02:59:34 <byteskeptical> https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html
04:33:05 <m-relay> <m​cneb10:envs.net> very interesting use of XMR
05:03:14 <m-relay> <n​ihilist:m.datura.network> Man my passwords are as high as the website lets me set me, this one is 256 chars long lol
05:03:32 <m-relay> <n​ihilist:m.datura.network> Ok thx :)
05:04:50 <m-relay> <n​ihilist:m.datura.network> Man my passwords are as high as the website lets me set them, this one is 256 chars long lol
05:12:48 <m-relay> <n​ihilist:m.datura.network> But more like why set a low password limit
05:13:00 <m-relay> <n​ihilist:m.datura.network> Raise the limit to 128 chars at least
05:16:26 <m-relay> <c​t:xmr.mx> I mean depends on the cryptography used. If the hash is 256 bit, you dont need more then 256 bit entropy. Assuming an average entropy of 6 bit per char, you'll max out the bit depth with 43 chars
05:16:37 <m-relay> <r​ecanman:kernal.eu> It doesn't matter at that point
05:17:57 <m-relay> <r​ecanman:kernal.eu> You just want a *high-enough* entropy, and at that point, pretty much no one will guess it unless some cryptography is broken
05:25:30 <m-relay> <m​cneb10:envs.net> it doesnt matter as long they are long enough and you use a different password for each site
05:25:41 <m-relay> <m​cneb10:envs.net> it doesnt matter as long they are long enough, random, and you use a different password for each site
05:26:19 <m-relay> <r​ecanman:kernal.eu> I guess so, you just want sufficient entropy, and you also want to hope that the service will handle your credentials with care
06:44:09 <m-relay> <3​21bob321:monero.social> i rotate mine from 123456 to 654321
20:52:29 <great_taste> bisq is cooked
21:02:34 <great_taste> stuck unable to connect... I dont wanna troubleshoot this bullshit
22:12:42 <m-relay> <p​ascoalpsjunior:matrix.org> https://code.briarproject.org/briar/briar/-/wikis/FAQ#does-briar-provide-anonymity
23:17:07 <m-relay> <p​reland:monero.social> That does remind me; has anyone figured out a solution for the “wrench” attack?
23:17:29 <m-relay> <m​cneb10:envs.net> the what?
23:17:56 <m-relay> <p​reland:monero.social> (Ie someone can coerce you into giving credentials; perhaps using, say, a 5$ wrench)
23:18:07 <m-relay> <m​cneb10:envs.net> oh yeah
23:18:20 <m-relay> <m​cneb10:envs.net> the only way is to make it so multiple people have to agree to open it i guess
23:18:25 <m-relay> <m​cneb10:envs.net> so multisig wallet
23:19:02 <m-relay> <p​reland:monero.social> Hmm
23:19:11 <m-relay> <p​reland:monero.social> Wait until you hear about the “wrenches” attack
23:19:33 <m-relay> <p​reland:monero.social> I can’t rly think of a good answer
23:19:46 <m-relay> <m​cneb10:envs.net> or the other countermeasure is having a weapon
23:19:56 <m-relay> <m​cneb10:envs.net> or security?
23:20:00 <m-relay> <m​cneb10:envs.net> or store the seed itself in a bank
23:20:11 <m-relay> <m​cneb10:envs.net> and then only take the money out when you go there
23:20:30 <m-relay> <p​reland:monero.social> The best one I could think of would be making the credentials time based; ie you’d have to check in routinely or else the password is removed
23:20:39 <m-relay> <p​reland:monero.social> Downsides for that are a lot though
23:20:43 <m-relay> <m​cneb10:envs.net> but then they can just come back later
23:21:34 <m-relay> <p​reland:monero.social> The idea is that if you set the check-in to 24 hours, you would have to last at least 24 hours without giving the password and then it would be gone
23:21:53 <m-relay> <p​reland:monero.social> Downsides are very high, with very little upside unfortunately
23:23:38 <m-relay> <m​cneb10:envs.net> yeah i'd say multisig
23:23:41 <m-relay> <m​cneb10:envs.net> or just good opsec
23:23:48 <m-relay> <m​cneb10:envs.net> thats the only thing that will really protect you
23:24:02 <m-relay> <m​cneb10:envs.net> depends on the threat model