Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Infosec Thread: Yes, time to move off LastPass
 
  • Post
  • Reply
titaniumone
Jun 10, 2001

DeaconBlues posted:

What you've mentioned there, dougdrums and Antillie, were my concerns about just using a hash. Particularly about the thief knowing about hashing and trying various hash algo's during the brute-force attempt.

From the bits and bobs I have read, PBKDF2 and bcrypt are better than simple hashing because they utilize CPU and RAM more when doing a calculation. So if the attacker's PC is capable of performing a SHA256 hash in 0.001 seconds it might take the same PC 0.1 seconds to perform a PBKDF2 function. When you consider the number of permutations that the attacker has to generate before he/she finds the key that can make a major difference in time. I can only guess, but the difference between using a simple hash and PBKDF2 to find a 20 character password might be a difference of taking a few hours to a few years if each calculation is 100 times slower.

who the gently caress do you think you are that a real concern is someone breaking into your house, stealing poo poo, and then focusing on breaking your encrypted files

get real

* # ¿ Nov 21, 2015 17:17
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 25, 2024 01:10
  • Quote
titaniumone
Jun 10, 2001

Kazinsal posted:

Related to not rolling your own crypto, V8's Math.random() has some gnarly collision issues. Includes a graphical representation of noise generated by Safari's Math.random() vs. noise generated by V8's Math.random(). Patterns are immediately visible in the V8 one, while the Safari one is much more random.

i'm the guy running a betting site relying on random numbers who's too stupid to understand the difference between a random number and a unique identifier.

this is an enormous article to explain his tentative grasp on random numbers and never once touches on why isn't he just using UUIDs of some form.

quote:

ENGINEERING THE DISRUPTION OF
REAL MONEY GAMING.
ah i see it's because he's an imbecile

* # ¿ Nov 21, 2015 17:24
  • Quote
titaniumone
Jun 10, 2001

 CrowdStrike CTF starts tomorrow, if anyone likes that sort of thing

https://mobile.twitter.com/CrowdStrike/status/1348702484731211777

* # ¿ Jan 18, 2021 01:39
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Infosec Thread: Yes, time to move off LastPass