|
LastInLine posted:A couple points of contention, with the admission that what you're saying is essentially correct. I'm not sure how the implementation keeps the salt safe, but this is a good point. LastInLine posted:I'd also point out that you're not just trusting Google and its infinite money with your vault, you're trusting the manufacturer of your phone, the developer of the apps required to sync and use it, your computer and its security along with all the first and third parties making applications for that, and still likely more beyond that. Yep you're absolutely right about the use of the app and syncing introducing new points of failure in the chain. My post was already getting super wordy so I was hoping saying "coming up with a contrived situation" would cover my intent, but it's not the best choice of words and I can't think of anything better. But yeah, don't reuse passwords and get really mad at websites with stupid password requirements that don't let you easily generate randomized stuff for it or prevents pasting passwords into the form.
|
#
?
Feb 12, 2020 01:26
|
|
|
|
| # ? Jun 8, 2024 20:00 |
|
|
Salts mean two identical passwords get different hashes. If an unsalted database leaks and the hackers find out one password, they can simply look for other identical hashes and know that any matching ones will have the same password. This makes brute forcing much easier as you can go through the password dictionaries, generate a hash for "abc123" and immediately look through an indexed database for any matches, attacking all the users at the same time. So a salt protects against this, then they have to try user by user. But if you use an unsafe password, they are probably going to find it anyway.
|
|
#
?
Feb 12, 2020 04:41
|
|
|
Ola posted:Salts mean two identical passwords get different hashes. If an unsalted database leaks and the hackers find out one password, they can simply look for other identical hashes and know that any matching ones will have the same password. Sorry if I was unclear. I mean to say that in addition to using your password manager's password to encrypt the vault database, BW and 1P add to it a key unique to your account. This is to do exactly what you described but another layer up. If, say, Bitwarden's encrypted vaults were all leaked (as LastPass's have been), vaults with the same password won't have identical hashes.
|
|
#
?
Feb 12, 2020 05:30
|
|
|
I'd assume every password manager salts their database, otherwise, that'd be a very strange omission. Don't think it's an argument in favor of a specific product. A salt is stored in plain text, it exists to thwart rainbow table attacks. It's standard practice for pretty much anything that stores passwords; even a forum should salt their stored hashes. I'd be highly surprised if Lastpass didn't salt theirs. Lambert fucked around with this message at 12:56 on Feb 12, 2020 |
|
#
?
Feb 12, 2020 12:53
|
|
|
Straight from the horse's API, for those who want to read up on it: https://help.bitwarden.com/article/what-encryption-is-used/ quote:Bitwarden uses AES 256 bit encryption as well as PBKDF2 to secure your data. Lastpass has a nice PDF with more details. https://enterprise.lastpass.com/wp-content/uploads/LastPass-Technical-Whitepaper-3.pdf They even added a few iterations of key derivation so they have "best in class", hehe. For those who aren't that familiar with the terminology, a key is almost like a password. PBKDF2 takes your password and smooshes it around one hundred thousand times, it then becomes the "password" of the encryption. tl;dr it's good, but if your master password is bad, nothing helps.
|
|
#
?
Feb 12, 2020 13:42
|
|
|
I'm using LastPass with a long, weird, punctuated sentence as my pass phrase, plus Google Authenticator. I figure that's about as secure as I can reasonably make it. But still, last week, I kept getting emails about every 20 minutes that someone was trying to log into my account. I was really paranoid after about the 20th email, but then figured out that my laptop was connected to a Canadian VPN node for some reason, and felt much better about it all.
|
|
#
?
Feb 12, 2020 15:36
|
|
|
Have all the shsc guys who seemingly had a keyword hotline for lastpass been banned or something? It's been very odd having all this talk about it without one of them come barreling into the thread screaming how LP is a hatecrime or something the moment it is mentioned
|
|
#
?
Feb 12, 2020 17:31
|
|
|
Skarsnik posted:Have all the shsc guys who seemingly had a keyword hotline for lastpass been banned or something? This is not a constructive nor good post. CLAM DOWN fucked around with this message at 18:04 on Feb 12, 2020 |
|
#
?
Feb 12, 2020 17:55
|
|
|
There's an OS OpSec thread which has password manager and their nuances discussion, and more: https://forums.somethingawful.com/showthread.php?threadid=3723583
|
|
#
?
