@atoponce@fosstodon.org
@atoponce@fosstodon.org avatar

atoponce

@atoponce@fosstodon.org

MSCSIA, cryptography, security, locksport, Linux, programming, mathematics, amateur radio, Buddhism, running, anime, and bibliophilia.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

atoponce, to random
@atoponce@fosstodon.org avatar

Given Okta's recent troubles with keeping their network secure, I guess I shouldn't be surprised by this blog post.

Still, a company that supposedly markets and sells security services, you would think they would have a better handle on something as rudimentary as password hashing.

TL;DR- Use SHA-2 or SHA-3 to hash passwords.

🤦🏻

https://auth0.com/blog/hashing-passwords-one-way-road-to-security/

atoponce,
@atoponce@fosstodon.org avatar

At least this developer resource advises you NOT to use SHA-1/2/3 and instead points you to bcrypt, scrypt, and Argon2.

https://developer.okta.com/blog/2019/07/29/hashing-techniques-for-password-storage

atoponce, to random
@atoponce@fosstodon.org avatar

While working on my paper (yes, I'm dragging my feet—I just hate editing), I stumbled on the Squares counter-based RNG.

This is a very fast non-cryptographic RNG, but it's extremely sensitive on the key (seed):

> "The key should be an irregular bit pattern with roughly half ones and half zeros."

If you're not careful, you wind up in very non-random territory. IMO, it's as bad as LFSR zero-land.

To be fair, his reference source code does provide key generator code.

https://arxiv.org/abs/2004.06278

atoponce,
@atoponce@fosstodon.org avatar

Good God.

atoponce,
@atoponce@fosstodon.org avatar

@the_Effekt I feel like this can be tremendously simplified, but I haven't figured that out yet.

Not that I should care. It's not my code, but good hell, it's bugging me.

atoponce,
@atoponce@fosstodon.org avatar

@the_Effekt The first value in that nested code is 0x87654321.

Every nibble must be unique. So it starts off incrementing as follows:

0x87654321
0x97654321
0xa7654321
0xb7654321
0xc7654321
0xd7654321
0xe7654321
0xf7654321

Then "h" is reset and "g" increments skipping over "h" as:

0x89654321

And continues, keeping each nibble unique:

0xa9654321
0xb9654321
0xc9654321
0xd9654321
0xe9654321
0xf9654321

Etc.

But when "b" resets, "a" increments by 2 instead of 1.

I feel like I'm getting close.

atoponce, to random
@atoponce@fosstodon.org avatar

TIL GNOME Web, formerly Epiphany Browser, ships WebkitGTK with JavaScriptCore. Yeah, it's not Safari, but it's "close enough".

atoponce, to random
@atoponce@fosstodon.org avatar

Unpopular opinion:

Blogs that don't allow comments aren't blogs. They're newsletters.

atoponce, to chrome
@atoponce@fosstodon.org avatar

Google admits Chrome Incognito mode tracks users — what you need to know

"For those that are fed up with #Chrome and are looking for a more privacy-focused alternative, you might want to consider #Brave or, if you have the technical know-how, #Tor."

Can confirm. Brave is significantly more privacy-focused than any of the other #Chromium alternatives.

https://www.tomsguide.com/news/going-incognito-in-chrome-doesnt-mean-youre-not-being-tracked-now-confirmed-by-google

atoponce,
@atoponce@fosstodon.org avatar

If Brave isn't your cup of tea, Librewolf or Mullvad are solid alternatives.

Unfortunately, #Firefox isn't quite on par with the rest when it comes to focusing on privacy.

https://privacytests.org/

atoponce,
@atoponce@fosstodon.org avatar

@davep Just lags behind the competition when it comes to a battery of privacy checks. Check the linked site and scroll.

Maybe some of those aren't part of your threat model, which is understandable.

atoponce, to web
@atoponce@fosstodon.org avatar

What does HTML stand for? Wrong answers only.

atoponce, to math
@atoponce@fosstodon.org avatar

Stay in school kids.

atoponce, to Utah
@atoponce@fosstodon.org avatar

I've followed these spear campaigns against municipal broadband since 2005 when started laying out their fiber to cities in .

Now that I work for one of the ISPs on the UTOPIA fiber network, I have an even closer view of what Big Telecom is doing to undermine communities rolling out their own public fiber infrastructure.

"Covert" and "sleazy" is only a fraction of the terms I would use.

https://www.techdirt.com/2024/01/18/telecom-monopolies-are-once-again-funding-covert-sleazy-local-attacks-on-community-broadband-networks/

evan, (edited ) to random
@evan@cosocial.ca avatar

How many browser windows do you usually have open?

#EvanPoll #poll

atoponce,
@atoponce@fosstodon.org avatar

@evan Assuming you mean tabs, I keep 11 pinned 24/7. The rest are opened as needed.

atoponce, to random
@atoponce@fosstodon.org avatar

When incrementing and decrementing a variable, you can do var++ and var-- in many languages.

Am I the only one that wants to skip "int var=3; var++" and instead just go straight to "3++", or "3--"?

Heh.

atoponce, to random
@atoponce@fosstodon.org avatar

Tomato, tomato.
Potato, potato.
Sudo, sudo.

(You pronounced each of those differently, didn't you?)

atoponce, to random
@atoponce@fosstodon.org avatar

What did Master Yoda say when he saw himself in 4K?

HDMI.

atoponce, to random
@atoponce@fosstodon.org avatar

Debian developer discussion on the OpenPGP schism.

https://lists.debian.org/debian-devel/2023/12/msg00078.html

atoponce, to macos
@atoponce@fosstodon.org avatar

For those with an updated on modern hardware, I'm interested in the performance of /dev/urandom. If someone could do:

$ dd if=/dev/urandom bs=1M count=1000 of=/dev/null

and report back the performance, that would be awesome.

For example, on my ThinkPad t480s with Debian, I get the ~450 MBps:

$ dd if=/dev/urandom bs=1M count=1000 of=/dev/null
1000+0 records in
1000+0 records out
1048576000 bytes (1.0 GB, 1000 MiB) copied, 2.31313 s, 453 MB/s

Just curious.

atoponce, to random
@atoponce@fosstodon.org avatar

You've heard of Pop Tarts, but why aren't there any Mom Tarts?

Because of the pastryarchy.

atoponce, to random
@atoponce@fosstodon.org avatar

Can I go to bed now?

atoponce, to random
@atoponce@fosstodon.org avatar

no-dice: Generate random numbers with strictly a pencil and paper by drawing simple curves and counting the number of intersections in the curve.

Obviously, it's not secure, but it's a creative way to get a quick unbiased random number without too much trouble.

Of course you could manipulate it, so it requires you to be honest about not paying attention to your curve or intersections, and just drawing freely.

Just don't get too crowded or it can be difficult to count.

https://github.com/schollz/no-dice

atoponce, to linux
@atoponce@fosstodon.org avatar

2024 is the year of the Desktop. Checkmate losers.

https://www.tomshardware.com/monitors/linux-is-the-only-os-to-support-diagonal-pc-monitor-mode-dev-champions-the-case-for-22-degree-rotation-computing

atoponce, to linux
@atoponce@fosstodon.org avatar

There are two types of people.

#gnu #linux #unx #bsd

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • mdbf
  • ngwrru68w68
  • tester
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • JUstTest
  • tacticalgear
  • osvaldo12
  • normalnudes
  • cubers
  • cisconetworking
  • everett
  • GTA5RPClips
  • ethstaker
  • Leos
  • provamag3
  • anitta
  • modclub
  • lostlight
  • All magazines
    •