|
30.5 Days posted:They did bcrypt right, the "salt" isn't a secret, it's a randomized string to prevent people from being able to reuse brute force attempts across multiple passwords, and it is supposed to be available everywhere the hash is. Unless they had literally one salt that everybody shared, which I don't believe is the case. Any hash dump is going to be associated with some number of stolen passwords because an awful lot of people use passwords that are in the top 10k most common passwords, or passwords that were stolen in a previous breach- in fact, twitch users specifically do it so much (because they trend young), they used to have a problem with people brute forcing common passwords & credential stuffing attacks on the front door until the identity team made some stupid AI thing to lock account aggressively if anything looked weird. What's the difference between having the salt from the list of hashes, and having the salt from the source code? The leak has hashed passwords and the source code. Why would it matter which of those two spots the salt is in?
|
# ? Oct 7, 2021 05:36 |
|
|
# ? Jun 3, 2024 22:02 |
|
McFrugal posted:What's the difference between having the salt from the list of hashes, and having the salt from the source code? The leak has hashed passwords and the source code. Why would it matter which of those two spots the salt is in? If you have the source you know how the salt is used, so you can just start plugging in passwords to generate hashes and see if anything matches the leak. Once you have something you have access to the account using that hash, and it doesn't even have to be the original password so long as the hash matches.
|
# ? Oct 7, 2021 06:12 |
|
isndl posted:If you have the source you know how the salt is used, so you can just start plugging in passwords to generate hashes and see if anything matches the leak. Once you have something you have access to the account using that hash, and it doesn't even have to be the original password so long as the hash matches. I think you missed my question.
|
# ? Oct 7, 2021 07:20 |
|
McFrugal posted:I think you missed my question. Sorry, I misunderstood your intent. It doesn't matter where the salt is stored per se, but storing it with the hash is generally indicative of better security practices because it becomes a whole lot easier to have unique salts for each hash that way. The purpose of the salt is to slow down anyone trying to exploit a leaked hash table, and keeping your salt in your source code means you're probably reusing your salt a lot which makes things less secure.
|
# ? Oct 7, 2021 08:30 |
|
McFrugal posted:What's the difference between having the salt from the list of hashes, and having the salt from the source code? The leak has hashed passwords and the source code. Why would it matter which of those two spots the salt is in? Having the salt from the source code would imply that twitch uses a single salt for all users (bad, defeats the purpose of using a salt) but I don't think any salts are stored in the source code, and it would be a tremendous amount of work to gently caress up in that manner with bcrypt. Going over it this morning I haven't seen any evidence of salts in source code, I have seen a lot of aws aurora & firehose credentials. I was aware of the latter & it's too bad they didn't leak my 2016 jira tasks to the security team about it isndl posted:If you have the source you know how the salt is used, so you can just start plugging in passwords to generate hashes and see if anything matches the leak. Once you have something you have access to the account using that hash, and it doesn't even have to be the original password so long as the hash matches. Everyone already had the source for how the salt is use, it's located here: https://github.com/golang/crypto/blob/master/bcrypt/bcrypt.go
|
# ? Oct 7, 2021 19:47 |
|
And if anyone discovers a fast mechanism for brute-forcing bcrypt passwords, they probably have better things to do than hijacking twitch accounts. Generally speaking when a properly functioning hash dump gets leaked, it goes like this:code:
|
# ? Oct 7, 2021 19:58 |
|
Right, yeah, nobody had yet brought up the fact that not all hashing algorithms are easily reversed.
|
# ? Oct 7, 2021 21:25 |
|
Back to minecraft talk, what's the earliest Omnifactory liquid holding or moving item?
|
# ? Oct 7, 2021 23:41 |
|
Stone drums are the very earliest, and not bad especially when you first break into chemistry and liquid production, since you'll have maybe a dozen chems you'll be juggling and it's good to have a place to put them. EnderIO fluid tanks are pretty good too, and work well with most input/output sources (both in world and in UI) so it's always good to carry one or two of those around, too.