Feb 13, 2020 16:03
|
|
|
I'm looking for an app I can use to scan a bunch of barcodes and send the numbers to me. I used to use Barcode Scanner and its batch mode but it doesn't work on my Pixel 4. Everything I've seen either tells me to use QR mode on the camera (I have to manually copy each one into an email or message) or is an entire inventory management system wanting $fuckoff per year. I just want to hit a button, scan ~30 barcodes, then press a button on the screen to copy all of that data to the clipboard. Is there anything that I can use for that?
|
|
#
?
Feb 14, 2020 18:08
|
|
|
Does anybody know of an app that will tell me how many times I've unlocked my phone and at which times, like a log? Is this a built in feature somewhere in Android? Or better yet, if any app can use the whateverscope and tell me how many times I even pick up my phone (to look at the aod). My sleep quality is worsening and I find myself waking up 2 to 3 times every night and checking my phone, but I never remember what times it was and want to find out.
|
|
#
?
Feb 16, 2020 22:44
|
|
|
I dunno, but maybe look into the Digital Wellbeing section of the settings and see if you can find some compromises that work for you. Or keep the phone in another room at night.
|
|
#
?
Feb 16, 2020 22:55
|
|
|
Samsung health doesnt seem to have than. It just allows me to self report my sleep. The issue isn't that I'm waking up to check my phone, it's that I'm waking up at all, tossing and turning for 30 min, and then looking at my phone because I've become frustrated. Most of the time a boring thread on SA puts me back to sleep, but it's starting to get where I'll go to bed at 10, wake up at 1 to 2ish for no apparent reason, fall asleep by 3ish and then wake up again at 4 to 5ish. I'm spending 8 hours in bed but only sleeping for 5 of them and it's starting to affect my day to day and especially gym days. I want to figure out the exact times and if there's a pattern (I track my diet and exercise as well so I could at least start comparing the two). Like I know after a tough workout I'm gonna have a poo poo nights sleep, which seems opposite to most people.
|
|
#
?
Feb 16, 2020 23:14
|
|
|
Shrimp or Shrimps posted:Does anybody know of an app that will tell me how many times I've unlocked my phone and at which times, like a log? Is this a built in feature somewhere in Android? Check out Moment. I used it for a bit and it was depressing.
|
|
#
?
Feb 16, 2020 23:47
|
|
|
Medullah posted:Check out Moment. I used it for a bit and it was depressing. Thank you, this looks like it could be it! And it seems I can enable tracking only through certain hours (like 10 to 6am aka my consistent bed times) as well which perfectly fits what I'm looking for. Edit: lol seems that it can't figure out how to track 10pm to 6am because 6am is "before" 10pm. It doesn't bridge over to the next day. Oh well I'll just track my full day and, I guess, prepare to be surprised. Shrimp or Shrimps fucked around with this message at 00:01 on Feb 17, 2020 |
|
#
?
Feb 16, 2020 23:56
|
|
|
Just installed that. It says the average Moment user spends 23% of their time using their phone. Wonder how much I'm gonna beat that by.
|
|
#
?
Feb 17, 2020 00:11
|
|
|
WhatsApp question: Is there any way to have a contact pic that I have for someone in my Google Contacts app take precedence over whatever they have set for themselves within WhatsApp? I hope my wording of that sentence makes sense.
|
|
#
?
Feb 19, 2020 08:09
|
|
|
CLAM DOWN posted:WhatsApp question: Is there any way to have a contact pic that I have for someone in my Google Contacts app take precedence over whatever they have set for themselves within WhatsApp? The obvious way would be to disable contact sync from Settings > Accounts if it's there. Next attempt would be denying access to contacts but that might prove problematic.
|
|
#
?
Feb 19, 2020 08:24
|
|
|
LastInLine posted:The obvious way would be to disable contact sync from Settings > Accounts if it's there. Next attempt would be denying access to contacts but that might prove problematic. Sorry, maybe I misspoke. I want the contact photo I have set for someone in Google Contacts to show up at their contact picture in WhatsApp - like how it works in Google Message for texting. Current behaviour is whatever someone sets in their own WhatsApp for a contact photo shows up for me.
|
|
#
?
Feb 19, 2020 08:40
|
|
|
CLAM DOWN posted:Sorry, maybe I misspoke. I want the contact photo I have set for someone in Google Contacts to show up at their contact picture in WhatsApp - like how it works in Google Message for texting. Current behaviour is whatever someone sets in their own WhatsApp for a contact photo shows up for me. WhatsApp is always going to be providing the data you don't want, but this shows you how to do it at least temporarily. I would assume that WhatsApp will continually replace those with the pictures of your contacts' choosing. Given that WhatsApp is the source of the problem, you won't be able to stop it unless they provide an option to do so.
|
|
#
?
