|
OSI bean dip posted:minilock is getting a per user salt! (Thanks for not updating the README, I'd much rather this be left to me)
|
# ? Jul 24, 2014 05:21 |
|
|
# ? May 14, 2024 12:21 |
|
Wonderful. I think we all clearly agree that using emails as salt is the right way to proceed. Leave it to me, I'll work on this pull request and wrap it all in some UI magic! Watch the salt branch.
|
# ? Jul 24, 2014 05:28 |
|
what a pretentious gently caress
|
# ? Jul 24, 2014 05:28 |
|
i'm incredibly confused by the whole approach they're taking. why is the salt attached to the actual encryption key and not tacked onto the encrypted file like an iv or something?
|
# ? Jul 24, 2014 05:42 |
|
Dessert Rose posted:what a pretentious gently caress
|
# ? Jul 24, 2014 05:42 |
|
ultramiraculous posted:i'm incredibly confused by the whole approach they're taking. It is good to see your brain is properly functioning
|
# ? Jul 24, 2014 05:45 |
|
yeah i made the mistake of reading more about it. it's a train wreck top to bottom.
|
# ? Jul 24, 2014 06:16 |
|
it just hurts to try to piece everything together. it's roll-your-own-key-management that somehow manages to be both lazy and overwrought.
|
# ? Jul 24, 2014 06:21 |
|
what amazes me about the new wave of roll your own crypto is that no one bothers to write the math on paper/latex they just plug algos into each other as if they were legos they could be writing f-1(f(x)) and they have no idea
|
# ? Jul 24, 2014 09:09 |
|
Dessert Rose posted:what a pretentious gently caress You're telling me? I really think we're onto something great here.
|
# ? Jul 24, 2014 10:20 |
|
I read too far down that page. Are they all complete idiots. Could they not just randomly generate the salt evry time and not even show the user???? im so mad about this thing i will never use
|
# ? Jul 24, 2014 13:42 |
|
When u get that many idiots agreeing with each other it really makes me question my sanity
|
# ? Jul 24, 2014 13:43 |
|
ChickenOfTomorrow posted:definitely sounds like an infosec worker to me this but all of it
|
# ? Jul 24, 2014 13:47 |
|
Shinku ABOOKEN posted:what amazes me about the new wave of roll your own crypto is that no one bothers to write the math on paper/latex tbf im pretty sure they wouldn't understand what f-1(f(x)) means anyway
|
# ? Jul 24, 2014 13:49 |
|
Shinku ABOOKEN posted:what amazes me about the new wave of roll your own crypto is that no one bothers to write the math on paper/latex encryption legorithm
|
# ? Jul 24, 2014 14:06 |
|
pr0zac posted:off chance there are any non-olds in this thread the security team at facebook is doing a scholarship thing for defcon this year i'd love to get in on that but i'm in america's ugly cousin canada
|
# ? Jul 24, 2014 14:08 |
|
flakeloaf posted:encryption legorithm
|
# ? Jul 24, 2014 14:09 |
pr0zac posted:i have no power at facebook and simply want that sweet sweet referral moneys score
|
|
# ? Jul 24, 2014 14:17 |
|
flakeloaf posted:encryption legorithm Everything is awesome! Everything is cool when you don't have a clue! Everything is awesome... when you make crypto scream! ♬ Volmarias fucked around with this message at 15:05 on Jul 24, 2014 |
# ? Jul 24, 2014 15:02 |
|
flakeloaf posted:encryption legorithm
|
# ? Jul 24, 2014 15:04 |
|
flakeloaf posted:encryption legorithm Mods Wait
|
# ? Jul 24, 2014 15:17 |
|
|
# ? Jul 24, 2014 15:29 |
|
pr0zac posted:i have no power at facebook and simply want that sweet sweet referral moneys I wish I could have put something that cool on mine, maybe I should have said I know the person who goatse'd the Twitter wall at RSA
|
# ? Jul 24, 2014 15:39 |
|
flakeloaf posted:encryption legorithm
|
# ? Jul 24, 2014 15:39 |
|
bobbilljim posted:When u get that many idiots agreeing with each other it really makes me question my sanity this but everything pop-culture-related since like 1999 i'm old
|
# ? Jul 24, 2014 16:16 |
|
quote:I think the fundamental problem is that we're trusting the user to handle key management period. Copying and pasting or transcribing 44+ character psuedorandom strings is the underlying shortcoming of the architecture, IMO. It's almost like practical identity management and practical key management is the big security user experience problem we've been trying to solve for the last 30 years!
|
# ? Jul 24, 2014 16:26 |
|
mom won't buy me the useful bricks library so i have to make my own
|
# ? Jul 24, 2014 16:48 |
|
i posted this on FD a while ago but here's an interesting search https://canary.pw/search/?q=GrenXParta you can see when viewing 'related' that there are a lot of copycat 'dumps'
|
# ? Jul 24, 2014 17:20 |
|
|
# ? Jul 24, 2014 17:23 |
|
cool, you should now kill yourself, and please don't attempt to make any more cryptography software
|
# ? Jul 24, 2014 18:14 |
|
this was shared on #yossec https://github.com/kaepora/miniLock/commit/9185536eebd1120a8889d86968b3ff3afc8df997
|
# ? Jul 24, 2014 18:48 |
|
L O fuckin L
|
# ? Jul 24, 2014 18:51 |
|
ugh this encryption LEGO piece only comes in a 4x4 square and doesn't fit my bitchin' cat spaceship. I know, I'll just use a few 1x4 home brew pieces, put em here... and here and it'll work just fine
|
# ? Jul 24, 2014 19:00 |
|
BeOSPOS posted:ugh this encryption LEGO piece only comes in a 4x4 square and doesn't fit my bitchin' cat spaceship. I know, I'll just use a few 1x3 home brew pieces, put em here... and here and it'll work just fine
|
# ? Jul 24, 2014 19:02 |
|
OSI bean dip posted:this was shared on #yossec Glorious
|
# ? Jul 24, 2014 19:30 |
|
ugh just make a trusted platform module that communicates via nfc and can be implanted in the user's forehead duh
|
# ? Jul 24, 2014 20:07 |
|
not so muchh a fuckup, just really kind of dumb, mlmp. the following is the mechanism which SamoaNIC use to obfuscate the contact email address on their website: from index.dhtml: code:
code:
|
# ? Jul 24, 2014 20:15 |
|
cheese-cube posted:not so muchh a fuckup, just really kind of dumb, mlmp. the following is the mechanism which SamoaNIC use to obfuscate the contact email address on their website: eh, seems like an effective way to stop an automated tool. heh, automated tool
|
# ? Jul 24, 2014 20:31 |
|
obfuscating your e-mail ityool2014 and not just letting your anti-spam software deal with it seems kind of silly
|
# ? Jul 24, 2014 20:44 |
|
|
# ? May 14, 2024 12:21 |
|
why do Girl Scout cookies have a NIC
|
# ? Jul 24, 2014 21:26 |