atoponce

atoponce, 1 year ago to random

Did you know the #NSA has its own password, passphrase, and key generator?

For passphrases, instead of using a popular word list like Diceware or EFF, it ships its own.

Do you trust it? 😉

Cc: @schlink

#passwords

https://github.com/nsacyber/RandPassGenerator

atoponce, 1 year ago to random

Just had a server go down. Guess what's to blame? Molex can eat a bag of dicks.

How's your Monday going?

#sysadmin

Photo of a Western Digital RE4 Black hard drive with burn marks from a melted molex connector.
Photo af an Intel 320 series SSD in a drive sled showing extensive burning from the molex connector.

atoponce, 1 year ago to random

I always get a kick out of off-brands in #anime. It's always something I'm looking for.

Here we have a "Macrosoft Winding XO" laptop with a 128-bit DES encrypted password.

Sounds about right.

image/png

atoponce, 1 year ago to random

Solid criticism of #passkeys, specifically how Apple is rolling them out to macOS and iOS users.

TL;DR- passkeys behave like SSH keys, but without the transparency. Further, Apple iCloud can't be trusted to handle them correctly.

#Passwords

https://lapcatsoftware.com/articles/2023/5/1.html

atoponce, 1 year ago to linux

Tired: RAID5/6
Wired: RAIDZ1/2/3
Hired: dRAID1/2/3
Mired: Btrfs

#ZFS #Linux #FreeBSD

atoponce, 1 year ago to random

I just learned that #Wireguard will automatically and correctly clamp any private 32-byte key.

For example:

$ openssl rand -base64 32
tx6Kwv9L17ARq8WOd0M3sjm8gKU8bmdoSeBoGTzyEyY=

Even though the first and last bytes are not properly clamped above, when generating the public key, the wg(8) tool will clamp it. Further, when bringing up the interface, Wireguard will also clamp it.

See https://git.zx2c4.com/wireguard-tools/tree/src/genkey.c and https://git.zx2c4.com/wireguard-linux/tree/drivers/net/wireguard/noise.c (search for "curve25519_clamp_secret")

#cryptography

atoponce, 1 year ago to random

I'll take this further. When was the last time you actually burned a CD or DVD?

https://infosec.exchange/@barsteward/110310436841721673

barsteward, 1 year ago to random

When was the last time you actually used a floppy disk?

atoponce, 1 year ago to linux

Be offended all you want, but it's true.

#GNU #Linux #BSD

atoponce, 1 year ago to random

It's kind of hilarious to me how toxic the word "telemetry" has become. Don't get me wrong, the ad tracking industry has ruined it for everyone. However

Firefox users: Disable telemetry! It's an enemy to your privacy!
Mozilla: We removed a feature no one was using due to a lack of telemetry data.
Firefox users: I use it all the time! Why are you bad at this!

1Password users: I trust AgileBits to safely handle my data.
AgileBits: We added telemetry.
1Password users: Why do you hate my privacy?!

atoponce, 1 year ago to internet

#BlueSky Terms of Service gives Jack a 'perpetual' & 'irrevocable' license to all your content.

#privacy

https://threadreaderapp.com/thread/1651686218319425570.html

atoponce, 1 year ago to linux

@keepassxc allows you to add your own word list for the passphrase generator, such as the #Linux word lists found in /usr/share/dict/

#passwords #KeePassXC

Scerenshot of the passphrase generator in KeePassXC using the "american-english-insane" dictionary. The generated passphrase is "yanan-feeded-hilham-crescentader-coffey-contorno".

atoponce, 1 year ago to linux

Debian 12 "Bookworm" is scheduled to release the day after my birthday.

#Debian #GNU #Linux

https://lists.debian.org/debian-devel-announce/2023/04/msg00007.html

atoponce, 1 year ago to random

Works like a charm. I set the follower count requirement to 5,000,000 and poof!. It's like this for miles and miles of endless scrolling.

https://fosstodon.org/@malwaretech@infosec.exchange/110267927849215057

Screenshot of the second page of https://twitter.com/TuckerCarlson/status/1651376097349578753 Replies by Twitter Blue subscribers with less than 5,000,000 followers are collapsed with the text "This Twitter Blue tweet has been hidden to save your brain cells."
Screenshot of the third page of https://twitter.com/TuckerCarlson/status/1651376097349578753 Replies by Twitter Blue subscribers with less than 5,000,000 followers are collapsed with the text "This Twitter Blue tweet has been hidden to save your brain cells."
Screenshot of the fourth page of https://twitter.com/TuckerCarlson/status/1651376097349578753 Replies by Twitter Blue subscribers with less than 5,000,000 followers are collapsed with the text "This Twitter Blue tweet has been hidden to save your brain cells."

craigmaloney, 1 year ago to random

I really, really, really wish that Ubuntu / Debian could collate all of the "needs attention" changes between local modified files and maintainer files so things don't grind to a halt at odd intervals.

(Note: Not the opportunity to tell me anecdotes or how other distros do it different / better. Just a rant. Nothing more.)

atoponce, 1 year ago to random

If your phone has a Qualcomm chipset, it might be spying on you. Unfortunately, this is happening at the firmware level, beneath iOS and Android.

#privacy

https://www.nitrokey.com/news/2023/smartphones-popular-qualcomm-chip-secretly-share-private-information-us-chip-maker

atoponce, 1 year ago to infosec

Unpopular #passwords #infosec opinion: don't pre-hash bcrypt. It complicates your code and exposes you to foot-guns. Just limit your input to 72 bytes.

https://www.reddit.com/r/cryptography/comments/12zfqua/i_read_that_bcrypt_is_a_slow_enough_hashing/jhs2c0l/

atoponce, 1 year ago to random

PSA: KeePass and KeePassXC are different software applications. Please don't refer to KeePassXC as "KeePass".

GossiTheDog, 1 year ago to random

deleted_by_author

atoponce, 1 year ago to random

For those still on Twitter, you can write 2 simple uBlock Origin config lines to hide all Twitter Blue accounts from your timeline, including promoted ads.

https://twitter.com/netrunnernobody/status/1649863487651303424