Newest at the top
2025-04-22 04:21:56 +0200 | <monochrom> | security-by-oblivion :) |
2025-04-22 04:21:25 +0200 | <EvanR> | and I would use this feature on at least 10 websites immediately |
2025-04-22 04:21:11 +0200 | <monochrom> | I'm trying to think of a cute name for that. :) |
2025-04-22 04:20:50 +0200 | <EvanR> | then you also don't have to implement "offboarding" or privacy protection supeona stuff |
2025-04-22 04:20:20 +0200 | <EvanR> | if you get the password wrong 3 times, it deletes your entire account |
2025-04-22 04:20:05 +0200 | <EvanR> | can you implement my preferred online security |
2025-04-22 04:19:01 +0200 | <monochrom> | You are busted as soon as an attacker figures out you're just choosing from well-known literature. That space is so much smaller. |
2025-04-22 04:18:30 +0200 | merijn | (~merijn@host-vr.cgnat-g.v4.dfn.nl) (Ping timeout: 260 seconds) |
2025-04-22 04:18:12 +0200 | <monochrom> | The real number of bits is, if you think about it, how much the attacker knows about your choice space. People who think well-known literature is secure are thinking that the attacker figures only random sentences of similar length. To some extent it is true, but also to some extent it's just another securty-by-obscurity. |
2025-04-22 04:17:58 +0200 | inca | (~inca@pool-96-255-212-224.washdc.fios.verizon.net) |
2025-04-22 04:13:31 +0200 | merijn | (~merijn@host-vr.cgnat-g.v4.dfn.nl) merijn |
2025-04-22 04:13:23 +0200 | <EvanR> | I'd be dumb |
2025-04-22 04:13:18 +0200 | <EvanR> | if I said, you'll never guess my password. It's classic rock lyrics |
2025-04-22 04:13:04 +0200 | zmt00 | (~zmt00@user/zmt00) (Ping timeout: 260 seconds) |
2025-04-22 04:11:30 +0200 | zmt01 | (~zmt00@user/zmt00) zmt00 |
2025-04-22 04:10:42 +0200 | <monochrom> | Well, both start and length. Still, barely more than 16 bits. |
2025-04-22 04:08:11 +0200 | xff0x | (~xff0x@fsb6a9491c.tkyc517.ap.nuro.jp) |
2025-04-22 04:06:18 +0200 | <EvanR> | 16 bits could index into 65k poems + a few bits for the starting position |
2025-04-22 04:03:26 +0200 | amadaluz- | (~amadaluzi@host86-129-150-130.range86-129.btcentralplus.com) (Quit: Hi, this is Paul Allen. I'm being called away to London for a few days. Meredith, I'll call you when I get back. Hasta la vista, baby.) |
2025-04-22 04:01:47 +0200 | <EvanR> | how many |
2025-04-22 04:01:43 +0200 | <EvanR> | how bits to designate which chinese poem + where to start |
2025-04-22 04:00:38 +0200 | merijn | (~merijn@host-vr.cgnat-g.v4.dfn.nl) (Ping timeout: 268 seconds) |
2025-04-22 03:57:27 +0200 | <haskellbridge> | <Liamzee> per line, so 4 line poem would translate to 128 bit, 8 line 256 bit, but you'd have to understand systems of character input that aren't based on phonetics |
2025-04-22 03:56:30 +0200 | <haskellbridge> | <Liamzee> apparently there have been some papers on the entropy of crlassical chinese poetry, it's often memorable; estimates are like 30-35 bits |
2025-04-22 03:55:40 +0200 | merijn | (~merijn@host-vr.cgnat-g.v4.dfn.nl) merijn |
2025-04-22 03:54:16 +0200 | notdabs | (~Owner@2600:1700:69cf:9000:887e:630e:324f:f9fb) (Quit: Leaving) |
2025-04-22 03:44:51 +0200 | <haskellbridge> | <Liamzee> the problem is, you'd need to learn cangjie or wubi or some other code-based character input method to actually be able to input such a password efficiently |
2025-04-22 03:44:29 +0200 | merijn | (~merijn@host-vr.cgnat-g.v4.dfn.nl) (Ping timeout: 260 seconds) |
2025-04-22 03:43:58 +0200 | <haskellbridge> | <Liamzee> 41 bits of entropy per line? |
2025-04-22 03:43:00 +0200 | <haskellbridge> | <Liamzee> i'm still shocked the chinese haven't gone to diceware with randomly generated tang-dynasties poetry operating as passwords |
2025-04-22 03:39:54 +0200 | merijn | (~merijn@host-vr.cgnat-g.v4.dfn.nl) merijn |
2025-04-22 03:38:53 +0200 | <monochrom> | There is actually a Japanese manga that has scene coming close to that. The password requires a pair of twins synchronously read alout a few verses from Ecclesiastes in the Bible. |
2025-04-22 03:37:58 +0200 | <haskellbridge> | <Liamzee> i only have it set up so far that user accounts can be created, an activation e-mail can be sent, and that e-mail contains a link to a key which is checked against a table to turn the account to "activated" |
2025-04-22 03:37:21 +0200 | <haskellbridge> | <Liamzee> by setting up login, i mean having a page and sql backend that can allow user accounts to log in |
2025-04-22 03:36:30 +0200 | <monochrom> | Unless you just mean "how do I make the server allow a book-length password" |
2025-04-22 03:35:58 +0200 | <monochrom> | I don't understand why setting up login requires a translation of a Chinese philosophy text. |
2025-04-22 03:31:47 +0200 | <EvanR> | how about a dose of "before covid" times https://ro-che.info/ccc/9 |
2025-04-22 03:30:44 +0200 | <EvanR> | or 莊子 |
2025-04-22 03:29:45 +0200 | <EvanR> | 庄子 |
2025-04-22 03:29:41 +0200 | <haskellbridge> | <Liamzee> it's more about learning miso, in a low-risk project |
2025-04-22 03:27:48 +0200 | abrar | (~abrar@static-96-245-187-163.phlapa.fios.verizon.net) |
2025-04-22 03:27:23 +0200 | abrar_ | (~abrar@static-96-245-187-163.phlapa.fios.verizon.net) (Ping timeout: 252 seconds) |
2025-04-22 03:26:57 +0200 | merijn | (~merijn@host-vr.cgnat-g.v4.dfn.nl) (Ping timeout: 244 seconds) |
2025-04-22 03:26:35 +0200 | <haskellbridge> | <Liamzee> Zhuangzi: Was I a butterfly dreaming that I am Zhuang Zhou, or am I Zhang Zhou dreaming that I am a butterfly? |
2025-04-22 03:26:14 +0200 | <haskellbridge> | <Liamzee> was recently surprised the only free online repo is on ctext.org, using an ancient translation |
2025-04-22 03:25:59 +0200 | <haskellbridge> | <Liamzee> some dead philosopher, fond of jokes, paradox, and contradiction |
2025-04-22 03:24:42 +0200 | harveypwca | (~harveypwc@2601:246:d080:f6e0:27d6:8cc7:eca9:c46c) |
2025-04-22 03:23:28 +0200 | <EvanR> | who |
2025-04-22 03:22:41 +0200 | merijn | (~merijn@host-vr.cgnat-g.v4.dfn.nl) merijn |
2025-04-22 03:22:04 +0200 | <haskellbridge> | <Liamzee> so, should i finish figuring out how to set up login on my server, or should I play with Miso to set up a Zhuangzi.io host, using the Burt Watson translation? |