Feb 19, 2020 09:16
|
|
|
LastInLine posted:WhatsApp is always going to be providing the data you don't want, but this shows you how to do it at least temporarily. I would assume that WhatsApp will continually replace those with the pictures of your contacts' choosing. Given that WhatsApp is the source of the problem, you won't be able to stop it unless they provide an option to do so. Gotcha. Seems to be a "working as intended" thing that doesn't quite work how I want, so I'll have to live with it. Thanks!
|
|
#
?
Feb 19, 2020 09:29
|
|
|
Incessant Excess posted:I know you have already mentioned stuff like banking details and site recognition being lacking in Bitwarden but I'd be interested in a more detailed post about the differences between Bitwarden and 1Password, should you start using the latter. I'm pretty satisfied with Bitwarden, so I imagine it's unlikely for me to switch but I'm not fundamentally opposed to paying for a password manager, as I have also bought the premium features on Bitwarden. tl;dr: Stick with Bitwarden if you're happy. The longer story is that 1Password really shows its roots as a KeePass-style local vault that is being dragged unwillingly into the future. It's got a confusing set up and odd limitations all springing directly from design decisions made around obsolete ideas. It all works, it just does so in occasionally roundabout ways that range from annoying through confusing past frustrating to not at all. Bear in mind that my friend wanted me to compare and contrast this to LastPass for him and in that regard it's not really better or worse, it's just different; better in some places and worse than others. I recommended 1Password to him because I don't see a viable path forward for LastPass given their recent sale, the fact that the product hasn't been touched for two years outside of a tripling of the subscription price, and their support only comes in two flavors: non-existent and hostile. For all the things I miss about LastPass and dislike about 1Password, I can't argue that they aren't friendly, responsive, and actively developing the thing. I didn't think it would be this way but it turns out your request was far more interesting. After trying Bitwarden, LastPass, and 1Password, it really feels like Bitwarden is the result of someone trying LastPass and 1Password and being frustrated with both. My experience with Bitwarden made me come away feeling that it's a few areas of improvement away from being what I'd want, like if it just had a good project manager to focus on problem areas it'd be so much better. But because of its open source single-developer nature, I just didn't have faith it would ever get there. I could see how if I was that developer, and I designed around my own preferences for how things should be, that Bitwarden would be the perfect midpoint between LastPass and 1Password. That's why I've got to say that if you're happy with Bitwarden, stick with it. If you have specific complaints about Bitwarden that you're wondering whether 1Password handles better the answer is it probably does, but I'd say for every "this is better" there'd be another "this is worse" that would bother you just as much. Hope this helps.
|
|
#
?
Feb 20, 2020 06:32
|
|
|
Here's something fun. I just got an unexpected warning about low storage space. Digging around to see where all that space went. I see that the Samsung Members app has managed to generate 18 gigabytes of log data in the past week. The first THREE SECONDS of the log take up 6557 lines. So, uh, if you're not sure why your Galaxy phone is low on storage, check com.samsung.oh
|
|
#
?
Feb 20, 2020 06:47
|
|
|
I never bothered making a Samsung account when I got my note 9. Is there anything worth using that requires one?
|
|
#
?
Feb 20, 2020 16:21
|
|
|
The main thing I can think of is Samsung pay.
|
|
#
?
Feb 20, 2020 17:40
|
|
|
Dramicus posted:I never bothered making a Samsung account when I got my note 9. Is there anything worth using that requires one? If this was prompted by my post, I should clarify that I haven't made a Samsung account either, so all I got from that Samsung Members app were notifications when a charger was slow and reminders to occasionally reboot. The literally millions of lines of logging per day were definitely worth it. On the upside, it turned out to be one of the few Samsung apps you can uninstall without a fight.
|
|
#
?
Feb 20, 2020 20:03
|
|
|
LastInLine posted:tl;dr: Stick with Bitwarden if you're happy. Yea, sounds like I'm just fine where I am. Thanks for the write-up!
|
|
#
?
Feb 20, 2020 20:08
|
|
|
Toast Museum posted:If this was prompted by my post, I should clarify that I haven't made a Samsung account either, so all I got from that Samsung Members app were notifications when a charger was slow and reminders to occasionally reboot. The literally millions of lines of logging per day were definitely worth it. On the upside, it turned out to be one of the few Samsung apps you can uninstall without a fight. I see, I just checked my "members" app and didn't see anything anomalous. I uninstalled it anyway because I never use it.
|
|
#
?
