Category Archives: Technology
Pico fought the law and the law won
Pico is a password replacement system currently under development at the University of Cambridge. The Pico project’s strap line is: No more passwords! But is that right, should this really be our goal when designing new authentication schemes?
dtrace.conf
I’ll be at drace.conf on the 25th May in sunny San Francisco talking to anyone who’ll listen about distributed tracing.
An improved dtrace random() subroutine
Performance proportionality is one of the key requirements for a dynamic tracing system. In practice though, its a requirement that’s pretty difficult to satisfy. As with most non-functional requirements, performance proportionality is actually a pretty mushy and subjective concept.
Experimentation performed with Google’s Dapper system showed that tracing all of the Web search cluster’s RPCs increased response latency by 16.3% (whilst throughput reduced by a relatively modest 1.48%). Though these costs may indeed be proportional, the system’s developers were unwilling to accept them. Thus, what we’re really aiming for is that tracing stays under the radar of anyone with the power to disable it.
Why password managers (sometimes) fail
In a paper the Pico team are about to present at the Passwords 2014 conference in Trondheim, we introduce our proposal for Password Manager Friendly (PMF) semantics. PMF semantics are designed to give developers and maintainers of password managers a bit of a break and, more importantly, to improve the user experience.
For the details of the PMF proposal please read my post Why password managers (sometimes) fail on the Lightbluetouchpaper blog (the blog of the Security research group at the University of Cambridge).