Thread: The Technology Vent and Rant Thread
View Single Post
Old 03-12-2025, 12:27 PM   #2658
ratinox
Guru
ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.
 
Posts: 806
Karma: 11053908
Join Date: Oct 2016
Location: Somewhere in Time
Device: Forma, iPad Mini
Quote:
Originally Posted by jbjb View Post
In any sane environment the salts are generated properly randomly, using a high quality source of entropy. Not something that can be reverse engineered, unless you can spy on the source of entropy.
This is past to the edges of my expertise and experience so I'm not going to say yay or nay to the point (I have implemented hash-based auth but that was a very simplistic system for a POP3 client). But given that hardly a day goes by without another major breach being announced, it appears that doing things correctly is the exception, not the rule.

Quote:
It's always just a matter of time, but if that time is many lifetimes of the universe, we're probably OK.
"If". Attacks always get better, and there are no takesies-backsies.
ratinox is offline   Reply With Quote