|
gourdcaptain posted:I'd really rather not rely on an LD_PRELOAD hack for something I'm trying to store data with to other people, that sounds like it could break at the worst possible time if they change it again. Already got to screw around with environmental variables to get Discord to work properly... I'd like to note that I screwed up in my post - it's not a 5-year low I just had my ticker set to 5 years and forgot they only IPO'd in the spring. That'll teach me to pay attention to the x-axis. So it's the lowest stock price they've ever had 
|
#
?
Sep 8, 2018 17:42
|
|
|
|
| # ? Apr 26, 2024 17:47 |
|
|
Signed up to 1 password. Stored new Non-memorised master password in gpg encrypted file. Gpg key expired Gpg refuses to encrypt file Lost master password. All in under 5 minutes. Not one password stored. 
|
|
#
?
Sep 8, 2018 18:52
|
|
|
Horse Clocks posted:Signed up to 1 password.  I like the master password generator, I just regenerated for a few minutes until I found something that stuck with me. My previous best password was less than 150 bits of entropy and I constantly mistyped it. 1Pwd's is a fair bit higher than that and I had it down within a day.
|
|
#
?
Sep 8, 2018 19:16
|
|
|
Horse Clocks posted:Signed up to 1 password. Set your clock back or change the expiration date on your gpg key.
|
|
#
?
Sep 8, 2018 19:45
|
|
|
|
|
#
?
Sep 8, 2018 21:46
|
|
|
PBS posted:
If you were being a purist about entropy you'd have used the first auto-generated password you were given. The one that you liked the look of has slightly less randomness than the first one you were given. This is a philosophical point and probably has no bearing on the guessability of your chosen phrase. Just sayin'.
|
|
#
?
Sep 9, 2018 03:07
|
|
|
apropos man posted:If you were being a purist about entropy you'd have used the first auto-generated password you were given. The one that you liked the look of has slightly less randomness than the first one you were given. If I was being a purest I wouldn't like their generator at all. 1 space-noise generated string for me please!
|
|
#
?
Sep 9, 2018 03:55
|
|
|
Store you're pass word encrypted with gpg then shred then burn the document, grow an orange tree with the ashes Alternately just ensure the password isn't your weakest link by several orders of confidence and memorize the fucker.
|
|
#
?
Sep 9, 2018 04:19
|
|
|
apropos man posted:If you were being a purist about entropy you'd have used the first auto-generated password you were given. The one that you liked the look of has slightly less randomness than the first one you were given. This is something that I have been worrying about "pwgen". I prefer it because it generates memorable passwords, but how much weaker must they be since they are so easy to remember.
|
|
#
?
Sep 9, 2018 11:57
|
|
|
Saukkis posted:This is something that I have been worrying about "pwgen". I prefer it because it generates memorable passwords, but how much weaker must they be since they are so easy to remember. Picking a password you like out of a list theoretically reduces your password strength by a few bits, but only if someone can figure out what you like. But when evaluating a password generator, you just look at how much randomness it uses. Pwgen's pronounceable passwords are worth about 3.4 bits per character for lowercase, and 4 with some capitals and numbers tossed in. So that's less dense than random characters (4.7-6.5 depending on character set), but it's a lot more dense than random words (typically 11-14 bits per word). So make your pwgen password about 50% longer than it would otherwise be and you're good to go. Or aim directly for 50/60/80/100/120 bits depending on level of paranoia and whether the password hash is any good.
|
|
#
?
Sep 9, 2018 13:19
|
|
|
Way to go, veeam
|
|
#
?
Sep 12, 2018 06:54
|
|
|
Potato Salad posted:Way to go, veeam It's always Mongo. Found out the instances on some of the vendor appliances we have weren't set to auth mode a little while back and the application wasn't capable of handling it. Lucky we don't leave our equipment open to the world.
|
|
#
?
Sep 12, 2018 13:43
|
|
|
The master password of your password manager doesn't need as much entropy, because the encryption of the database itself should be providing a lot of resistance against brute-force guessing. The issue with password hashes stolen off the internet is that you can make a billion guesses a second because they're hashed with trivial functions. A keepass database, even with default settings, drops that to a few hundred. (There is an easy option to make it take 1 full second to decrypt, press that button with your slowest device.) Yes it seems weird that the passwords inside the database are way stronger than what's being used to encrypt them. But it does work. As long as it's not completely trivial, I'd worry more about my system being keylogged than a keepass DB being brute force cracked. Also re: google drive syncing, I think the wide difference in people's experiences depend a lot on how often we're changing & adding passwords. My keepass DB gets updated pretty infrequently. I'm not really in any danger of making two changes in quick enough succession to create a version conflict.
|
|
#
?
