Newsletter No. 442

442 • 4.9.2014 3 字裏科技 Tech Talks 舌尖上的中大 CUHK f+b 向「123456」宣戰 （上） 幾個月前《華爾街日報》訪問了一位退休的研究者科巴托 （ Fernando Corbató ），他在1960年代初在麻省理工學院 主持一個早期的計算機計劃，最早為人所知的電腦密碼就 在當時出現。科巴托承認，互聯網出現後，密碼已經變成夢 魘。「我想沒有人能夠把所有發給他或由他設定的密碼全都 記住。」 這點我們萬分同意，我們在網上有林林總總的帳戶，每個 都要找一個自己記得住，別人又猜不到的安全密碼，真是 戛戛乎其難哉。許多人被排山倒海的密碼淹沒而舉白旗投 降，乾脆用「123456」就算了。一項調查檢視了被人盜取的 密碼，發現「123456」是2013年最多人用的密碼，其次是 「password」，「qwerty」和「iloveyou」也名列十大。 密碼被大規模盜取之事時有發生，最近就 據稱有俄羅斯黑客竊取了十二億個用戶名 和密碼，以及超過五億個電郵地址。有見 及此，有些網上服務供應商就以「雙重認 證」加強保安，即除了要求用戶輸入密碼 ─所謂「所知之事」，還要靠硬件裝置來 確認身分─「所持之物」。例如使用網上 銀行服務時，除了輸入密碼，還須輸入保安 編碼器上一組數字，這就是雙重認證。 有些公司開發了新的裝置，令用戶無須看 了編碼器上的密碼，又再輸入電腦那麼麻 煩。Google就試驗了不同技術，有的裝置 插入電腦的USB埠後，就可以證明你的身 分；有些技術則利用智能手機或手錶之類 穿戴式裝置，以流動應用程式發信號與電 腦溝通，證明用戶身分。 雙重認證的確能加強保安，但不方便。現 在有些人認為，解決之道在於人的身體─ 「所具特徵」。 War on ‘123456’ (Part I) 涼瓜炒苦瓜 Stir-Fried Bitter Melon with Bitter Gourd 「涼瓜不就是苦瓜嗎？」逸夫書院教職員餐廳「開心軒」一道「涼瓜炒苦瓜」，最近引起網上 熱議。大家都開玩笑說逸夫師生過得實在「太苦」，還建議餐廳以後增加「茄子炒矮瓜」、 「花生炆地豆」等菜式…… 其實兩者是同中有異，異中有同。餐廳經理劉錦華解答說，一碟「涼瓜炒苦瓜」須用「雷公鑿」苦 瓜兩份：一份切開去瓤備用，保持瓜色青綠與肉質爽脆；另一份則「汆水」瀝乾，其顏色轉深，但 味道變得甘美，亦較軟稔。然後兩者一起落鑊，放入少許糖、鹽、雞粉，還有餐廳的特製醬汁， 猛火快炒完成。 廚師一雙巧手，令一碟看似尋常的炒苦瓜卻有兩色、兩味，中大人能品嚐如此佳餚，何苦 之有？ ‘Bitter melon is not the same as bitter gourd?’ The dish ‘Stir-Fried Bitter Melon with Bitter Gourd’ served by Shaw College’s staff dining room ‘Joyful Inn’ has caught lots of attention on the Internet recently. Netizens joked that it is ‘too bitter’ to live in Shaw College, and they also suggested to add ‘Stir-Fried Eggplants with Aubergines’ and ‘Stewed Peanuts with Groundnuts’, etc., to the menu... The dish name in fact refers to the same ingredient treated in subtly different ways. Mr. Fanky Lau, the manager of the dining room, says the chef uses two large-top bitter melons for one dish. First, cut one of them into pieces and remove its seeds, then set aside to keep the bitter melon green and crispy. Meanwhile, blanch the other one in boiling water and drain, so it turns deep green in colour and becomes less bitter with a looser texture. Finally, heat up oil in a wok and put both in, add in seasonings like salt, sugar, meat extract, and the chef’s secret sauce, give it a quick stir. We at CUHK can enjoy such a unique and delicious dish which mixes two shades of green and two flavours. How can anyone think it’s bitter to live here? in the towel and opt for something like ‘123456’, which was the most common password of 2013 according to a study based on the lists of passwords that were stolen. It is followed by another no-brainer—‘password’. ‘Qwerty’ and ‘iloveyou’ are among those that made it to the top 10. In view of the fact that there seems to be a major breach each month, including the most recent one in which 1.2 billion username and password combinations, along with more than 500 million email addresses were allegedly stolen by Russian hackers, some online service providers add a security feature known as two-factor authentication, which requires users to log in using a password—‘something you know’ in security lingo—and confirming their identity through a hardware device (or a token)—‘something you have’. In addition to your password, you are required to input a code generated by a device when you are using internet banking services. That’s two-factor authentication. Some companies have developed new devices to save users from the trouble of having to read the password on the token and retype it. Google has experimented with different technologies, including a token that can be plugged into a USB port to communicate with the computer to verify your identity, and apps on smartphones and wearable devices such as watches that can send signal to computers to confirm user identity. Two-factor authentication adds a second layer of security to your computing account. But it’s inconvenient. Now some believe that the key lies in your body—‘something you are’. A few months ago, the Wall Street Journal interviewed Fernando Corbató, a retired researcher who ran an early computing project at MIT (the Massachusetts Institute of Technology) and helped deploy the first known computer password in the early 1960s. Corbató admitted that passwords have become kind of a nightmare with the World Wide Web. ‘I don’t think anybody can possibly remember all the passwords that are issued or set up.’ As Internet users frustrated with trying to find a secure password we can remember and that nobody else is able to guess for each of our numerous accounts, we couldn’t agree more. Inundated with passwords for myriad Internet and social networking sites, many people simply throw