|
|
| code logs -> 2023 -> Wed, 01 Mar 2023 | < code.20230228.log - code.20230302.log > |
| --- Log opened Wed Mar 01 00:00:33 2023 |
| 00:27 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Ping timeout: 121 seconds] |
| 00:35 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code |
| 00:35 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 01:19 | | gizmore|2 [kvirc@Nightstar-o6mido.dip0.t-ipconnect.de] has joined #code |
| 01:21 | | gizmore [kvirc@Nightstar-5jh4qc.dip0.t-ipconnect.de] has quit [Ping timeout: 121 seconds] |
| 01:39 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Connection closed] |
| 03:27 | <@macdjord> | Alek: That article is based on cracking password hashes; the comic its referencing explicitly says its estimating cracking times based on someone sending guessed passwords to a remote service. |
| 03:29 | <@macdjord> | It is alsow flat out wrong in claiming xkcd ties the security to the number of characters. It assigns each randomly chosen word 11 bits of entropy, i.e. a word selected from a list of ~2048 common words. |
| 03:31 | | Kizor_ [a@Nightstar-nfsqa7.yok.fi] has joined #code |
| 03:34 | | Kizor [a@Nightstar-nfsqa7.yok.fi] has quit [Ping timeout: 121 seconds] |
| 04:09 | | Degi_ [Degi@Nightstar-0ibb6f.pool.telefonica.de] has joined #code |
| 04:11 | | Degi [Degi@Nightstar-phq2j9.pool.telefonica.de] has quit [Ping timeout: 121 seconds] |
| 04:11 | | Degi_ is now known as Degi |
| 04:40 | | Kizor_ [a@Nightstar-nfsqa7.yok.fi] has quit [[NS] Quit: ] |
| 05:10 | | McMartin [mcmartin@Nightstar-n6bm7f.sntcca.sbcglobal.net] has quit [Ping timeout: 121 seconds] |
| 05:27 | | Kizor [a@Nightstar-nfsqa7.yok.fi] has joined #code |
| 05:30 | | McMartin [mcmartin@Nightstar-n6bm7f.sntcca.sbcglobal.net] has joined #code |
| 05:30 | | mode/#code [+ao McMartin McMartin] by ChanServ |
| 10:34 | | Vorntastic [uid293981@Nightstar-phvupn.irccloud.com] has joined #code |
| 10:34 | | mode/#code [+qo Vorntastic Vorntastic] by ChanServ |
| 11:20 | | Emmy [Emmy@Nightstar-qo29c7.fixed.kpn.net] has joined #code |
| 18:05 | | Kindamoody [Kindamoody@Nightstar-pqh9gl.tbcn.telia.com] has quit [Ping timeout: 121 seconds] |
| 18:06 | | Kimo|autojoin [Kindamoody@Nightstar-pqh9gl.tbcn.telia.com] has joined #code |
| 18:06 | | mode/#code [+o Kimo|autojoin] by ChanServ |
| 18:06 | | Kimo|autojoin is now known as Kindamoody |
| 18:34 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code |
| 18:34 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 19:43 | | abudhabi_ [abudhabi@Nightstar-psn2fm.adsl.tpnet.pl] has joined #code |
| 19:47 | | abudhabi__ [abudhabi@Nightstar-47s42p.adsl.tpnet.pl] has quit [Ping timeout: 121 seconds] |
| 20:24 | | Vorntastic [uid293981@Nightstar-phvupn.irccloud.com] has quit [[NS] Quit: Connection closed for inactivity] |
| 21:41 | < FLHerne> | It probably does have a point that human "random" selection isn't random enough |
| 21:45 | < FLHerne> | basing timing estimates on hashing seems reasonable to me - that's probably the main attack surface against non-trivially-stupid passwords, pretty much any service will have enough rate-limiting to protect all but the very weakest |
| 21:45 | < FLHerne> | and people haven't stopped linking correcthorsebatterystaple so evaluating it against 2023's threats makes sense |
| 21:46 | < FLHerne> | my reading is still that the approach is reasonable, given a big enough word list and truly random selection |
| 21:56 | < Mahal> | the point of correct horse battery staple is that people _understand_ it |
| 21:56 | < Mahal> | yes, it may not be entirely technically correct in 2023 but the concept is really clearly laid out |
| 23:11 | | Emmy [Emmy@Nightstar-qo29c7.fixed.kpn.net] has quit [Ping timeout: 121 seconds] |
| --- Log closed Thu Mar 02 00:00:34 2023 |
|
| code logs -> 2023 -> Wed, 01 Mar 2023 | < code.20230228.log - code.20230302.log > |
|
|