. How does it not matter??

They're getting taught good password health. You don't need to know what hashing is to know good password health.

I shouldn't get upset over comments but it's headdeskingly frustrating to read comments like yours from people who should know better and who, ultimately, contribute to worse personal security for everybody. Comments like yours are one of the causes behind many people turning their head away at security, not bothering because the barrier of entry is too high and they're made to feel like if they don't have it perfect why bother.

Damn it. The guy communicated pretty damn well if he got 30 employees switching to password managers on their own without actually saying it's required. So instead of criticizing, take it as an opportunity to learn and revise your beliefs.

link
sillysaurus3 2964 days ago
There's no reason to get personal. We're all on the same side here.
link