|
# ? Oct 8, 2021 01:17 |
|
|
# ? Oct 8, 2021 14:23 |
|
HV omnifactory update: godDAMN do I have a lot of chemical reactors. So much piping. I'm glad I did this in omnifactory first because doing all this with just Greg pipes sounds like hell
|
# ? Oct 8, 2021 22:17 |
|
Impermanent posted:HV omnifactory update: godDAMN do I have a lot of chemical reactors. So much piping. I'm glad I did this in omnifactory first because doing all this with just Greg pipes sounds like hell I just hit LV Assembly Table and I'm starting to appreciate gregtech, but boy I'm glad I'm doing this in Omnifactory instead.
|
# ? Oct 8, 2021 22:57 |
|
Anyone have any favorite Thaumcraft 6 spells? I still need to get Curse, but I'm curious for some ideas. Been playing a ton of Roguelike Adventures and Dungeons and really been enjoying endgame TC. Especially the Ẃ̴͇̜̓͆̀Ạ̧̧̛̭͘R̵͈̮̻̣͑ͯ̈́ͯ̏̀̕P̵̡̤̬ͧ̃͜͝͝ Echophonic fucked around with this message at 01:21 on Oct 10, 2021 |
# ? Oct 10, 2021 00:34 |
|
come visit my base. we've got ME cubes and energy ball basement assembly raves ore lightshow spicy cube a bunch of arrays nickel plasma spinners and so many DMLs Bhodi fucked around with this message at 03:58 on Oct 10, 2021 |
# ? Oct 10, 2021 03:31 |
|
Echophonic posted:Anyone have any favorite Thaumcraft 6 spells? I still need to get Curse, but I'm curious for some ideas. Been playing a ton of Roguelike Adventures and Dungeons and really been enjoying endgame TC. What modpack are you using? I’ve been trying to scratch my thaumcraft itch and I haven’t played through 6 yet.
|
# ? Oct 10, 2021 08:37 |
|
When 1.18 comes out, I hope we get a few simple QoL mods too, because I've gone so deep in the hole of heavy modpacks and tech progression I think I just need to reset with a mostly vanilla dive. Fabric's looking promising for a lot of that, but all I really need is a few nice decorative mods and maybe some performance boosters and I'll be golden.
|
# ? Oct 10, 2021 10:21 |
|
Nice! I feel like I'm finally getting close to the tank; I've got the neutronium and the omnium, am currently working on getting the rest of the necessary chaos shards, and then whatever other miscellaneous little bits are still needed.
|
# ? Oct 10, 2021 14:53 |
|
Halibut Barn posted:Nice! You need ~800k regular diamonds ~20k (~300 t1s worth) of exquisite diamonds to get to tank. Bhodi fucked around with this message at 19:47 on Oct 10, 2021 |
# ? Oct 10, 2021 19:27 |
|
About to do my first big automation in Omnifactory: getting polymer clay. This modpack rules.
|
# ? Oct 11, 2021 01:02 |
|
man dev branch omnifactory is really good. I need like 8 million more tungstate than I currently have now though. I got real used to sitting on my rear end at base while I was going up through ores that were more easily bought and now I gotta work a little for my inputs again.
|
# ? Oct 12, 2021 22:29 |
|
Is there any word on how close to stable release the current dev branch is? I was thinking of trying it once it was formally released.
|
# ? Oct 12, 2021 23:06 |
|
No idea. But if you're worried about stability it runs fine and updates don't break saves so no reason not to play.
|
# ? Oct 13, 2021 01:17 |
|
It's less that and more that I already have a lot on my plate between games and work so if it's still a ways off from stable release I won't feel too bad continuing to wait for it while I work through the things I have going on. Y'all seem to be having a really good time with it, and it sounds a bit less intense than GTNH was in a good way, so I definitely want to check it out eventually.
|
# ? Oct 13, 2021 02:31 |
|
Captain Monkey posted:What modpack are you using? I’ve been trying to scratch my thaumcraft itch and I haven’t played through 6 yet. Same, would love to know of a good pack w/ TC6 in it
|
# ? Oct 13, 2021 19:24 |
|
And now I've finally got my creative tank... ...except I didn't get quest credit for it, because like a dingus I rushed through the last few steps and forgot to take one of the neutronium solar panels out of AE storage and actually hold it before building the T10 miner. I'm tempted to cheat one in temporarily, but eh, just creating another one will be easier now anyway.
