~=8 Character Passwords Are Dead=~
New benchmark from the Hashcat Team shows a 2080Ti GPU passing 100 Billion password guesses per second (NTLM hash).
This means that the entire keyspace, or every possible combination of:
...of an 8 character password can be guessed in:
(8x 2080Ti GPUs against NTLM Windows hash)
@federicomena The Unix philosophy:
- Let's use text to communicate over pipes!
- Okay, not great, but at least we can use UTF-8
- Nope, ASCII only because we can't negotiate encoding across receivers
- Well, can we at least make it machine readable?
- Nope: free-form, human readable, and can only be parsed by regular expressions
I guess the way of thinking about crashes/bugs has changed.
It used to be, garbage in, garbage out. "Sure, it crashed because you gave it a corrupted file; don't do that".
Then it was about making software robust. "Let's try not to crash with corrupted files".
Then it was about making software secure. "Files may actually be malicious, from the internet".
People these days basically make it a sport of finding vulnerabilities based on random memory safety bugs.
At first sight this sounds like a terrible idea, but in fact there's peer reviewed research on measuring the security-usability tradeoff in correcting password typos, and it turns out it makes a lot of sense to do this. https://www.cs.cornell.edu/~rahul/papers/pwtypos.pdf
Screenshot HT @amunchbach
me writing programming tools: we need to make it easier to code! liberate the code! make it accessible to all!
me debugging someone else's code: you should need to train for 10 years before you can even touch a text editor, and we need a central guild body that randomly audits members, and if your code quality is bad enough you are immediately executed
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!