| Topic List |
Page List:
1 |
|---|---|
|
Yellow 09/14/22 12:30:17 AM #1: |
So I was looking up how modern conventions remember passwords. ASP.NET, probably the single most popular database framework, stores a PBKDF2 hash of the password. That's a hash of a password. PBKDF2 was handily cracked by GPU attacks and ASIC attacks. Storing hashes of a password might as well be storing it as plaintext. Rainbow tables exist. We need to rely on TPM, isolated lockout mechanisms, and stop re-inventing the hash function. No matter how clever you make it, it's a simple matter of "what system resources does it take for you to realistically attempt to decrypt", and "how many resources are you willing to allocate". Your attacker is willing to allocate 30,000 times more than that. ... Copied to Clipboard!
|
|
Krazy_Kirby 09/14/22 1:56:43 AM #2: |
just remember it --- Kill From The Shadows. https://en.m.wikipedia.org/wiki/Idiot ... Copied to Clipboard!
|
|
hera 09/14/22 3:21:10 AM #3: |
cool --- send you my love on a wire ... Copied to Clipboard!
|
|
SoreChasm 09/14/22 4:46:22 AM #4: |
oh man it's gonna be so epic when I have that put on my tombstone --- Never be afraid to show your emotions, even if they're fake. ... Copied to Clipboard!
|
|
Lokarin 09/14/22 5:35:00 AM #5: |
salt and hash --- "Salt cures Everything!" My YouTube: https://www.youtube.com/user/Nirakolov/videos ... Copied to Clipboard!
|
|
MrAntisocial 09/14/22 12:01:57 PM #6: |
Lokarin posted... salt and hash But hackers have rainbow tables for every salt! /s --- Free Will Vill ... Copied to Clipboard!
|
|
Dikitain 09/14/22 12:49:00 PM #7: |
Yellow posted... ASP.NET, probably the single most popular database framework https://www.statista.com/statistics/809750/worldwide-popularity-ranking-database-management-systems/ wut? --- My bookshelf: https://www.goodreads.com/review/list/152760030 Comics: https://leagueofcomicgeeks.com/profile/dikitain ... Copied to Clipboard!
|
|
Johnny_Eagle 09/14/22 12:49:29 PM #8: |
Krazy_Kirby posted... just remember it So just remember every single password for everything I sign up for ever? >_> --- "Life's a game. It's meant to be played." "Amateurs built the Ark. Professionals built the Titanic." ... Copied to Clipboard!
|
|
Yellow 09/14/22 2:32:19 PM #9: |
MrAntisocial posted... But hackers have rainbow tables for every salt! /sOk, so then you can just run it on a GPU (PBKDF2 is cracked via GPU) It doesn't take as long as you think to crack a password up to 12 characters in length via any hash, just because A) People want to use short passwords, and B) servers don't want to allocate too much resources into it People think they can have their cake and eat it too. TPM/isolated lockout mechanisms or go home. ... Copied to Clipboard!
|
|
Veedrock- 09/14/22 3:16:32 PM #10: |
TC really wants us to think he's important enough to hack. --- My friends call me Vee. I'm not your friend, buddy. ... Copied to Clipboard!
|
|
Yellow 09/14/22 3:28:23 PM #11: |
Veedrock- posted... TC really wants us to think he's important enough to hack.I've written WebGL shaders designed to crack partial keys, but ok, I really don't know how to boot up Kali Linux and run a script, can you show me? That's true, I never learned how to hack because it only ever amounts to stealing things. ... Copied to Clipboard!
|
|
Dikitain 09/14/22 4:06:23 PM #12: |
Fun fact: Hacking is basically just quality assurance done for "devious" means. There is nothing really fancy or "cool" about it. --- My bookshelf: https://www.goodreads.com/review/list/152760030 Comics: https://leagueofcomicgeeks.com/profile/dikitain ... Copied to Clipboard!
|
|
MrAntisocial 09/14/22 4:12:43 PM #13: |
Yellow posted... Ok, so then you can just run it on a GPU (PBKDF2 is cracked via GPU) So it's entirely pointless to use argon2id and follow current owasp recommendations regarding passwords (not nist, which still recommends pbkdf2)? --- Free Will Vill ... Copied to Clipboard!
|
|
Judgmenl 09/14/22 4:21:49 PM #14: |
Literally had a coworker implement passwords as plain text recently. That guy should not be allowed anywhere near anything again. Dikitain posted... wut?.NET people are extremely delusional. Almost as delusional as Java people. --- Whenever someone sings fansa and they don't input their name instead of mona at the mona-beam part I'm like "Are you even a real aidoru?". ... Copied to Clipboard!
|
|
Yellow 09/14/22 5:31:48 PM #15: |
Judgmenl posted... .NET people are extremely delusional. Almost as delusional as Java people.Look, I mixed up my stats, I'm not delusional, hahahahahahahah I know it's up there. Anyway, I'm not as delusional as people who hate .NET, which runs at the same speed as C++ with JIT, and has been open source for 6 years. MrAntisocial posted... So it's entirely pointless to use argon2id and follow current owasp recommendations regarding passwords (not nist, which still recommends pbkdf2)?I'm not claiming to have more authority over the standards, but also I think the standards are weak. If it's the industry standard what are you going to do about it? I think KDF involving TPM modules is going to be the standard soon. ... Copied to Clipboard!
|
|
MrAntisocial 09/14/22 5:52:03 PM #16: |
Judgmenl posted... .NET people are extremely delusional. Almost as delusional as Java people. Entity Framework is incredibly popular among .net developers. Not sure if it's the most popular, but it's probably up there. Yellow posted... I'm not claiming to have more authority over the standards, but also I think the standards are weak. If it's the industry standard what are you going to do about it? I'll agree that the nist standards are weak. Owasp is a lot more up to date and is a lot more secure --- Free Will Vill ... Copied to Clipboard!
|
|
SoreChasm 09/14/22 5:53:24 PM #17: |
Dikitain posted... Fun fact: Hacking is basically just quality assurance done for "devious" means. There is nothing really fancy or "cool" about it.Okay, so picture a guy in a hoodie wearing sunglasses and using two keyboards at the same time to hack into the mainframe. That's like the pinnacle of cool. --- Never be afraid to show your emotions, even if they're fake. ... Copied to Clipboard!
|
| Topic List |
Page List:
1 |