2025/04/22

Newest at the top

2025-04-22 04:21:56 +0200 <monochrom> security-by-oblivion :)
2025-04-22 04:21:25 +0200 <EvanR> and I would use this feature on at least 10 websites immediately
2025-04-22 04:21:11 +0200 <monochrom> I'm trying to think of a cute name for that. :)
2025-04-22 04:20:50 +0200 <EvanR> then you also don't have to implement "offboarding" or privacy protection supeona stuff
2025-04-22 04:20:20 +0200 <EvanR> if you get the password wrong 3 times, it deletes your entire account
2025-04-22 04:20:05 +0200 <EvanR> can you implement my preferred online security
2025-04-22 04:19:01 +0200 <monochrom> You are busted as soon as an attacker figures out you're just choosing from well-known literature. That space is so much smaller.
2025-04-22 04:18:30 +0200merijn(~merijn@host-vr.cgnat-g.v4.dfn.nl) (Ping timeout: 260 seconds)
2025-04-22 04:18:12 +0200 <monochrom> The real number of bits is, if you think about it, how much the attacker knows about your choice space. People who think well-known literature is secure are thinking that the attacker figures only random sentences of similar length. To some extent it is true, but also to some extent it's just another securty-by-obscurity.
2025-04-22 04:17:58 +0200inca(~inca@pool-96-255-212-224.washdc.fios.verizon.net)
2025-04-22 04:13:31 +0200merijn(~merijn@host-vr.cgnat-g.v4.dfn.nl) merijn
2025-04-22 04:13:23 +0200 <EvanR> I'd be dumb
2025-04-22 04:13:18 +0200 <EvanR> if I said, you'll never guess my password. It's classic rock lyrics
2025-04-22 04:13:04 +0200zmt00(~zmt00@user/zmt00) (Ping timeout: 260 seconds)
2025-04-22 04:11:30 +0200zmt01(~zmt00@user/zmt00) zmt00
2025-04-22 04:10:42 +0200 <monochrom> Well, both start and length. Still, barely more than 16 bits.
2025-04-22 04:08:11 +0200xff0x(~xff0x@fsb6a9491c.tkyc517.ap.nuro.jp)
2025-04-22 04:06:18 +0200 <EvanR> 16 bits could index into 65k poems + a few bits for the starting position
2025-04-22 04:03:26 +0200amadaluz-(~amadaluzi@host86-129-150-130.range86-129.btcentralplus.com) (Quit: Hi, this is Paul Allen. I'm being called away to London for a few days. Meredith, I'll call you when I get back. Hasta la vista, baby.)
2025-04-22 04:01:47 +0200 <EvanR> how many
2025-04-22 04:01:43 +0200 <EvanR> how bits to designate which chinese poem + where to start
2025-04-22 04:00:38 +0200merijn(~merijn@host-vr.cgnat-g.v4.dfn.nl) (Ping timeout: 268 seconds)
2025-04-22 03:57:27 +0200 <haskellbridge> <Liamzee> per line, so 4 line poem would translate to 128 bit, 8 line 256 bit, but you'd have to understand systems of character input that aren't based on phonetics
2025-04-22 03:56:30 +0200 <haskellbridge> <Liamzee> apparently there have been some papers on the entropy of crlassical chinese poetry, it's often memorable; estimates are like 30-35 bits
2025-04-22 03:55:40 +0200merijn(~merijn@host-vr.cgnat-g.v4.dfn.nl) merijn
2025-04-22 03:54:16 +0200notdabs(~Owner@2600:1700:69cf:9000:887e:630e:324f:f9fb) (Quit: Leaving)
2025-04-22 03:44:51 +0200 <haskellbridge> <Liamzee> the problem is, you'd need to learn cangjie or wubi or some other code-based character input method to actually be able to input such a password efficiently
2025-04-22 03:44:29 +0200merijn(~merijn@host-vr.cgnat-g.v4.dfn.nl) (Ping timeout: 260 seconds)
2025-04-22 03:43:58 +0200 <haskellbridge> <Liamzee> 41 bits of entropy per line?
2025-04-22 03:43:00 +0200 <haskellbridge> <Liamzee> i'm still shocked the chinese haven't gone to diceware with randomly generated tang-dynasties poetry operating as passwords
2025-04-22 03:39:54 +0200merijn(~merijn@host-vr.cgnat-g.v4.dfn.nl) merijn
2025-04-22 03:38:53 +0200 <monochrom> There is actually a Japanese manga that has scene coming close to that. The password requires a pair of twins synchronously read alout a few verses from Ecclesiastes in the Bible.
2025-04-22 03:37:58 +0200 <haskellbridge> <Liamzee> i only have it set up so far that user accounts can be created, an activation e-mail can be sent, and that e-mail contains a link to a key which is checked against a table to turn the account to "activated"
2025-04-22 03:37:21 +0200 <haskellbridge> <Liamzee> by setting up login, i mean having a page and sql backend that can allow user accounts to log in
2025-04-22 03:36:30 +0200 <monochrom> Unless you just mean "how do I make the server allow a book-length password"
2025-04-22 03:35:58 +0200 <monochrom> I don't understand why setting up login requires a translation of a Chinese philosophy text.
2025-04-22 03:31:47 +0200 <EvanR> how about a dose of "before covid" times https://ro-che.info/ccc/9
2025-04-22 03:30:44 +0200 <EvanR> or 莊子
2025-04-22 03:29:45 +0200 <EvanR> 庄子
2025-04-22 03:29:41 +0200 <haskellbridge> <Liamzee> it's more about learning miso, in a low-risk project
2025-04-22 03:27:48 +0200abrar(~abrar@static-96-245-187-163.phlapa.fios.verizon.net)
2025-04-22 03:27:23 +0200abrar_(~abrar@static-96-245-187-163.phlapa.fios.verizon.net) (Ping timeout: 252 seconds)
2025-04-22 03:26:57 +0200merijn(~merijn@host-vr.cgnat-g.v4.dfn.nl) (Ping timeout: 244 seconds)
2025-04-22 03:26:35 +0200 <haskellbridge> <Liamzee> Zhuangzi: Was I a butterfly dreaming that I am Zhuang Zhou, or am I Zhang Zhou dreaming that I am a butterfly?
2025-04-22 03:26:14 +0200 <haskellbridge> <Liamzee> was recently surprised the only free online repo is on ctext.org, using an ancient translation
2025-04-22 03:25:59 +0200 <haskellbridge> <Liamzee> some dead philosopher, fond of jokes, paradox, and contradiction
2025-04-22 03:24:42 +0200harveypwca(~harveypwc@2601:246:d080:f6e0:27d6:8cc7:eca9:c46c)
2025-04-22 03:23:28 +0200 <EvanR> who
2025-04-22 03:22:41 +0200merijn(~merijn@host-vr.cgnat-g.v4.dfn.nl) merijn
2025-04-22 03:22:04 +0200 <haskellbridge> <Liamzee> so, should i finish figuring out how to set up login on my server, or should I play with Miso to set up a Zhuangzi.io host, using the Burt Watson translation?