|
Dadbod Apocalypse posted:when the feds ask me what my password is, i’ll tell them “i don’t know what my password is” and they’ll get super mad that i owned them but that’s literally my password I used "I can't remember!" for a while in my WiFi
|
# ? Jan 22, 2018 06:21 |
|
|
# ? May 10, 2024 03:01 |
|
Powered Descent posted:Got into a fun discussion today that this thread might enjoy pondering. You're just asking us "if you could use a file as your password what file would it be?" I would say, don't use a password that is public, it isn't any more secure than using a random string of characters that you write down somewhere public.
|
# ? Jan 22, 2018 06:58 |
|
ElCondemn posted:You're just asking us "if you could use a file as your password what file would it be?" I'd say it boils down more to "what files are you most certain you'll still be able to find an exact copy of in the year 2043?". You already CAN use a file as a password if you so choose, either by using a hash value, or (in some applications like KeePassX or VeraCrypt) directly as a keyfile. But you typically keep that file around. I'm not claiming that this method would provide good security or any actual legal protection. But it was a fun little discussion that I thought this thread might enjoy kicking around too.
|
# ? Jan 22, 2018 07:09 |
|
Security people never answer the question you asked. They just attack the premise and discuss all the flaws with your setup. I believe it's what's known as a "side channel attack"
|
# ? Jan 22, 2018 07:25 |
|
poisonpill posted:Security people never answer the question you asked. They just attack the premise and discuss all the flaws with your setup. Well, there's literally no upside to his hypothetical. I can't imagine any file staying absolutely pristine to the point the hashes match over a 25 year span. Unless you store the file yourself, it's either going to be format shifted or stuck on a list of "this *used* to be available online". And if you store it yourself, that's only slightly less dumb than using Spaceballs the Password.
|
# ? Jan 22, 2018 11:16 |
|
Absurd Alhazred posted:"So what is your password?" https://www.youtube.com/watch?v=qo5jnBJvGUs&t=28s
|
# ? Jan 22, 2018 17:25 |
|
On the password chat, a lawyer friend of mine told me that you can invoke the 5th to not give your password to a computer as it may incriminate you. They can, however, compel biometrics, so I was told the safest thing is long, unique password to decrypt the drive, then either account password or biometric login. I was told this way if they come for your machine, you're pretty safe if you can power it off so they can't get through drive encryption. Did I get misinformed?
|
# ? Jan 23, 2018 14:44 |
|
It's not quite that simple, there's a bunch of things involved (foregone conclusion doctrine, testimonial aspect, etc.) not to mention the fact that they may be able to get a court order compelling you to unlock the device without providing them the password, etc. If you absolutely must get into a sort of situation like this then it's probably best to use a secret sharing method to generate a key with k=n and then make sure that at least one of the parts are held by entities outside of the country that authorities can't get to. Edit: this article sums up a number of these points pretty well. Sheep fucked around with this message at 15:07 on Jan 23, 2018 |
# ? Jan 23, 2018 14:54 |
|
Also, learn how to turn off biometric auth for your device in an emergency, so it falls back to requiring a passphrase. For instance, iOS press the power button quickly 5 times and it deactivates TouchID until you unlock the phone with your passphrase. Just make sure you have Auto-Dial in the EmergencySOS settings turned off so the phone doesn't automatically call 911. You'll still have a slider option on the screen to call 911. (for iPhone 8, 8 plus, and X long press of power and volume does same thing)
|
# ? Jan 23, 2018 15:06 |
|
Apparently Linus Torvalds is refusing to merge Intel's Spectre fixes into the Linux kernel?? Wtf is this about?
|
# ? Jan 23, 2018 18:14 |
|
code:
He's basically saying that the patches are nonsense and don't actually do anything to fix the problem besides negatively impacting the kernel.
|
# ? Jan 23, 2018 18:18 |
|
Sigh
|
# ? Jan 23, 2018 18:19 |
|
It's like Intel didn't learn a thing from the FDIV PR disaster. Proteus Jones fucked around with this message at 18:31 on Jan 23, 2018 |
# ? Jan 23, 2018 18:29 |
|
Yeah a bunch of places had to pull their updates because of the lovely microcode. Redhat even went the extra step to say they won't be releasing ANY microcode updates in the future and you should instead talk directly to the silicon providers. https://www.theregister.co.uk/2018/01/18/red_hat_spectre_firmware_update_woes/
|
# ? Jan 23, 2018 18:33 |
|
https://lkml.org/lkml/2018/1/22/598quote:Then there's Skylake, and that generation of CPU cores. For complicated reasons they actually end up being vulnerable not just on indirect branches, but also on a 'ret' in some circumstances (such as 16+ CALLs in a deep chain). This is such a mess.
|
# ? Jan 23, 2018 19:05 |
|
Evis posted:https://lkml.org/lkml/2018/1/22/598 https://lkml.org/lkml/2018/1/23/25 And now they're discussing some kind of weird method involving using function tracing on Skylake to turn rets into retpolines automatically while still avoiding the insanely costly Intel mictocode hack instructions. Everything keeps making me so glad I went for a X99 Broadwell-E instead of a Skylake CPU when I built my current desktop entirely because of all the weird Skylake related cruft I keep seeing.
|
# ? Jan 23, 2018 21:21 |
|
Password fantasy chat: What about some biometric password thing where if you feel like you're in trouble, the combination of vitals that forms the password won't line up? Like, "here's my body's state when I'm a free person," and that's your password.