|
# ? Oct 13, 2021 23:22 |
|
Is getting a virus from a sketchy Minecraft download actually a thing? I'm in a mentor role with some kids, and one of them messaged me in a panic tonight saying that he had gotten a virus from a Minecraft mod and wanted help fixing it so he didn't have to tell his parents he'd hosed up the computer. He claims that after downloading some mods a pop-up appeared saying he was being hacked, and that the entire computer then stopped taking commands from him and his Minecraft character started moving around on its own. At my urging he pulled the plug on the machine and hasn't turned it on since. I know he was doing stupid poo poo in search of mods/hacks because he admitted to getting one from loving 4shared of all places, but he's also a bit developmentally delayed and extremely not computer-savvy, so I have to take his descriptions of anything technical with a big grain of salt. That said, does this sort of thing happen in the community? If so, is this something to be seriously concerned about, or is it just a dumb prank that will succumb to safe mode and a virus scanner?
|
# ? Oct 14, 2021 04:46 |
|
Captain Monkey posted:What modpack are you using? I’ve been trying to scratch my thaumcraft itch and I haven’t played through 6 yet. We're playing Roguelike Adventures and Dungeons. I've almost 100%ed the book, currently working on the super-late Impetus tech from Thaumic Augmentation. I've done so much stuff in TC that I've never tried before. I've leaned incredibly heavy into Thaumcraft, with Electroblob's for more supporting buffs that TC doesn't really offer. I've got golems (my first time getting them to do gently caress-all of use) handling my Mystical Agriculture crops, incredibly powerful armor, dragonbone weapons, and have completed my first Eldritch Citadel and stripped it for parts for my tower. The endgame of Thaumic Augmentation is kind of annoying (the enemies are super aggressive and the warp builds up), but the gear looks awesome and offers a lot of great additions and fun tools overall. I really like Impetus, it's a cool throwback to the old Aura system. Though, I am fully sick of Crimson Cult ambushes and other irritating warp effects. Basically, I'm focusing on magic and introducing mods and gear in my tower, they're learning modded MC (one's done Sky Bees with one, one's pretty new) and exploring. I'll probably be teaching TC and probably Embers, which I'll move onto once I successfully set up Impetus generation and storage. Next up is probably going into a However, we've been having a lot of fun. First up is my increasingly "is, uh, that guy alright?" wizard tower, then the rest of our little starter town and increasingly-populated village. My tower and house. My friend's houses and other buildings around town: Echophonic fucked around with this message at 05:54 on Oct 14, 2021 |
# ? Oct 14, 2021 05:44 |
|
Kestral posted:Is getting a virus from a sketchy Minecraft download actually a thing? I've never heard of people getting actual viruses from minecraft mods, but I also don't know anyone that would download a mod from 4shared. Considering mods are effectively extra java code that runs when minecraft loads, you could definitely write a malicious "mod" that is actually a virus and takes over your computer via minecraft. It'd be especially easy to get a virus if you download a file that claims to be an installer for a mod. I'd take it seriously, but most viruses can be removed via safe mode and a virus scanner anyway. The most likely result from this is that the kid had his account stolen.
|
# ? Oct 14, 2021 06:21 |
|
Kestral posted:Is getting a virus from a sketchy Minecraft download actually a thing? My kid virus'd up our computer a few years ago trying to download an adventure map. I'm sure there are a zillion predatory sites that use minecraft as their bait because young kids aren't going to have learned to play "which of these seven buttons that say download is the real one?".
|
# ? Oct 14, 2021 13:10 |
|
Depending on how they downloaded the mod, it's completely legitimate - minecraft mod download sites have the most predatory and confusing "click here to download" type ads and malware that I've ever experienced in my long history of modding, so that's what probably happened, it's probably not the mod itself. As to what they accidentally ran and how to clean it up, uhhh good luck. It can be anywhere on the spectrum from "shady software the cleanly uninstalls when you ask" to "straight virus that hides through anything but a complete flatten and reinstall" Bhodi fucked around with this message at 15:51 on Oct 14, 2021 |
# ? Oct 14, 2021 15:48 |
|
So, last time I played Minecraft, was somewhere before it got sold off to Microsoft and my login doesn't appear to work any more. Do I have to buy minecraft again? I bought the game back when it was just a silly block placing engine back in Alpha.
