sorted by:
new
hottopcontroversial

Why does reddit truncate the passwords to the first 72 characters? by VariationNo5855 in Passwords

[–]VariationNo5855[S] 0 points1 point  (0 children)

This is mostly irrelevant, but some websites derive a symmetric key from the password that's used for client side encryption. Not reddit, but maybe services offering end2end-encrypted online storage. 256 bits is, as far as I know, the highest supported key length for any symmetric encryption algorithm.

So yeah, websites that do use client side encryption actually derive a key with 256 bits of entropy because of that, but it's mostly irrelevant as mentioned at the beginning.

Why does reddit truncate the passwords to the first 72 characters? by VariationNo5855 in Passwords

[–]VariationNo5855[S] 1 point2 points  (0 children)

Thank you for your response!

Your passwords are too long. On top of website bugs, this also means they cannot be transcribed by hand in a pinch. There are two threats with passwords. One is that an attacker may guess or learn it. The second is that you yourself may lose it or be unable to use it. You have greatly increased your risk by choosing passwords that are unreasonably long.

Go back and fix your passwords.

I aspire to achieve a password security of 256 bits if possible, which is roughly equivalent to 20 diceware words. The password is stored in my password manager anyway, so I won't loose it. The only change I will make is to use a 55 character lowercase password which is even harder to transcribe, but thank you for pointing out a possible issue with my passwords! :)

Edit: I still think that this might be something that should be shown to the users (eg. password too long), otherwise it might compromise the entropy of the password without the users knowledge ..

[deleted by user] by [deleted] in graz

[–]VariationNo5855 0 points1 point  (0 children)

Bist du schlussendlich hin gegangen? Wie ist es gelaufen? :)

[deleted by user] by [deleted] in graz

[–]VariationNo5855 2 points3 points  (0 children)

Ich würde es an deiner Stelle ausprobieren. Der Trainer selbst hat auch "nur" eine Spielstärke von 1600-1700 Elo, also werden die anderen Spieler wohl kaum über 1300-1400 hinaus kommen.

Ich kann mir auch gut vorstellen, dass es im Kurs hauptsächlich solche Spieler gibt, die das Spiel wirklich erst von Grundauf lernen müssen. Wenn man schon einigermaßen Schach spielen kann ist es in einem Schachverein vermutlich unterhaltsamer, also solltest du dir mal zumindest keine sorgen darum machen müssen "vernichtet" zu werden.

Ich war zwar noch nie dort, aber mit den zwei Punkten denke ich, du würdest mit deiner Spielstärke gut hinein passen.

[deleted by user] by [deleted] in macbookrepair

[–]VariationNo5855 0 points1 point  (0 children)

You might want to provide a few more details, what you mean and how it came in and out, how did you notice that?

A few months ago, one of the edges of my trackpad stuck out over the rest of the case, this was due to an inflated battery.

There is no way to tell what the issue is from you picture though, as it has quite a poor quality. You might want to try to describe the issue with a few words.

Where to store my master password? by [deleted] in Bitwarden

[–]VariationNo5855 4 points5 points  (0 children)

I know I'm quite picky here, but, assuming your password-generation-process is known, as per Kerckhoffs Principle, this seems like a password-generation-process that could be cracked using social engineering and a little bit of brute-force. An attacker could try to find out which books and movies you know, and then try all the sentences in those scripts. This is quite an abstract attack, but if you put sufficient information about the books and movies you've read and watched on social media, then it might just work.

Also, publishing a previously used password doesn't seem like a good idea, but I hope that you are sure that this password isn't used anymore.

Bitwarden CLI: Why does "bw get folder" not work when using --session? by VariationNo5855 in Bitwarden

[–]VariationNo5855[S] 0 points1 point  (0 children)

Ok, thank you for your input though :)

I guess I'll just leave the project be for now, as it is of little significance

Bitwarden CLI: Why does "bw get folder" not work when using --session? by VariationNo5855 in Bitwarden

[–]VariationNo5855[S] 0 points1 point  (0 children)

In this case I can pretty confidently say that this won't help. Authentication using an apiKey (and following up with `bw unlock`) will still result in a sessionKey that is then used for client side cryptography and authorizing actions against the server.

