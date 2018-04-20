AI Can Scour Code To Find Accidentally Public Passwords (qz.com) 7
An anonymous reader shares a report: Researchers at software infrastructure firm Pivotal have taught AI to locate this accidentally public sensitive information in a surprising way: By looking at the code as if it were a picture. Since modern artificial intelligence is arguably better than humans at identifying minute differences in images, telling the difference between a password and normal code for a computer is just like recognizing a dog from a cat. The best way to check whether private passwords or sensitive information has been left public today is to use hand-coded rules called "regular expressions." These rules tell a computer to find any string of characters that meets specific criteria, like length and included characters.
Just Look for Camel case plus numbers and symbols (Score:2)
There's realtively few instances where mixed capitals, symbols and numbers are valid syntax. yes there are, but few. sounds like we just made it easy to spot thepassword.
I think they are saying AI is better than regex (Score:2)
I think what they are trying to say is this:
Researchers have a new way using AI.
In currently deployed, publicly available systems, the best way is regex. The new AI way may be better.
While regex is a reasonably good tool for the task, I don't know that it's the BEST way currently used. A small, simple routine built specifically for the task may be better because regex takes characters in order. It's difficult (and slow) to build a really good regex for this because you mostly don't care what order they are
I do this sometimes (Score:2)
I do this from time to time myself. I just do the following:
.bash_history and cause an issue there.
# grep -r Pa55W0rd $HOME
Note the space before the grep. That way it does not end up in
I have found some from time to time.
I am the only person on my PC, but security is a mentality.