-
byteskeptical
-
m-relay
<mcneb10:envs.net> very interesting use of XMR
-
m-relay
<nihilist:m.datura.network> Man my passwords are as high as the website lets me set me, this one is 256 chars long lol
-
m-relay
<nihilist:m.datura.network> Ok thx :)
-
m-relay
<nihilist:m.datura.network> Man my passwords are as high as the website lets me set them, this one is 256 chars long lol
-
m-relay
<nihilist:m.datura.network> But more like why set a low password limit
-
m-relay
<nihilist:m.datura.network> Raise the limit to 128 chars at least
-
m-relay
<ct:xmr.mx> I mean depends on the cryptography used. If the hash is 256 bit, you dont need more then 256 bit entropy. Assuming an average entropy of 6 bit per char, you'll max out the bit depth with 43 chars
-
m-relay
<recanman:kernal.eu> It doesn't matter at that point
-
m-relay
<recanman:kernal.eu> You just want a *high-enough* entropy, and at that point, pretty much no one will guess it unless some cryptography is broken
-
m-relay
<mcneb10:envs.net> it doesnt matter as long they are long enough and you use a different password for each site
-
m-relay
<mcneb10:envs.net> it doesnt matter as long they are long enough, random, and you use a different password for each site
-
m-relay
<recanman:kernal.eu> I guess so, you just want sufficient entropy, and you also want to hope that the service will handle your credentials with care
-
m-relay
<321bob321:monero.social> i rotate mine from 123456 to 654321
-
great_taste
bisq is cooked
-
great_taste
stuck unable to connect... I dont wanna troubleshoot this bullshit
-
m-relay
-
m-relay
<preland:monero.social> That does remind me; has anyone figured out a solution for the “wrench” attack?
-
m-relay
<mcneb10:envs.net> the what?
-
m-relay
<preland:monero.social> (Ie someone can coerce you into giving credentials; perhaps using, say, a 5$ wrench)
-
m-relay
<mcneb10:envs.net> oh yeah
-
m-relay
<mcneb10:envs.net> the only way is to make it so multiple people have to agree to open it i guess
-
m-relay
<mcneb10:envs.net> so multisig wallet
-
m-relay
<preland:monero.social> Hmm
-
m-relay
<preland:monero.social> Wait until you hear about the “wrenches” attack
-
m-relay
<preland:monero.social> I can’t rly think of a good answer
-
m-relay
<mcneb10:envs.net> or the other countermeasure is having a weapon
-
m-relay
<mcneb10:envs.net> or security?
-
m-relay
<mcneb10:envs.net> or store the seed itself in a bank
-
m-relay
<mcneb10:envs.net> and then only take the money out when you go there
-
m-relay
<preland:monero.social> The best one I could think of would be making the credentials time based; ie you’d have to check in routinely or else the password is removed
-
m-relay
<preland:monero.social> Downsides for that are a lot though
-
m-relay
<mcneb10:envs.net> but then they can just come back later
-
m-relay
<preland:monero.social> The idea is that if you set the check-in to 24 hours, you would have to last at least 24 hours without giving the password and then it would be gone
-
m-relay
<preland:monero.social> Downsides are very high, with very little upside unfortunately
-
m-relay
<mcneb10:envs.net> yeah i'd say multisig
-
m-relay
<mcneb10:envs.net> or just good opsec
-
m-relay
<mcneb10:envs.net> thats the only thing that will really protect you
-
m-relay
<mcneb10:envs.net> depends on the threat model