|
FeloniousDrunk posted:I don't. Sometimes one gets a little wrapped up in one project, etc. Part of the reason I posted here rather than on Hacker News or something, is that it's good to get feedback from a smaller group. So now I am going to get some secure delivery, because I hadn't thought of that particular possibility. Thanks. Anything else? Who is your target audience for this? People paranoid enough to generate pseudorandom 24-character passwords for everything but stupid enough to trust some random script on the Internet to handle their passwords?
|
# ¿ Sep 4, 2016 08:00 |
|
|
# ¿ May 8, 2024 11:15 |
|
Rufus Ping posted:spot the mistake in his primality test So wait does he only use sub-10k prime numbers? Because that seems familiar... have no time to find out why, though.
|
# ¿ Sep 4, 2016 18:40 |
|
flosofl posted:Look at the link in the comment right before yours.
|
# ¿ Sep 4, 2016 19:04 |
|
andrew smash posted:is there a larger story to this or is it just an illustrative example of general stupidity? The story is don't roll your own crypto.
|
# ¿ Sep 4, 2016 20:38 |
|
ming-the-mazdaless posted:Honest is not brutal. It's literally called "brutal honesty" you dork
|
# ¿ Sep 5, 2016 14:33 |
|
OSI bean dip posted:It helps to ask questions. I don't invite people to these events to have them embarrassed as I'd rather see people learn than anything else.
|
# ¿ Sep 6, 2016 05:22 |
|
pr0zac posted:It's probably hard to believe but security nerds are generally a lot nicer in real life than online. No way computer geeks talk tougher on the Internet than face-to-face.
|
# ¿ Sep 7, 2016 09:08 |
|
big black turnout posted:If you're like me, its because even though the automated update process interrupted me doing things several times on two separate machines, it always ended with it automatically rolling back to 8.1 with a failed install Personally I'm only on 8.1 because my computer's manufacturer doesn't make drivers for 7.
|
# ¿ Sep 8, 2016 21:27 |
|
Is there anything wrong with Enigmail for Thunderbird?
|
# ¿ Sep 8, 2016 22:12 |
|
Rufus Ping posted:Apart from that time it had a bug that silently failed to actually encrypt messages when you told it to? And then the dev said it wasn't an issue Do tell
|
# ¿ Sep 8, 2016 23:28 |
|
Apparently he got banned for spamming that all over
|
# ¿ Sep 23, 2016 18:06 |
|
Forgall posted:Are DDOS a theoretically solvable problem? Theoretically, anything is solvable!* *Theory may not have any grounds in reality. I suppose you could do something like roll out a change of standards that renders all botnets incapable of using the devices they've captured to communicate with servers, and then ensure that everything made to the new standards closes all the known loopholes. But that would only solve it until they figured out another way to bypass ultimately profit-motivated security, and it would be extraordinarily disruptive to normal usage along with a whole host of other problems. Basically DDoS potential grows with the speed and convenience of the Internet, so there's no way to choke it out completely without rolling back all that progress. I think it's really based on how many devices you can enslave rather than how quickly any particular device can communicate with the Internet, anyway, which is why the IoT is empowering those hackers so much. Honestly, it sounds like the companies making these cameras and such have made some token attempt at securing them, but their primary focus is on capitalizing on a growing market and in their view they simply don't have time to sit around and consult professionals and do pentests and poo poo. Sometimes the Internet grows too fast for its own good, I guess?
|
# ¿ Oct 23, 2016 21:34 |
|
Considering that hackers seem to hit most of their IoT targets by just scanning until they find something vulnerable, I'd wager that there's no such thing as obscurity on the Internet. If you exist, you will get tested.
|
# ¿ Oct 24, 2016 03:06 |
|
flosofl posted:What problem is that whole image thing supposed to solve? My only problem with 1Password is that its browser extension doesn't work with Iridium, at least with 1Password 6.
|
# ¿ Nov 8, 2016 16:20 |
|
Hello goons, something just occurred to me today. If "correct horse battery staple" is a good format for a password, couldn't you easily use quotes as something just as individual, secure, and even more memorable? It seems like subbing it with, say, one of my favorite sayings from Voltaire, gives me 150 bits of entropy to the horse's 107.
|
# ¿ Nov 14, 2016 18:13 |
|
hobbesmaster posted:Well, now that you've posted this from glancing at wikiquote's maybe 100 quotes on its voltaire page its more like 6 bits. I guess I'll be nice and give you the french too increasing that to 7 bits. I wouldn't actually use that any more than CHBS. But it's not like Voltaire quotes are the only ones you can use as passwords. Goodreads currently has hundreds of thousands of quotes on its site. How many bits is that? Wiggly Wayne DDS posted:well no. limited amount of 'unique' quotes/lyrics Technically limited, perhaps, but functionally infinite. Using a Voltaire quote would kind of be like using "password." I'm just pointing out that by using quotes in general, you can create something more easily memorable since we remember quotes all the time, and it often ends up being higher entropy.