|
# ? Jan 24, 2018 01:05 |
|
doctorfrog posted:Password fantasy chat: What about some biometric password thing where if you feel like you're in trouble, the combination of vitals that forms the password won't line up? Like, "here's my body's state when I'm a free person," and that's your password. *beats you with a wrench until you pass out, in turn relaxing your vitals*
|
# ? Jan 24, 2018 01:11 |
|
Setup an online service that you do a key exchange with, so that this service has to be online and respond properly in order to unlock your file, ala media drm. Add some sort of canary function, so that if you're logging under duress you can surreptitiously trigger it, and the service would destroy the master key so that you file can never be unlocked again.
|
# ? Jan 24, 2018 01:13 |
|
poisonpill posted:*beats you with a wrench until you pass out, in turn relaxing your vitals* maybe pair it with something that ensures your paying attention *gets roofied
|
# ? Jan 24, 2018 01:27 |
|
A sustained, 30-day orgasm is my password.
|
# ? Jan 24, 2018 01:29 |
|
Hey doctor I'm having trouble logging in, if you know what I mean
|
# ? Jan 24, 2018 01:34 |
|
doctorfrog posted:Password fantasy chat: What about some biometric password thing where if you feel like you're in trouble, the combination of vitals that forms the password won't line up? Like, "here's my body's state when I'm a free person," and that's your password.
|
# ? Jan 24, 2018 01:41 |
|
The Fool posted:Setup an online service that you do a key exchange with, so that this service has to be online and respond properly in order to unlock your file, ala media drm. [FBI serves your service a warrant]
|
# ? Jan 24, 2018 01:43 |
|
Proteus Jones posted:It's like Intel didn't learn a thing from the FDIV PR disaster. Even if they did, it was a generation ago now, and they've probably unlearned it all.
|
# ? Jan 24, 2018 01:47 |
|
Hi, my name is Werner Brandes. My angst is my passport. Verify Me.
|
# ? Jan 24, 2018 01:47 |
|
spaced ninja posted:Yeah a bunch of places had to pull their updates because of the lovely microcode. Redhat even went the extra step to say they won't be releasing ANY microcode updates in the future and you should instead talk directly to the silicon providers. Dell just announced you should roll back all your servers bios\UEFI updates with the specter protections. yikes.
|
# ? Jan 24, 2018 01:51 |
|
Super glad I listened to my gut on this one and waited on patching. I'm generally all gung-ho to patch, but this seemed like it was going to be a disaster.
|
# ? Jan 24, 2018 01:52 |
|
incoherent posted:Dell just announced you should roll back all your servers bios\UEFI updates with the specter protections. yikes.
|
# ? Jan 24, 2018 01:57 |
|
https://www.youtube.com/watch?v=_B0CyOAO8y0
|
# ? Jan 24, 2018 02:00 |
|
doctorfrog posted:A sustained, 30-day orgasm is my password. "Ve have ways of making you cum, HerrDoctor Frog"
|
# ? Jan 24, 2018 02:12 |
|
doctorfrog posted:A sustained, 30-day orgasm is my password. My password is taking a huge bong rip, but the government can't make me do that because it's illegal. Checkmate!
|
# ? Jan 24, 2018 02:50 |
|
doctorfrog posted:A sustained, 30-day orgasm is my password. I would blow Dane Cook posted:"Ve have ways of making you cum, HerrDoctor Frog" Solved problem, in animal husbandry.
|
# ? Jan 24, 2018 03:00 |
|
The Fool posted:Setup an online service that you do a key exchange with, so that this service has to be online and respond properly in order to unlock your file, ala media drm. judge doesn't believe you can't decrypt your files, jails you for contempt of court. you finally break and plead guilty, end up serving several extra years because they add a destroyed evidence charge and the DA has no reason to make a deal with you. plus the judge is annoyed enough to reject any time served discount for your contempt stay. you dorks are just inventing more and more elaborate ways to own yourself if you are a criminal in the US, or a dissident in a nasty dictatorship, your best bet is security through obscurity. the only way They can't force you to decrypt your poo poo is if they can't even find the storage media in the first place. a 128gb microsd card is the size of your fingernail, buy one of those and hide it somewhere clever. i suggest up your rear end.
|
# ? Jan 24, 2018 04:15 |
|
up you rear end is one of the first places they look
|
# ? Jan 24, 2018 04:17 |
|
18 Character Limit posted:Solved problem, in animal husbandry. *Laughs Nazi-ly*
|
# ? Jan 24, 2018 04:20 |
|
Trabisnikof posted:up you rear end is one of the first places they look Learned this one the hard way.
|
# ? Jan 24, 2018 04:20 |
|
Trabisnikof posted:up you rear end is one of the first places they look oh gently caress really? looks like i need a new spot to hide my collection of secret nsa dox and embarrassing hentai!
|
# ? Jan 24, 2018 04:23 |
|
it's really all hentai but it's in a folder named "nsa dox" so i can pretend i'm jason loving bourne like the rest of the thread
|
# ? Jan 24, 2018 04:25 |
|
|
# ? May 10, 2024 03:01 |
|
Stick the microSD card in your foreskin. If you don’t have any either by birth or circumcision, borrow someone else’s.
|
# ? Jan 24, 2018 05:00 |