2023 Security Check-up Reminder

[Throng of Titans]

Where are the nude pics of the mine craft chick? Is she even worth looking at? I am going to guess fat with funny hair colors and facial piercings.

They are here (NSFW obviously), actually fairly average weight and normal looking.

 

[Biggie Smalls' Taint]

Why does password length and complexity even matter? NONE is going to brute force it! if your password is exposed its complexity doesn't matter.

Shit pisses me off so much. The site asks you to make a 32 character password with uppercase, lowercase, numbers, punctuation, foreign characters, emojis and ancient runes... then they store your password on an unencrypted notepad document. Then you get the same email every time: "Oopsies! We had a breachy-weachy and your data is compromised! Soooowwwyyyy "

I keep my passwords on a little sticky note that I move to a different place in my cubicle daily.

Are you a Deus Ex NPC?

 

[fish king]

You have your Shit Lord identity for Kiwifarms, and shitposting on Twitter, facebook, etc.

Most important of all, DO NOT CROSS THE STREAMS!

Don't even use the same email for Facebook and kiwi farms. Personally I have an email just for kiwi farms.

 

[quackrock]

And then you have some retarded shit for every site that you can't possibly remember unless you're Rain Man and have to use crutches like post-it notes under your keyboard and password managers. These passphrases usually also use more characters so the fact you're getting less entropy per character is outweighed by the fact you're probably using more characters in the first place.

The xkcd cartoon just isn't wrong. Even if the attacker knows you're using exactly this as a technique, it only slightly shortens their time to crack your passphrase, which is probably in the quadrillions of years anyway, especially if you just smush a bunch of dictionaries together into a giant file and generate randomly from that.

I have probably a hundred different accounts in my password manager. Do you think I should use unique passphrases for each of them? The real crutch is password re-use, lowering your overall security because— as you say— you aren't Rain Man and can't remember a hundred different passphrases.

The main advantage of password managers is automating the selection & use of strong, unique passwords. It's true that this creates a single point of failure if someone were to keylog and steal your password vault. That's why physical vault decryption keys like Yubikey are important.

I realize there are also fancy attacks based on reading memory directly to scoop a password manager's master key, once they key has been unlocked with a master password + token. I don't know how common these attacks are in practice. It's also true that offline password storage (a notebook, old tablet, whatever) is immune to such attacks. If your PC has been compromised, though, they'll still get you when you type individual passwords to log in or renew sessions. So that's why it's important to reformat and rotate passwords occasionally.

If they're unique and sufficiently long, I'll concede that English passphrases are still good enough. Just did some back of the napkin math; there are 40,000 English words in common use per Google, so a passphrase of 4 common words (with reuse) has 40,000^4 permutations. At a single-GPU hash rate of maybe 24,000 h/s per Hashcat numbers I Googled, that would take 3 million years to crack with a dictionary attack. Good enough for anyone who isn't targeted by government agencies.

 

[CuzinEd]

They are here (NSFW obviously), actually fairly average weight and normal looking.

Not worthing looking at. Skinny as fuck and has no tits. face is average. Very basic bitch.

 

[mindlessobserver]

Don't even use the same email for Facebook and kiwi farms. Personally I have an email just for kiwi farms.

I was thinking more your Facebook or Twitter sock for posting hot takes rather then one tied to your name. That would be your professional and friend group identity.

 

[Captain Smollett]

Woman moment

 

[AStupidMonkey]

lol @ all the dumbfucks in this thread explaining exactly how they choose/format/store their passwords.

Hope no one has an internet hate-boner for any of you.

 

[Adolphin]

Just write your passwords on paper.

 

[quackrock]

lol @ all the dumbfucks in this thread explaining exactly how they choose/format/store their passwords.

Hope no one has an internet hate-boner for any of you.

The whole point of choosing a smart password scheme is that it doesn't matter if an attacker knows what the scheme is, because it's intrinsically secure. Anything else is security through obscurity.