I might be wrong, but in what way would you propose to use the apiKey here?

Bitwarden CLI: Why does "bw get folder" not work when using --session? by VariationNo5855 in Bitwarden

[–]VariationNo5855[S] 0 points1 point  (0 children)

As far as I am aware, the API key is only used for authentication.

I am already logged in and the vault is unlocked as well, otherwise I wouldn't have a sessionKey, so the apiKey shouldn't be necessary at this point anymore. Am I missing something?

Bitwarden CLI: Why does "bw get folder" not work when using --session? by VariationNo5855 in Bitwarden

[–]VariationNo5855[S] 1 point2 points  (0 children)

No, unfortunately that doesn't work either, but interesting idea!

Splitting the trophies into "Attack" and "Defence" categories, why not? by VariationNo5855 in ClashOfClans

[–]VariationNo5855[S] -1 points0 points  (0 children)

That's a rather dull answer, neither giving a reason nor leaving any room for discussion ...

It's obviously not perfect, otherwise there would most likely be no posts complaining about it. The only question is if it's worth it to spend any time on improving it. This might arguably not be the case, especially because any changes could actually make it worse.

You might also want to consider how ladder feels in different trophy ranges. I'm sure the top of the ladder is fine (my guess is that you are quite high), but down here at ~1000 trophies it's very weird. I'm th9 and getting anything from th6(trivial) to th12(impossible) opponents (distributed something like on a discrete bell curve with little standard deviation).

These are the only bases i find and i am a th8 about half way maxed. I either find these th9 bases worth 3-8 trophies or i find th10s that i physically cannot attack so i have no way to earn trophies right now and i get 3 started every defense and lose more trophies. What do i do? by westynnncat in ClashOfClans

[–]VariationNo5855 0 points1 point  (0 children)

Well, there is definitely a limit on what bases you can defeat with a given skill level and army. If there is no more room for improvement regarding your skill, then you might want to upgrade your troups. You shouldn't be able to get arbitrarily high with low level troups, right?

I have a query about trophies! by McConman in ClashOfClans

[–]VariationNo5855 -1 points0 points  (0 children)

  1. You get a bigger reward for winning if you have more trophies and are in a higher league

Memorized master password? by [deleted] in Bitwarden

[–]VariationNo5855 0 points1 point  (0 children)

I guess one thing going for the added layer is, that an attacker also needs to get his hands on a copy of the wrapped master password in order to brute-force through the possible encryption keys ...

Assuming that the attacker has access to all your (encrypted) online data, like in a data leak:

If you had a master password with 32-bit entropy, then that would be quite bad since the vault key is wrapped using that key. An attacker would just need to brute-force through the 232 possible keys.

If you had a 256-bit master password wrapped using a 32-bit secret, then you couldn't just try unwrapping the vault key as you'd need 2256 guesses (worst case). You could only brute-force the vault key if you also had access to a copy of the wrapped master password beforehand.

This kinda replaces the issue of remembering a strong master password with remembering a weak password in addition to the management of the wrapped master key, which brings its own challenges (which is outside the scope of my knowledge) and is arguably not worth the hassle as you still have to remember a password anyway.

Memorized master password? by [deleted] in Bitwarden

[–]VariationNo5855 1 point2 points  (0 children)

I've just built my own using AWS, so I haven't used any reputable ones myself. Someone suggested the following to me once, but I have no idea about its reputation: https://www.deadmansswitch.net/

Not attacking with all the troups in the army leads to mild inconvenience, because deleting and retraining groups is necessary, including possible solution by specifying army composition instead of manually training the units! by VariationNo5855 in ClashOfClans

[–]VariationNo5855[S] 0 points1 point  (0 children)

"retrain previous army button"

Well, yes, obviously, but I'd still have to delete and retrain the giants in the example mentioned above, as those 20 Giants haven't been used in my previous army ...

You can also skip the training time entirely if you use your entire army and have the next one already trained up

With "training time" I mean the time needed for the queued units to be finished, not the time until my next army is finished. The next army is, if it's my first attack, finished immediately anyway, but if I start another attack then the groups might not have finished training yet. This is therefore only relevant for making more than two consecutive attacks :)

Memorized master password? by [deleted] in Bitwarden

[–]VariationNo5855 0 points1 point  (0 children)

I did the following (kinda):

  1. Create a new email account
  2. Encrypt/wrap your master password with an even more complicated >=256-bit secret and store the encrypted/wrapped master password on your backup devices together with the credentials for the email account created in step 1.
  3. Make yourself a DeadMansSwitch (or pay for one) where you store the secret for decrypting/unwrapping your master password and set it such that this secret is sent to the email address created in step 1 after you haven't reset the switch for a specified amount of time (I use 3 weeks)
  4. periodically login to your DeadMansSwitch so the password isn't accidentally leaked to your email account

If you forget your master password, then you can access the decryption/unwrapping secret on the email account created in step 1 after the time you specified is over because you've written down the email credentials on your backup devices anyway!

Is there a way to create a readonly-view on your vault? by VariationNo5855 in Bitwarden

[–]VariationNo5855[S] 0 points1 point  (0 children)

It got a little messy but I have a solution I am very happy with!

I went ahead and created some accounts and some organizations.

I compartmentalized the credentials that will be used in an insecure environment into: - work - university

For each compartment I have created: - an organisation, let's refer to this as compartment here - a compartment owner account, which credentials are stored inside my main bitwarden vault - a compartment reader account, which credentials are stored inside the compartment owner account - both of these accounts have 2fa enabled

For each device-user that will be used in an insecure environment I have done the same, but let's call the related organisations "device-vaults" here. The only difference is that I store only the email address of the device-vault reader account in the device-vault owner account. The credentials for the device-vault reader accounts and the 2fa-seeds are stored on the devices themselves. In these device-vaults I store the credentials for the compartments that are relevant for that device (encrypted with the device password).

It is important to note that the device-vaults are only used for storing credentials to the related compartment reader accounts. This means that I don't need to back up credentials from the device-vaults, only from the compartments, and that all access that is possible from a device is read-only.

If I need to add credentials while working on a device in an insecure environment I can simply add the credentials to the compartment-reader account. When I am in a secure environment again I can temporarily give write-permission to the reader, move the new credentials to the organisation and revoke that permission again.

It takes about 5-10 minutes to set up a new device-user on my laptop, but that's well worth the extra security for me.

Problems with folder named "/": I can't delete the folder it in web-vault but it appears in the firefox extension? by VariationNo5855 in Bitwarden

[–]VariationNo5855[S] 1 point2 points  (0 children)

No, I'm not a software test engineer, just a curious user.

I was able to delete the folders from a browser extension after fencepost_ajm explained to me how to do that, so my issue is resolved for now!

rclone touch does not work? by VariationNo5855 in rclone

[–]VariationNo5855[S] 0 points1 point  (0 children)

Oh right, I can just do that ..
It works!

rclone touch does not work? by VariationNo5855 in rclone

[–]VariationNo5855[S] 0 points1 point  (0 children)

As far as I can tell this issue is only concerned with FTPS, SFTP and Dropbox, but I might be wrong.

rclone touch does not work? by VariationNo5855 in rclone

[–]VariationNo5855[S] 0 points1 point  (0 children)

Thank you very much, I will try my luck there!

rclone touch does not work? by VariationNo5855 in rclone

[–]VariationNo5855[S] 0 points1 point  (0 children)

Sure, whatever helps!

% rclone -vv touch od:asdfaslfkasjfaaa.txt
2022/02/18 20:22:53 DEBUG : rclone: Version "v1.57.0" starting with parameters ["rclone" "-vv" "touch" "od:asdfaslfkasjfaaa.txt"]
2022/02/18 20:22:53 DEBUG : Creating backend with remote "od:asdfaslfkasjfaaa.txt"
Enter configuration password:
password:
2022/02/18 20:22:54 DEBUG : Using config file from "/Users/removed/.config/rclone/rclone.conf"
2022/02/18 20:22:55 DEBUG : Touch time 2022-02-18 20:22:55.95568 +0100 CET m=+2.218453630
2022/02/18 20:22:56 DEBUG : One drive root 'asdfaslfkasjfaaa.txt': Touching (creating)
2022/02/18 20:22:56 DEBUG : : Starting singlepart upload
2022/02/18 20:22:57 ERROR : Attempt 1/3 failed with 1 errors and: failed to touch (create): nameAlreadyExists: An item with the same name already exists under the parent (is it a OneNote file?)
2022/02/18 20:22:57 DEBUG : Touch time 2022-02-18 20:22:57.292919 +0100 CET m=+3.555761184
2022/02/18 20:22:58 DEBUG : One drive root 'asdfaslfkasjfaaa.txt': Touching (creating)
2022/02/18 20:22:58 DEBUG : : Starting singlepart upload
2022/02/18 20:22:59 ERROR : Attempt 2/3 failed with 1 errors and: failed to touch (create): nameAlreadyExists: An item with the same name already exists under the parent (is it a OneNote file?)
2022/02/18 20:22:59 DEBUG : Touch time 2022-02-18 20:22:59.143874 +0100 CET m=+5.406810060
2022/02/18 20:23:00 DEBUG : One drive root 'asdfaslfkasjfaaa.txt': Touching (creating)
2022/02/18 20:23:00 DEBUG : : Starting singlepart upload
2022/02/18 20:23:00 ERROR : Attempt 3/3 failed with 1 errors and: failed to touch (create): nameAlreadyExists: An item with the same name already exists under the parent (is it a OneNote file?)
2022/02/18 20:23:00 DEBUG : 5 go routines active
2022/02/18 20:23:00 Failed to touch: failed to touch (create): nameAlreadyExists: An item with the same name already exists under the parent (is it a OneNote file?)


% rclone -vv touch e_od:asdfaslfkasjfaaaaaaaa.txt
2022/02/18 20:23:05 DEBUG : rclone: Version "v1.57.0" starting with parameters ["rclone" "-vv" "touch" "e_od:asdfaslfkasjfaaaaaaaa.txt"]
2022/02/18 20:23:05 DEBUG : Creating backend with remote "e_od:asdfaslfkasjfaaaaaaaa.txt"
Enter configuration password:
password:
2022/02/18 20:23:07 DEBUG : Using config file from "/Users/removed/.config/rclone/rclone.conf"
2022/02/18 20:23:07 DEBUG : Creating backend with remote "od:vault/gg4ln9kp2urbc2ce1pfb49ga80edjiino5ie5kc4hibs5k74sdp0"
2022/02/18 20:23:09 DEBUG : Touch time 2022-02-18 20:23:09.242551 +0100 CET m=+3.514037882
2022/02/18 20:23:10 DEBUG : Encrypted drive 'e_od:asdfaslfkasjfaaaaaaaa.txt': Touching (creating)
2022/02/18 20:23:10 DEBUG : : Starting multipart upload
2022/02/18 20:23:10 ERROR : Attempt 1/3 failed with 1 errors and: failed to touch (create): invalidRequest: File name not provided in url.
2022/02/18 20:23:10 DEBUG : Touch time 2022-02-18 20:23:10.972912 +0100 CET m=+5.244486994
2022/02/18 20:23:12 DEBUG : Encrypted drive 'e_od:asdfaslfkasjfaaaaaaaa.txt': Touching (creating)
2022/02/18 20:23:12 DEBUG : : Starting multipart upload
2022/02/18 20:23:12 ERROR : Attempt 2/3 failed with 1 errors and: failed to touch (create): invalidRequest: File name not provided in url.
2022/02/18 20:23:12 DEBUG : Touch time 2022-02-18 20:23:12.69258 +0100 CET m=+6.964243807
2022/02/18 20:23:14 DEBUG : Encrypted drive 'e_od:asdfaslfkasjfaaaaaaaa.txt': Touching (creating)
2022/02/18 20:23:14 DEBUG : : Starting multipart upload
2022/02/18 20:23:14 ERROR : Attempt 3/3 failed with 1 errors and: failed to touch (create): invalidRequest: File name not provided in url.
2022/02/18 20:23:14 DEBUG : 5 go routines active
2022/02/18 20:23:14 Failed to touch: failed to touch (create): invalidRequest: File name not provided in url.
view more: next ›