|
# ¿ Nov 14, 2016 18:45 |
|
Forgall posted:Less then 20. An equivalent of 3 character password. Okay, just curious.
|
# ¿ Nov 14, 2016 19:09 |
|
Trabisnikof posted:People had your exact idea for "brainwallet" in bitcoins but pretty much the bots win no matter how obscure. People post about obscure poetry in local non-English dialects being used. Of course, bitcoin's not exactly always secure to begin with. The flaws in it make sense. What about making up your own quotes? A sentence still seems more memorable than four random words, but if they're not assembled in any dictionary already then they're not any more vulnerable to a brute force attack, correct?
|
# ¿ Nov 14, 2016 20:43 |
|
Why are you epoxying the USB ports? Can't you just take a screwdriver to them?
|
# ¿ Nov 22, 2016 06:31 |
|
Fair enough. It's less of a permanent solution than rendering the port inoperable, though.
|
# ¿ Nov 22, 2016 07:47 |
|
Someone repost the bug bounty for PayPal's 2FA where the guy just completely bypassed it by editing the URL
|
# ¿ Dec 4, 2016 07:25 |
|
Context, please.
|
# ¿ Dec 16, 2016 10:20 |
|
I like how they PGP signed that message, presumably with OpenPGP
|
# ¿ Dec 22, 2016 00:04 |
|
That's a convenient way but not particularly safe.
|
# ¿ Jan 1, 2017 09:48 |
|
Repost vulnerabilities that allow malware to escape containment ITT, the antivirus ones are always funny
|
# ¿ Jan 12, 2017 00:07 |
|
Platystemon posted:My address is 0:0:0:0:0:0:0:1. This but unironically: 127.234.43.124
|
# ¿ Jan 12, 2017 19:21 |
|
That's not all. You also get some free use out of their security exploit-riddled service.
|
# ¿ Feb 24, 2017 07:04 |
|
vOv posted:Telling people 'you should change every password you have' seems like a great way to make them go 'eh why bother' and not change anything. "Change every password you have, starting with the most important ones, until you get bored"
|
# ¿ Feb 24, 2017 20:55 |
|
Volmarias posted:0 passwords later If users are determined to be stupid, what can you do to prevent them from compromising themselves? They will just tell someone their password when emailed about it anyway.
|
# ¿ Feb 24, 2017 21:15 |
|
Subjunctive posted:Is it not stupid to stop when bored of the process, as you proposed? How far do you have to go in the list to be smart, if not to the end? Fair enough. If you don't consider any of your accounts important enough to take action to protect them, that doesn't necessarily make you stupid.
|
# ¿ Feb 24, 2017 21:46 |
|
flosofl posted:I feel like you missed a joke or something? Yeah that seems sarcastic to me.
|
# ¿ Feb 26, 2017 04:32 |
|
Very obvious, that's why you're the only person in the thread who sees these obvious, definitely good reasons.
|
# ¿ Feb 26, 2017 05:02 |
|
I still don't get how that makes it easy to gently caress up a copy/pasted password?? I mean obviously it's tripe. But I don't understand the internal logic either.
|
# ¿ Feb 26, 2017 06:14 |
|
It's never backfired on me, therefore it is good security practice.
|
# ¿ Feb 27, 2017 23:42 |
|
No news is quite literally good news in infosec.
|
# ¿ Mar 1, 2017 06:38 |
|
Platystemon posted:Why do so devices/services/programs insist on masking passwords when I’m entering them, with no checkbox to display the password? There's also streaming and OTA tech support. But that's why a lot of software lets you disable the masking, yeah.
|
# ¿ Mar 8, 2017 08:20 |
|
Absurd Alhazred posted:MD5 is deader than dead. GIF that owns itself
|
# ¿ Mar 8, 2017 20:50 |
|
Dex posted:personally i'm shocked that spies have been spying on people "First, though, a few general points: one, there's very little here that should shock you. The CIA is a spying organization, after all, and, yes, it spies on people." e: quote:In some good news for privacy advocates it appears that the CIA has had no luck in cracking the popular encrypted chat protocol created by Whisper Systems, which is used in Signal and WhatsApp. I'm proud of them, good job Whisper Systems Cup Runneth Over fucked around with this message at 10:11 on Mar 9, 2017 |
# ¿ Mar 9, 2017 09:46 |
|
Dex posted:yes, that's exactly the line i was posting about, good job source your quotes
|
# ¿ Mar 9, 2017 12:16 |
|
|
# ¿ May 8, 2024 11:15 |
|
Dex posted:you already did that for me, thanks you're welcome
|
# ¿ Mar 9, 2017 13:12 |