Feb 21, 2020 02:22
|
|
|
Don't recall which came first, but in the past couple of weeks two things occurred: I got an Opinion Rewards survey about my sleep habits, and I got one of those "here's some apps you might like" notifications from the Play Store suggesting some sleep-related apps. Then a few days ago, unlike anything I've ever received in the mail, I got a couple of free samples of Unisom, addressed to me by name and I'm not the only person at this address. Am I  for thinking some app has noticed I don't sleep quite like I should and sold that to a marketer? There was the survey but even if it wasn't prompted by anything I assume I lied in the direction of normal like everyone does on those things. I don't use any of the wellness-type apps; AMDroid is the only one I have with an obvious relation to my sleep patterns but I'm guessing that detecting when the phone's user hasn't touched it for a few hours does not require any intrusive permissions and most any app could figure that out.
|
|
#
?
Mar 3, 2020 05:13
|
|
|
Toast Museum posted:Here's something fun. I just got an unexpected warning about low storage space. Digging around to see where all that space went. I see that the Samsung Members app has managed to generate 18 gigabytes of log data in the past week. The first THREE SECONDS of the log take up 6557 lines. Absolutely nuts.
|
|
#
?
Mar 3, 2020 06:02
|
|
|
KICK BAMA KICK posted:Don't recall which came first, but in the past couple of weeks two things occurred: I got an Opinion Rewards survey about my sleep habits, and I got one of those "here's some apps you might like" notifications from the Play Store suggesting some sleep-related apps. Then a few days ago, unlike anything I've ever received in the mail, I got a couple of free samples of Unisom, addressed to me by name and I'm not the only person at this address. I can't help you but here's C-SPAM's cyberpunk dystopia thread. In all seriousness I'm guessing it'd be pretty difficult to track down exactly where this datapoint originated. Do you have Google Home or an Echo device? Could you have searched for topics adjacent to sleep disorders? Some fitness band or sleep monitoring system (I'm guessing you would've thought of this if it were pertinent)? Maybe there's an app you're just using in the middle of the night too often?
|
|
#
?
Mar 3, 2020 06:13
|
|
|
I've been waking up at night and watching too much YouTube instead of sleeping. I notice that I get a ton of ads for sleep apps. I have ad personalization turned off, so I'm assuming that it's just reading that it's 2 am and the ad was scheduled to play at those times.
|
|
#
?
Mar 3, 2020 08:59
|
|
|
I got surveys to do with sleep all the time when I was on night shift.
|
|
#
?
Mar 3, 2020 20:58
|
|
|
Whats a good 3rd party SMS app that will allow for scheduled txt? This is on a pixel4 e: Is textra still a safe app? Or did it get bought out by some scummy app company. Also, Pulse SMS? deong fucked around with this message at 18:00 on Mar 10, 2020 |
|
#
?
Mar 10, 2020 17:09
|
|
|
deong posted:Whats a good 3rd party SMS app that will allow for scheduled txt? Pulse SMS is great
|
|
#
?
Mar 10, 2020 23:40
|
|
|
deong posted:Whats a good 3rd party SMS app that will allow for scheduled txt? I hope Textra is still safe! Did it get bought out at all?
|
|
#
?
Mar 11, 2020 02:13
|
|
|
hooah posted:I hope Textra is still safe! Did it get bought out at all? I'm not aware that it's been bought out and it still works great for me like it has for the last six years or so.
|
|
#
?
Mar 11, 2020 05:46
|
|
|
vyst posted:Pulse SMS is great Isn't pulse SMS from the same guy that did Talon?
|
|
#
?
Mar 11, 2020 11:57
|
|
|
saintonan posted:I'm not aware that it's been bought out and it still works great for me like it has for the last six years or so. Awesome. Thanks. I played with both and I like the textra a little more. So going with that. On the play store, it says that there are ads and paid content. Is there a way to pay for it so that I don't get any of that? I couldn't see a way bouncing in settings and on play store.
|
|
#
?
Mar 11, 2020 18:56
|
|
|
|
| # ? Jun 8, 2024 20:00 |
|
|
deong posted:Awesome. Thanks. I am what they call a Pro User in the settings and I don't see any ads at all. It's been a long time since I bought it, but I'm pretty sure the "in-app purchase" is to make you a pro user.
|
|
#
?
Mar 11, 2020 20:06
|
|