atoponce

atoponce, 5 months ago to random

I see variants of this question come up a lot:

"If a website allows for 100+ character passwords, and you're using a password manager, why not take advantage of it and just auto-fill?"

Because anything past 72-80 bits security doesn't provide any practical security benefit. This is 13-16 character #passwords and 6-8 word passphrases.

If the service provider is storing your password in plain text, length doesn't matter. If it's hashed, no GPU cracking rig will find it.

https://www.reddit.com/user/atoponce/comments/186u5li/password_length_recommendations/

atoponce, 5 months ago to random

Without disassembly, there are 43,252,003,274,489,856,000 unique permutations in a 3×3 Rubik's Cube. If sufficiently shuffled, that provides ~65 bits security.

Which means recording the colors of each of the 6 faces after two sufficient shuffles is enough to provide at least 128 bits security.

https://en.wikipedia.org/wiki/Rubik's_Cube#Permutations

A shuffled 4×4 cube has ~152 bits security.

https://en.wikipedia.org/wiki/Rubik's_Revenge#Permutations

A shuffled 5×5 cube has ~247 bits security.

https://en.wikipedia.org/wiki/Professor%27s_Cube#Permutations

#cryptography

atoponce, 5 months ago to random

I've been screaming this for years. Service providers that provide authentication should do these two things at a minimum:

1. Require at least 12 characters.
2. Use ZXCVBN to estimate password strength and require a score of 4.

Interestingly enough, if you do those two things, you don't need stupid password complexity requirements, and you don't need a blacklist, as 12+ characters with a ZXCVBN score of 4 won't show up in password database breaches.

https://www.cc.gatech.edu/news/largest-study-its-kind-shows-outdated-password-practices-are-widespread

#passwords

atoponce, 5 months ago to random

No.

atoponce, 5 months ago to linux

Optimist: the glass is half full

Pessimist: the glass is half empty

#Linux user: water is bloat

atoponce, 5 months ago to random

When VPN providers claim they keep anonymized logs only.

atoponce, 6 months ago to linux

You're familiar with the sudo(8) command, but did you know it had a logo? Did you further know that it's a sandwich?

#gnu #linux #bsd #unix

https://www.sudo.ws/about/logo/

atoponce, 6 months ago to AeroPress

The U.S. patent for the #AeroPress expires June 1, 2027. A little more than 3½ years.

That may partially explain why they are flooding the market with designs and accessories. The more they can get ahead of the curve with the brand, the better off they'll be against competitors.

I'll be curious to see what other #coffee manufacturers do with the design, such as Hario or Fellow however.

https://patents.google.com/patent/US7849784B2/

atoponce, 6 months ago to random

Big news on the #ZFS front. RAIDZ expansion has been merged.

"This feature will be available in the OpenZFS 2.3 release, which is probably about a year out."

https://github.com/openzfs/zfs/pull/15022

atoponce, 6 months ago to random

As a native English speaker living in a country where English is the official and primary language, I am naive to #password generators in other countries and languages.

In those in countries where English is not the official primary language, what characters are used when generating #passwords?

For example in English, the 94 graphical ASCII characters are used in every password generator I've seen for English speakers.

Note: I'm not interested in passphrases built from word lists.

nono2357, 6 months ago to quantumcomputing

Unlikely, but waiting for the details...
#cryptography #RSA #quantumcomputing

atoponce, 6 months ago to opensource

Trying to figure out if this is satire.

#opensource #programming

atoponce, 6 months ago to programming

Fixing a bug in production.

#programming #sysadmin

Video of a seated swing amusement park ride in operation. An engineer is wearing a hard hat underneath the ride as it swings literally inches above his head. He's watching the powerful wheel that powers the ride spinning back and forth.

atoponce, 6 months ago to random

This is my first time having a Bud Light. I've only ever drank locally brewed specialty craft beer.

I'm not saying this to brag, but rather surprised on its lack of taste. I'm used to crisp, malt, hop, fruit, etc. flavors. But drinking this, I'm honestly shocked at how flat it tastes.

I guess I shouldn't be surprised. I've heard that Bud Light, Coors, Corona, etc. are shit beers. But I had the opportunity to have either a free Bud Light or Coors, so I gave it a go.

I'll stick with craft.

atoponce, 6 months ago to random

> 65536 - wordList.length
< 925

Damn. So close.

atoponce, 6 months ago to random

Starting November 7, 2023, Dashlane Free users will only be able to store up to 25 passwords. Otherwise, they will need to pay $60/year for a premium subscription.

#passwords

atoponce, 6 months ago to GNOME

Regarding the #GNOME Foundation hiring a professional shaman as executive director.

Spiritual beliefs are personal. Whatever. This really shouldn't be the headline.

Instead, what is more concerning for me is her complete lack of technical executive experience.

Don't get me wrong. She doesn't need programming or sysadmin experience. But she should have experience understanding how to lead such an organization.

That's what seems to be glaringly missing. Can just anyone be executive director?