hunter2

joined 1 year ago
[–] [email protected] 1 points 1 year ago

I'm not well versed on the speed of Grover's over classical brute force. According to NIST this is correct! Thanks for the addition.

[–] [email protected] 39 points 1 year ago (2 children)

Quantum computers are nowhere near usable for breaking classical cryptography at the moment, though opinions on how soon it will come vary. As others have said, we have quantum resistant algorithms ready to go, so future encryption is fine.

The greater concern is that a lot of traffic and data encrypted using classical algorithms has been logged or stored in various mediums. An old encrypted drive, or communications stored by nation state actors (the NSA and such). These will be broken, and a lot of past secrets might come out from hiding.

[–] [email protected] 1 points 1 year ago

sadly no longer available to get

[–] [email protected] 3 points 1 year ago (2 children)

It was Ubuntu 8.04 in around 2013. I only did it to get a promotional item for Team Fortress 2 called Tux, a cosmetic item that looks like... Tux. I remember hating the UI/UX and promptly uninstalled it afterwards.

Eventually circled back around to Xubuntu for my low-end hardware and various other distros. Currently daily driving Fedora.

[–] [email protected] 5 points 1 year ago

Sort of. It's a real expression (at least in England :P) meaning a "must-have" book, usually related to some subject/profession. For example, I'd consider Everyday Cryptography by Keith Martin the cryptographer's Bible. Even after going through it all, it's helpful for reference.

[–] [email protected] 2 points 1 year ago

Agree with the points on PGP and other features. I almost made a lengthier reply mentioning the signing issues, which seems appropriate now. It would not be easy, but a successful implementation would definitely need clients to automatically detect and verify signed content, due to the human issues you mention. A problem is obtaining public keys from a trusted source. Maybe it could be attached to profile information with a 2FA requirement to modify it. Just an idea. In this way, verification is not dependent on the user to perform.

[–] [email protected] 5 points 1 year ago

Hashbrowns - McCain is tasteless in comparison

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (2 children)

PGP private keys are harder to steal than JWTs, as they are not generally stored as a long-term cookie but briefly just to sign something. Through XSS (the vulnerability in this case), cookies are relatively easy to steal, but to steal a PGP key would require a more complex script able to steal the key at the time it is loaded in the browser (assuming the signing feature is implemented in the browser). It's a bit more sophisticated, but not totally bulletproof.

[–] [email protected] 15 points 1 year ago* (last edited 1 year ago)

No, the vulnerability was due to a client-side bug in the Lemmy web UI. Mobile apps render content in a different way, and are not vulnerable to this kind of attack (apart from in exceptional circumstances).

Should probably log out and back in still though.

view more: next ›