Sep 12, 2018 13:52
|
|
|
Someone Hijacked MEGA Chrome Extension to Steal Users' Passwords
|
|
#
?
Sep 13, 2018 13:08
|
|
|
Re: KeepAss sync: it supports the scp protocol, even on windows as long as winscp is installed, though I think a plugin is needed? KeepAss can also act as a ssh agent so if your key is in your vault you don't need to log in either.
|
|
#
?
Sep 13, 2018 13:45
|
|
|
Truga posted:Re: KeepAss sync: it supports the scp protocol, even on windows as long as winscp is installed, though I think a plugin is needed? KeepAss can also act as a ssh agent so if your key is in your vault you don't need to log in either. "KeePass", though your version does sound more intriguing.
|
|
#
?
Sep 14, 2018 00:17
|
|
|
I assume that is 
|
|
#
?
Sep 14, 2018 00:45
|
|
|
how dare someone post jokes on my serious internet comedy forums!
|
|
#
?
Sep 14, 2018 00:58
|
|
|
What do y'all think about Wireguard? We're considering replacing some of our GRE+ipsec tunneling at work with Wireguard, we only use it for cross VPC traffic in AWS to support tunneling to a remote VPN endpoint for one of our customers. Right now we're using some VyOS routers to tunnel and encrypt between VPCs (using local AWS routing wont work since the network we're routing doesn't actually exist in AWS).
|
|
#
?
Sep 14, 2018 19:25
|
|
|
I eagerly await the day they finally release a Windows version, so I can actually consider it for serious use. The day after that, I will likely discard it due to having nonexisting/userhostile documentation (as I have heard said so far).
|
|
#
?
Sep 14, 2018 20:03
|
|
|
Eh the docs are fine? I've been using it for about a year, on normal linux and ubiquiti edgeos. Nothing but positive things to say. Previously used OpenVPN fwiw
|
|
#
?
Sep 14, 2018 21:27
|
|
|
I played with it since everyone is praising it like it's the second coming. I used openvpn before as a client. I have absolutely no other experience with VPN servers or clients. It took me 10 minutes to install and configure a server following the first guide i found on the internet. The client (my machine) was even shorter. It works fine, it has good throughput. The tutorial I've read held my hand just fine. Wireguard is fine. Too bad is linux only so far, I hope for a *BSD solution as well. Windows ... meh, who cares.
|
|
#
?
Sep 14, 2018 23:25
|
|
|
I've been using wireguard for a couple of months on my home machines and also deployed it on my Ubiquiti routers with great success. The only issue I could really see people having with it is that it just doesn't hold your hand through setting up routes if you don't use wg-quick but at the same time the providers I've used it with (Mullvad, AzireVPN) provide scripts that will do that for you anyways. Sheep fucked around with this message at 23:41 on Sep 14, 2018 |
|
#
?
Sep 14, 2018 23:37
|
|
|
Volguus posted:Wireguard is fine. Too bad is linux only so far, I hope for a *BSD solution as well. Windows ... meh, who cares. I'd be surprised if the other BSDs don't get a port of it, sooner or later, as well. Sheep posted:The only issue I could really see people having with it is that it just doesn't hold your hand through setting up routes if you don't use wg-quick but at the same time the providers I've used it with (Mullvad, AzireVPN) provide scripts that will do that for you anyways. People might say its the best thing since sliced bread, but personally, I'd wait for the following notice to disappear from their page: wireguard.com homepage posted:WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. The biggest problem with it, once it passes muster as it almost assuredly will, will be the same problem OpenVPN has: Using it requires a client to be installed, whereas L2TP/IPsec is built-in to most operating systems - but that's not the fault of either OpenVPN or Wireguard. BlankSystemDaemon fucked around with this message at 01:03 on Sep 15, 2018 |
|
#
?
Sep 15, 2018 00:39
|
|
|
In my opinion OpenVPN's biggest problem isn't that it requires a client, it's that the configuration is obtuse as all gently caress. IPSec/L2TP being built in is nice but I don't really see 'yum install wireguard' as some sort of hurdle that I actually care about. Edit: I think Wireguard's biggest problem is that the guy was trying to merge in his own crypto suite to the Linux kernel along with the Wireguard code, which was pretty well shot down last time I checked. Sheep fucked around with this message at 01:36 on Sep 15, 2018 |
|
#
?
Sep 15, 2018 01:29
|
|
|
Sheep posted:In my opinion OpenVPN's biggest problem isn't that it requires a client, it's that the configuration is obtuse as all gently caress. https://lwn.net/Articles/761939/ As far as I know people are pretty favorable of the overall plan, even with the new crypto system.
|
|
#
?