 

[NoReturn]

Don't even use the same email for Facebook and kiwi farms. Personally I have an email just for kiwi farms.

See, what you need to do is go even further and make a while separate identity just for the farms.
Here's your new face dox: https://thisrentaldoesnotexist.com/img-new/face.jpg
Your apartment: https://thisrentaldoesnotexist.com/img-new/hero.jpg
Your cat: https://thesecatsdonotexist.com/
Your profile information: https://www.fakepersongenerator.com/
Next thing you're gonna want to do is get a time zone calculator and select a region of the world to be from. Then set limits on your computer so you can't accidentally post during the hours you're supposed to be asleep.

 

[Retarded INTP]

Those are some sad fucking nudes

 

[AStupidMonkey]

The whole point of choosing a smart password scheme is that it doesn't matter if an attacker knows what the scheme is, because it's intrinsically secure. Anything else is security through obscurity.

If you literally tell people your scheme, they can eliminate 90% of possible passwords and brute-force you 9-10 times faster.

Funny that you took this personally as if I was singling you out tho. lol But don't let that stop you from re-reading this thread and seeing the shit I'm actually talking about. We are in the company of some real dumb motherfuckers.

 

[Aidan]

I've got the modpack. I'll run it on Linux with strace and see if I can figure out exactly what it tries to do. Assuming it tries to do anything/doesn't just outright crash on Linux.

I've only got Linux and I'm not going to set up a windows VM with GPU passthrough for this.

When I get a chance I will take a look as well.

For the time being I checked all of the jar files using VirusTotal and one of them stood out in both cases.

https://www.virustotal.com/gui/file/d1334291622b0f25e4c0864dfd49e3147f1ed6f9bdd2306c4c3b4f9ed4a93584/details

https://www.virustotal.com/gui/file/fd514f7e2c12b5009b8f2e380e112879a8f7df34a581255a445e6e9acea1aab2/details

The same file in each .zip was modified within the past few weeks and have interesting names from a prior upload. Note how the first submission was submitted shortly after the file was likely last modified, indicating whoever was involved uploaded it while working on it.

 

[Matt Damon]

lol @ all the dumbfucks in this thread explaining exactly how they choose/format/store their passwords.

Hope no one has an internet hate-boner for any of you.

If they have ability to break my password/encryption, learning that I'm using a particular password manager or that I'm using a passphrase of random words or an alphanumeric password is beyond trivial.

 

[biggacracka]

I'm not waddling through 16 pages so I don't know if it was said but I must say, don't use the same speech patterns, idioms, etc. that you use in your day to day life when shitposting online. This is literally how Uncle Ted got caught.

 

[Matt Damon]

I'm not waddling through 16 pages so I don't know if it was said but I must say, don't use the same speech patterns, idioms, etc. that you use in your day to day life when shitposting online. This is literally how Uncle Ted got caught.

Luckily I don't have a cuck brother who's going to narc on me.

 

[AStupidMonkey]

If they have ability to break my password/encryption, learning that I'm using a particular password manager or that I'm using a passphrase of random words or an alphanumeric password is beyond trivial.

Again, nobody's singling you out. But I guess if you think the slipper fits, it's not my job to slap the cock out of your mouth. lol

 

[Shroom King]

This would be a good time to ask this question.

I get a reminder in the email to sign in to my id.me account to keep it from expiring. What is id.me and why should I care?

 

[quackrock]

If you literally tell people your scheme, they can eliminate 90% of possible passwords and brute-force you 9-10 times faster.

At a single-GPU hash rate of maybe 24,000 h/s per Hashcat numbers I Googled, that would take 3 million years to crack with a dictionary attack. Good enough for anyone who isn't targeted by government agencies.

3 million years divided by 10 is 300,000 years. That's for a weaker passphrase scheme.

I make no apologies for retards ITT reusing passwords, though.