envis10n [he/him] @ envis10n @hexbear.net

Posts

3

Comments

350

Joined

2 yr. ago

Game rated M and the ESRB suggests 17+, most kids have to get money from their parents to buy it: STOP MAKING THIS GAME FOR CHILDREN

What rules you sons of bitches

I just hate fucking sites that tell me it has to be under 16 characters. Like wtf

I don't mean to imply that it should be everywhere, rather it is appealing as an option when the only other option is to roll your own setup.

It's useful for connected services, orgs, etc. Especially when it comes to easily setting up access controls. But you're right, it's not a solution that should be used everywhere due to the fact that a single point of failure is bad.

Btw this has been a great discussion and I hope that others reading this might help further the goal of creating a safer internet

Absolutely agree on the usage of a password manager. And yes, as hardware increases in power we run into the issue of timelines being shorter. I disagree on MD5 being not totally broken, considering a collision can be found in seconds on even low end hardware these days. Even salted, a collision would still be viable.

Again, the real problem overall is adoption. Getting people to use better passwords/phrases that are less likely to be brute forced. Everyone should be using non-SMS 2FA, ideally with an authenticator app or physical key. As well, password length should only be limited by a minimum value rather than being in a small range. Services should be using algorithms that are recent, well audited, and have the ability to artificially inflate the time taken to get the result for future-proofing. SSO is also an option, since services without IT departments or people with the ability to handle passwords should offload it to a service that can. SSO as a service provider is very appealing, as you no longer have the responsibility of storing sensitive hashes and account information.

I use randomly generated passphrases that do use symbols and integers. It's easier to type if I'm copying it from my manager manually. I really dislike the focus some services have on maximum length.

My argument would be that 300 years vs 600 years is meaningless when the human lifespan is so much shorter. At that point, who gives a shit? I'll personally take a passphrase I can easily remember over doubling the already insanely long amount of time it would take to brute force the phrase.

Most people pick bad passwords because it's easier to remember. Why not encourage them to use something that is both easy to remember AND more secure than the original?

The other aspect is the actual hashing algorithm used for storing and validating the input. Using a system that allows for artificially inflating the amount of time required (bcrypt rounds for example) makes it easier to mitigate a brute force attack. If the service is using an algorithm that is ready "broken" then it really doesn't matter what you used as the input.

The goal is not to reach the most secure system, rather to increase overall security by getting as many people to use things that are better than before while balancing usability. There's a reason not everyone uses 2FA, or has physical devices for it.

Even then, you're better off with a passphrase as they are longer, easier to remember, and are harder to brute force. It's like a dictionary resistant password.

Have you ever kneeled on a black man until he died?

"While we disgree with this post, some words strongly, we are unable to take any action. We give our condolences."

Yes but, he did say strongly on some things.

Oof

Do you have your secondary poster waiting in the wings? Just in case your posting keyboard breaks.

Omfg I posted about this and just noticed you pointed it out already lol. I was trying to figure out why grapes were involved

I read the top text as "THE GRAPES ARE IN". I was so confused

I could have gone my whole life without reading that slop. You get the

He said he "DISAGREED WITH HIM ON MANY THINGS"

Oddly specific

Danger friend

Look at this goober

chocked lol

Also god dammit why did he have to do that