|
# ? Oct 14, 2021 15:55 |
|
Ssthalar posted:So, last time I played Minecraft, was somewhere before it got sold off to Microsoft and my login doesn't appear to work any more. https://help.minecraft.net/hc/en-us/articles/4403181904525-How-to-Migrate-Your-Mojang-Account-to-a-Microsoft-Account
|
# ? Oct 14, 2021 16:00 |
|
Bhodi posted:https://help.minecraft.net/hc/en-us/articles/4403181904525-How-to-Migrate-Your-Mojang-Account-to-a-Microsoft-Account Thanks. Guess I'll buy it again since it seems like the old hotmail account it was bound to doesn't exist anymore.
|
# ? Oct 14, 2021 16:19 |
|
Sure, this looks safe. Don't have rift stabilization started yet, but polluting the gently caress out of a Dimensional Doors block seems fine. Edit: God drat, Thaumic Augmentation lets you make some cool-looking poo poo. Echophonic fucked around with this message at 21:35 on Oct 14, 2021 |
# ? Oct 14, 2021 18:00 |
|
Thanks folks, looks like we've got some troubleshooting to do tonight. Fingers crossed!Bhodi posted:Depending on how they downloaded the mod, it's completely legitimate - minecraft mod download sites have the most predatory and confusing "click here to download" type ads and malware that I've ever experienced in my long history of modding, so that's what probably happened, it's probably not the mod itself. God, this is so true. Apparently the reason he went on sketchy sites is that all the mods he "downloaded from curseforge wouldn't work," so I went there on a completely stock Internet Explorer (yes, he uses IE, yes, it makes me shudder), and oh my god it's a nightmare. I haven't seen the internet unfiltered by uBlock Origin and NoScript for years, so I had no idea what they were up against. I'm reasonably certain I would have clicked one of those hostile links at least once, and I've been doing this for a long-rear end time. I suppose this is a lesson for folks with kids in their lives, either your own or family friends and such: take some time to make sure they're using real browsers with adblockers, you'll save them a lot of time and aggravation, and you won't end up having to unfuck their computers down the line (as much).
|
# ? Oct 14, 2021 18:37 |
|
So, I've never used Create, but a friend has been talking it up so much I'd like to give it a whirl. Anyone have any recommendations for a pack built mostly around, or heavily involving, Create? Ideally a progression/quest-based pack that doesn't assume you already know how to use it, but I'll take what I can get.
|
# ? Oct 15, 2021 08:44 |
|
Vib Rib posted:So, I've never used Create, but a friend has been talking it up so much I'd like to give it a whirl. Anyone have any recommendations for a pack built mostly around, or heavily involving, Create? Ideally a progression/quest-based pack that doesn't assume you already know how to use it, but I'll take what I can get. Create has a really incredibly user-friendly system for teaching you how it works. Any modball sandbox with create in it is all you need to learn it.
|
# ? Oct 15, 2021 21:30 |
|
Impermanent posted:Create has a really incredibly user-friendly system for teaching you how it works. Any modball sandbox with create in it is all you need to learn it. I'll look around then, thanks. Of course if anyone has any pack recommendations with Create I'm still open to suggestion.
|
# ? Oct 16, 2021 02:17 |
|
Vib Rib posted:drat, guess I'm just so used to big mods with no documentation that I expected it to be an impenetrable learning experience. It's a refreshing change of pace when a mod includes its own path to learning. Come play Wizardly: https://discord.gg/goonscx
|
# ? Oct 16, 2021 03:10 |
|
|
# ? Jun 3, 2024 22:02 |
|
https://twitter.com/TechnicPack/status/1449407691290464258?t=vTUPedy2sWAaTkJi4V7WxA&s=19 huh, wasn't expecting that
|
# ? Oct 16, 2021 17:28 |