- Joined
- May 17, 2015
Sure but at this point your single-use random password being bruteforced is probably the least of your problems since the database is already out. Still, better to have longer than shorter passwords.
2023 Security Check-up Reminder
- Thread starter Null
- Start date
-
🔧 At about Midnight EST I am going to completely fuck up the site trying to fix something.
McSchlomo
kiwifarms.net
- Joined
- May 26, 2021
Fair enough. I definitely gave up too quickly on making this work. It was a half assed attempt tbh. During this year after I'm done with other RL Shit I want to redo my entire security setup anyway and this will go into that.
Out of curiousity: Why aren't fingerprints more involved in Password creation?
Disclaimer: I didn't look deeply into this, maybe this all exists and everybody but me uses it.
But I'd have thought: I have a fingerprint reader via USB on my PC at home. This fingerprint reader gets used to access passwort vaults or maybe can even be used to create a password (or even multiple via some kind of algorithm?) out of my fingerprints. I could use my middle finger for my Kiwifarms PW and theoretically no one could crack it without access to my hand. I mean, whatever set of data comes out of my fingerprint is going to be harder to crack than even a long sentence (right?). Of course, the reader would have to use a certain set of security mechanisms.
I personally would have thought fingerprints get used more for security even in private settings. Why isn't this the case?
Especially considering nearly every smartphone has a fingerprint reader now. Yet I still log in to most websites even on mobile using a Password.
- Joined
- Sep 28, 2022
unless your adversary controls a google superlab or an NSA research facility, he does not have access to quantum computers. as of now, this technology is about as relevant to the real world as nuclear fusion.
i'm not so sure about these cats, they seem kinda sus tbh
zRayden940
kiwifarms.net
- Joined
- Mar 5, 2019
yea i have been using Nordpass for the last 3 years. Glad i left lastpass before their fallout
- Joined
- Sep 28, 2022
md5 should be fine if you use your own salt, no?
- Joined
- Dec 16, 2019
What people are missing is the pass phrase is memorable.
&_Juh?A2F9XNwEhe@h-89Y3wUPZ%6QW!afADRcXFN89Htj*QtW@44rj7sHw9@sVW may be way better but it is not as easy to memorize.
And with a memorable sentence you could even include it in some essay you wrote that’s in the bottom drawer of your desk and even if someone found it they’d unlikely to know what it is.
You use the pass phrase to protect your password manager and you let the password manager make passwords like the garbage above.
(Sorry if that was your password and you now have to change it).
The other advantage of a assword mangler is that it will NOT paste (and the better ones don’t leave the pwd in clipboard) unless you’re on the right site - accidentally pasting your password is a risk and if you ever do it change it asap. Things like chat tools can log what you pasted even if you never hit post
- Joined
- Nov 14, 2012
Yep... but password managers DON'T, and then you can specify the maximum length and complexity for that app, generate the strongest possible password, and never have to worry about it being re-used anywhere else. If your bank requires you to use symbols numbers and both cases but has a length requirement between 8 and 24 because it was written by Indians, you can very easily specify that in the password generator.
Hence, why password managers are strongly suggested.
Generic Retard
kiwifarms.net
- Joined
- Jan 31, 2021
No, because the algorithm is too easy to compute.
Modern key derivation algorithms are actually rather slow and inefficient. Argon even uses a lot of memory by design, just so you can not easily brute force it with GPUs.
Yes, that is the solution for handling it. I do it too.
But even in Applications like Android device encryption 16 characters is the maximum (I think you can override that with root, but no checkbox for advanced users). Google doesn't give shit I think. They use their Titan chip to keep the secrets, so this will probably never change.
Last edited:
- Joined
- Sep 28, 2022
but wouldn't the sheer size of the problem space prevent people from pre generating md5 solution tables?
like, even if the algorithm is fast, and even if you know the salt used by your target site, computing those salted md5 hashes for all possible passwords up to length X (say, 32 characters) will still take you gorillions of years to do, even if you have access to gigantic computation power (like distribute the workload over a botnet or something like that)
- Joined
- Dec 24, 2019
Jeez that is wild. Something similar happened when some dumbfuck tried to make a Kiwi Discord for Floraverse only for Glip (the lolcow who made Floraverse) to come in and take control after the dumbfuck got a bleeding heart and attempted to play peacemaker between the kiwis and the lolcow. It failed obviously.
Hey @Null should it be a new rule to not make any offsite "groups" or "communities" due to risk of powerleveling and info breeches? Or just let it keep happening to weed out the internet illiterate?
Hey @Null should it be a new rule to not make any offsite "groups" or "communities" due to risk of powerleveling and info breeches? Or just let it keep happening to weed out the internet illiterate?