Sep 15, 2018 04:04
|
|
|
Does anyone know how secure projecting your screen to another PC is in win 10? I couldn't find any information on how secure the connection is one way or another, so I'm assuming its just a raw video stream or something.
|
|
#
?
Sep 15, 2018 05:55
|
|
|
Dylan16807 posted:https://lwn.net/Articles/761939/ As far as I know people are pretty favorable of the overall plan, even with the new crypto system. I’m not sure this article represents the majority of users of the crypto API in the kernel. There are tons of companies that rely on hardware offload, it’s a pretty important layer that maybe desktop Linux users don’t care about but would have serious implications for hardware manufacturers and embedded software developers.
|
|
#
?
Sep 15, 2018 06:22
|
|
|
RFC2324 posted:Does anyone know how secure projecting your screen to another PC is in win 10? I couldn't find any information on how secure the connection is one way or another, so I'm assuming its just a raw video stream or something. It uses Miracast, which is a direct WPA2-secured wifi connection between the devices -- the router is only used to initiate the link. Inside that it's a plain h.264 video stream.
|
|
#
?
Sep 15, 2018 09:04
|
|
|
Klyith posted:It uses Miracast, which is a direct WPA2-secured wifi connection between the devices -- the router is only used to initiate the link. Inside that it's a plain h.264 video stream. that's actually pretty cool. thanks
|
|
#
?
Sep 15, 2018 10:26
|
|
|
Dylan16807 posted:https://lwn.net/Articles/761939/ As far as I know people are pretty favorable of the overall plan, even with the new crypto system. "Shot down" was probably a poor choice of wording, I just meant that getting it merged in the short term is probably out of the question due to issues such as those raised in this thread. Sheep fucked around with this message at 08:52 on Sep 16, 2018 |
|
#
?
Sep 16, 2018 08:45
|
|
|
It annoys me to no end that Linux still doesn’t support Curve25519. By the time they do, it will already be obsolete, and we’ll be on to NTRU and Bliss and poo poo.
|
|
#
?
Sep 16, 2018 17:05
|
|
|
Double Punctuation posted:It annoys me to no end that Linux still doesn’t support Curve25519. By the time they do, it will already be obsolete, and we’ll be on to NTRU and Bliss and poo poo.
|
|
#
?
Sep 16, 2018 18:46
|
|
|
anthonypants posted:What? We’re rapidly approaching the point where we need algorithms that are secure against quantum computers, which RSA and ECDSA are not. Linux’s IPsec code doesn’t even support the current best-in-class curves, so I doubt they will be ready when that time comes.
|
|
#
?
Sep 16, 2018 19:52
|
|
|
Double Punctuation posted:We’re rapidly approaching the point where we need algorithms that are secure against quantum computers, which RSA and ECDSA are not. Linux’s IPsec code doesn’t even support the current best-in-class curves, so I doubt they will be ready when that time comes.
|
|
#
?
Sep 16, 2018 20:18
|
|
|
anthonypants posted:What are you talking about "Linux doesn't support this advanced cryptographic system that's known to be insecure to quantum computing, which means they'll be equally far behind when we actually need stuff that's hardened against quantum magic." some people take D-Wave's press releases about how they have a 2000 qbit system seriously I guess either that or have a definition of rapidly approaching that includes things that might happen in 4 or 5 years
|
|
#
?
Sep 16, 2018 20:53
|
|
|
Klyith posted:"Linux doesn't support this advanced cryptographic system that's known to be insecure to quantum computing, which means they'll be equally far behind when we actually need stuff that's hardened against quantum magic."
|
|
#
?
Sep 16, 2018 21:16
|
|
|
he probably means the kernel crypto api which only supports the unsafe nist p-192 and p-256 curves for ecdh e: https://github.com/torvalds/linux/blob/master/crypto/ecdh.c#L33 Rufus Ping fucked around with this message at 21:49 on Sep 16, 2018 |
|
#
?
Sep 16, 2018 21:47
|
|
|
Rufus Ping posted:he probably means the kernel crypto api which only supports the unsafe nist p-192 and p-256 curves for ecdh
|
|
#
?
Sep 16, 2018 22:25
|
|
|
|
| # ? Apr 26, 2024 17:47 |
|
|
Rufus Ping posted:he probably means the kernel crypto api which only supports the unsafe nist p-192 and p-256 curves for ecdh drat, I get not supporting every latest curve or whatever but 25519 is 13 years old and the NIST curves are from what, 1996?
|
|
#
?
Sep 17, 2018 22:23
|
|
