Khan

joined 1 year ago
MODERATOR OF
[–] [email protected] 2 points 1 year ago (1 children)

It'll be less secure.

If they hash a subset, then those extra characters are literally irrelevant, since the hash algorithm will exclude them. Like if they just hashed the first 5 characters, then "passw" is the same as "password" and all those permutations. Hashing is safe because it's one-way, but simple testing on the hashing algorithm would reveal certain characters don't matter.

Protecting a smaller subset of characters in addition to the whole password is slightly better but still awful. Cracking the smaller subset will be significantly easier using rainbow tables, and literally gives a hint for the whole password, making a rainbow table attack significantly more efficient. Protecting the whole thing (with no easy hints) is way more secure.

It also adds nothing to keylogging, since it's not even a new code, it's part of the password.

There was a time where that level of security was acceptable, and it still could be ok on a closed system like an ATM, as the other reply to my comment pointed out, but this kind of protection on a standard computer is outdated and adds holes.

[–] [email protected] 2 points 1 year ago

A secondary pin is a bit better but characters from the actual password (that you have to enter anyway) adds nothing to security from that kind of intrusion.

[–] [email protected] 1 points 1 year ago

It's a problem, but a pretty funny one, to me. Mine does the same thing, startup is full rainbow, then it settles.

[–] [email protected] 17 points 1 year ago (7 children)

I have never heard of anything secure doing that. Assuming they have taken security steps, it would mean they recorded those characters in plaintext when you set your password, but that means that at least those characters aren't secure, and a breach means some hacker has a great hint.

When the hashing occurs, it happens using the code you downloaded when you visit the site, so it's your computer that does the hash, and then just the hash is sent onwards, so they can't just pull the letters out of a properly secure password.

A secure company would use two-factor authentication to verify you above and beyond your password, anyway, since a compromised password somewhere else automatically compromises questions about your password.

[–] [email protected] 5 points 1 year ago (2 children)

At least most of that can be turned off in settings somewhere.

Bought a neat closed-loop watercooling cpu heatsink that has a whole dang programmable screen on it if I pay a monthly thing, or solid colors if I don't. defaults to cycling through the rainbow. But it has an off mode, so I'm A-OK with none of that.

[–] [email protected] 3 points 1 year ago

You can go into your account and under two-step, generate a one-time code. Store that code somewhere secure, like a note in your password manager if you trust it with both steps, and you can do it.

Pretty sure Google authenticator will have something equivalent but likely more secure, but haven't used it.

[–] [email protected] 19 points 1 year ago

I'd pass it on to someone younger than you. You didn't benefit, the tradition/luck was upheld, seems like the best answer here.

Morally that makes you all squared up, although legally you still accepted it, so this advice is only good if you know you could get away with accepting money, since this sounds like you visit this guy as part of a job.

[–] [email protected] 4 points 1 year ago

It's not in that same section, but I find pretty much everything but coffee and tea lists the amount near it.

[–] [email protected] 1 points 1 year ago

In my opinion, he's the asshole for pushing. That said, if you've been talking for a year, I think he's just trying to learn more about you and doing it wrong, not that he's got some scam behind the scenes. But whether he's real or not, a friend should respect your boundaries for something like this, it's literally a safety issue, and he's being a bad friend.

If you value this friendship and think this can be a one-time thing, I'd unblock him and give him another chance to leave the address thing alone. If you don't think he's real or don't think he'll leave it alone, leave him blocked, and either way, he's the asshole, not you.

 
 
[–] [email protected] 2 points 1 year ago

Purchase history would just be what apple knows, not your general purchase history.

If you use Apple Pay, for instance, they're the middleman and have to know, and anything you buy on the App Store.

A legitimate reason to share that is a budgeting app. Facebook is taking advantage of that, obviously, but in this instance, I see no fault from apple, here, there's reason to allow an app to get that, so an app can request it, and we can deny it by not getting that app, so fuck Facebook, I'm not downloading it.

[–] [email protected] 4 points 1 year ago

Based on a Google search and the following link, no.

Google defined child porn using the term "sexually explicit conduct", involving a minor, fair enough, gotta look deeper.

Cornell has a legal definition of sexually explicit conduct for us, which basically breaks it into 5 categories, actual sex, bestiality, masturbating, specific kinds of abuse, and displays of various body parts.

https://www.law.cornell.edu/definitions/uscode.php?def_id=18-USC-821371409-1416780790

If this would be CP, it'd have to be some kind of abuse or the display, and I don't think anything Nick aired would count as "masochistic" or "sadistic". The body parts listed are also specific and don't include feet.

So, in the US, it's just really creepy, not CP. the fact we have to delve this deep to determine it's not CP is pretty telling on its own, though.

view more: next ›