- Joined
- Dec 16, 2019
you can't stop people doing offsite shit, you can only strongly recommend that they don't, and that others don't get involved, and if they do, practice safe internet hygiene
- Joined
- Sep 14, 2021
extremely good OP and solid advice. however, I also want to add the following: some associations are ultimately compromising no matter what you do (i.e. being linked with kiwifarms will always make you guilty in online tranny circles even if you've never posted), however, that being said - a great way to avoid having your online and/or offline life destroyed by an incidental database compromise or something is to just not do sus shit. don't plot gayops in DMs. don't simp for e-thots. don't chat up minors for nudes. don't be a fucking creep.
you, the one reading this right now. stop it. stop being a fucking creep.
you can opsec and compartmentalize and sanitize all you want but ultimately, the best defense against people finding the skeletons in your closet is to not have any. remember, every time you send some shit like "i showed u my penis pls respond" you're putting a record on an external server that you're a fucking creep, and throwing yourself into the lottery pool to have all your embarassing creep shit dragged out into the cold light of day. go read the last 60 or so pages of the chudbuds thread and look at all those DM records everyone is posting. imagine if that was you. if people posted your DM records, what would they see?
stop being a fucking creep.
you, the one reading this right now. stop it. stop being a fucking creep.
you can opsec and compartmentalize and sanitize all you want but ultimately, the best defense against people finding the skeletons in your closet is to not have any. remember, every time you send some shit like "i showed u my penis pls respond" you're putting a record on an external server that you're a fucking creep, and throwing yourself into the lottery pool to have all your embarassing creep shit dragged out into the cold light of day. go read the last 60 or so pages of the chudbuds thread and look at all those DM records everyone is posting. imagine if that was you. if people posted your DM records, what would they see?
stop being a fucking creep.
Last edited:
- Joined
- May 6, 2020
I have over a hundred passwords in my database, and you know keepass can be used from a usb without having to install anything? lol. Keep using your brains real estate if you want but I'm just saying this problem has been solved years ago, most of the fear over password managers comes from cuck cloud ones getting hacked.
robobobo
kiwifarms.net
- Joined
- Nov 21, 2014
Not winding up on a tranny dox list on twitter isn't hard. Don't use your shitposting username anywhere else. Don't register your normal email address on the shitposting site. Don't be a retard and dox yourself on the shitposting site with personal info. Tah-dah, just like that you've saved yourself from the data leaks, good job! Tracking you down by being autistic with IP logs and ISPs is within reach for a government, but isn't realistically feasible for anyone with fewer resources.
- Joined
- Dec 16, 2019
at the root of it all is not giving a shit about internet stickers.
if you don't care about stickers, you don't care about your "rep" you won't try to use the same username on every damn website to build "reputation" or "karma" or whatever the fuck is out there
also fun fact: https://xkpasswd.net/s/ or similar tool is a great way to generate usernames
- Joined
- Jul 6, 2022
- Joined
- Aug 16, 2020
Enlightening and kinda funny. During my look last night my guess was the same as far as dropping a small payload that then does the dirty work. I'm not familiar with JEI but the authentic jars tended to be a few hundred KB smaller than what was in the chudbuds zips.
At this point I'm casually curious.
There's no reason to use md5 for password hashes after current year.
- Joined
- Dec 1, 2021
We've seen people get identified and doxxed from image exif data, and even embedded colour profiles have been used to connect people to images. If you are going to post an image, make sure to strip out any metadata first and name it something that doesn't link it to you in any way.
A decent password manager is a no-brainer. I pay for mine and it's worth it. Long randomised passwords for everything.
Firefox/DuckDuckGo/UBlock Origin and no Google services on desktop or phone. Youtube login on iPad only under shitlord login details. Containers in Firefox for any social media and all cookies/tracking rejected unless they're from whitelisted sources.
A decent password manager is a no-brainer. I pay for mine and it's worth it. Long randomised passwords for everything.
Firefox/DuckDuckGo/UBlock Origin and no Google services on desktop or phone. Youtube login on iPad only under shitlord login details. Containers in Firefox for any social media and all cookies/tracking rejected unless they're from whitelisted sources.
- Joined
- Jul 4, 2022
Again, missing my fucking point. My point is that despite talking about being "private", they are more than willing to log and hand over information to police that are under the direction of a different country. Yeah, despite it being the Swedish police, it was under the order of France. Whether or not giving information to police who are under the direct order of another country means that the CEO himself lied when he claimed "they won't give information to other Eurpool members" is up to you. Personally, feels pretty mafia-esque.
Likewise, nothing you said addresses my point of ProtonMail actively lying to users to the point that they changed their policy. I don't give a fuck about how null runs his house. How about actually arguing the points I make next time? You know, the whole them misleading users thing?
Attachments
- Joined
- May 28, 2020
It's still ridiculously insecure, can be broken in under 5 seconds because of rainbow tables, and was first broken 18 (yes, 18!) years ago back in 2004.
Never use MD5 for anything you want secured. Ever. In this day and age it's just as bad as sites that store passwords in plaintext.
I'll give you an analogy. Storing passwords in plaintext is like leaving your car doors unlocked forever and hoping no one steals it. Storing them in MD5 is like leaving a spare key under the doormat - it was once a good idea, but isn't now, and anyone who wants to break into your house will probably look there first.
Last edited: