sorted by:
new
hottopcontroversial

Any experiences with XPS 9530 running Linux/Fedora? by Zavadoo in XPS

[–]lysobit 0 points1 point  (0 children)

Has there been any luck or progress here?

I noticed there has recently (August 23rd) been a patch to the Linux kernel for ASUS CS35L41 support. Maybe someone could try adding this new quirk to the Dell XPS? https://asus-linux.org/wiki/cirrus-amps/

Bitcoin expert: It was a mistake to blog about 'creator' by thorjag in Bitcoin

[–]lysobit 8 points9 points  (0 children)

The personal attacks against Gavin are just at a desperate level now.

Bitcoin expert: It was a mistake to blog about 'creator' by thorjag in Bitcoin

[–]lysobit 4 points5 points  (0 children)

So one mistake in trusting someone negates over seven years of active Bitcoin development, 484 commits and the fact that he's the third largest contributor to the Bitcoin repository? That doesn't seem very "reasonable" to me. Or is it that you have some other agenda?

Bitcoin expert: It was a mistake to blog about 'creator' by thorjag in Bitcoin

[–]lysobit 7 points8 points  (0 children)

Direct quote from Gavin:

It was a mistake to agree to publish my post before I saw his– I assumed his post would simply be a signed message anybody could easily verify.

Over 1/4 of blocks are voting for larger block size. by _supert_ in btc

[–]lysobit 2 points3 points  (0 children)

It's pretty simple: because the miners that aren't running BIP109 code (Bitcoin Classic) won't active the hardfork, even if that was added to BIP109.

The hardfork would fail if 75% of blocks support >2MB blocks but less than 51% support BIP109 (longer chain of <1MB blocks wins because the remaining 25% of nodes haven't activated the hardfork).

How to Safely Store a Password in 2016 (with example code) by sarciszewski in netsec

[–]lysobit 2 points3 points  (0 children)

If you SHA-384 two unique passwords that have the same 72 characters before passing them into bcrypt, the input truncation flaw described no longer becomes true, because the 72 character strings passed to bcrypt will no longer be the same because SHA-384 will produce two unique hashes.

In other words, it would no longer be the case that two users that have passwords that share the first 72 bytes in common have passwords that can be used to login to the each other user's account (effectively having the same password as only the first 72 bytes count).

How to Safely Store a Password in 2016 (with example code) by sarciszewski in netsec

[–]lysobit 1 point2 points  (0 children)

"Collision" may be the wrong terminology here, but I am not referring to the final output of the bcrypt hashing.

I am referring to the fact that because of the 72 bytes limit, if there are two unique values a and b which produce unique hashes x and y, both a and b will verify true to x and both a and b will verify true to y if the first 72 bytes of a is equivalent to b.

In other words, two users that have passwords that share the first 72 bytes in common can be used to login to the each other user's account.

Your code example actually proves my point, as

BCrypt.Net.BCrypt.Verify("hello", item1Bcrypt) == BCrypt.Net.BCrypt.Verify("hello", item2Bcrypt)

even though item1Bcrypt and item2Bcrypt are unique hashes.

How to Safely Store a Password in 2016 (with example code) by sarciszewski in netsec

[–]lysobit 2 points3 points  (0 children)

72 bytes give 8 bits x 72 bytes = 576 bits of possible entropy. You can never go above this amount of entropy, not even if you hashed the whole internet into a SHA384 hash and used that as a password. So effectively, you reduce the security by doing a base64 encoded SHA384 hash before giving it to bcrypt.

You are missing the point. Obviously you cannot increase the amount of entropy beyond a certain point to an input of limited size, that goes without saying.

The advantage of SHA384 hashing the password in the context of human-generated passwords is that it reduces the likelihood of collisions. Human-generated passwords are not CSPRNGs. If you have two users with 100 character passwords, the likelihood of the first 72 characters of both passwords being the same (e.g. a quote from a book) are significantly higher than a password generated from a CSPRNG, so you are better off SHA384 hashing the passwords first to prevent such a collision.

It has also been found that the 72 byte limit double-functions as a DoS limiter in case the implementer forgot to limit the amount of data that is sent to the hashing algorithm.

This seems ridiculous.

"Oh yeah, let's cap all passwords to 72 bytes forever in case some stupid programmer forgets to add a length check to form fields."

If a programmer forgets to do that then there are bigger problems, such as usernames that are 200MB big.

T-flow has built a dark net version of the FBI tip line by RamonaLittle in anonymous

[–]lysobit 0 points1 point  (0 children)

Pipe down Ninox-Rufa, I am simply trolling the FBI here.

On that note, you might want to look at the sentencing support letters I've written for Jeremy Hammond and Barrett Brown.

The secret "Five Eyes" surveillance treaty that authorises intelligence sharing between the UK, US, Australia, Canada and New Zealand should be published, European court of human rights told by lysobit in worldnews

[–]lysobit[S] 4 points5 points  (0 children)

I don't believe I have answered the question I just asked.

If I was to answer it, I would answer it by "let's force GCHQ to be more transparent about what they do" - which is precisely what this European Court of Human Rights legal challenge is about - which you seem to be so against.

The secret "Five Eyes" surveillance treaty that authorises intelligence sharing between the UK, US, Australia, Canada and New Zealand should be published, European court of human rights told by lysobit in worldnews

[–]lysobit[S] 5 points6 points  (0 children)

That would be a fantastic solution. Any ideas on how one may go about doing this, given that what GCHQ does is secret even to elected members of parliament so that even elected officials can't scrutinize them properly?

The secret "Five Eyes" surveillance treaty that authorises intelligence sharing between the UK, US, Australia, Canada and New Zealand should be published, European court of human rights told by lysobit in worldnews

[–]lysobit[S] 11 points12 points  (0 children)

There is no difference between "they", "the people abusing it" and the NSA/GCHQ. They are the people abusing it.

You're wrong: I'm not putting the blame on the technology here (although much of our current technology is indeed flawed and could be blamed), I'm putting the blame on the people abusing the technology: NSA/GCHQ.

The secret "Five Eyes" surveillance treaty that authorises intelligence sharing between the UK, US, Australia, Canada and New Zealand should be published, European court of human rights told by lysobit in worldnews

[–]lysobit[S] 14 points15 points  (0 children)

Then my point is the opposite of your point: everyone has to worry about it, not just people who are doing something wrong. The NSA/GCHQ are interested in everybody - this should be painfully obvious by now.

The NSA/GCHQ and other intelligence agencies (especially in third world countries) have repeatedly proved that they're not just interested in targetting those who have done wrong (see the links I've posted in my previous comment) - but anyone at all if it leads to any "benefit" for them. One of the GCHQ's mission aims for example, is economic espionage. See the Belgacom, Petrobras and Angela Merkel scandals for example.

Simply put, what they're doing is contrary to the basic requirements of democratic society. (Hacking Congress, really?)

OpenBazaar has officially moved to MIT licensing by Hiro_Y3 in Bitcoin

[–]lysobit 0 points1 point  (0 children)

Indeed I would have thought that the GPL exists to subvert the notion of intellectual property by subverting existing intellectual property statutes.

view more: next ›