I think this meme has the images backwards... He should be taking off the rose-tinted glasses, not putting them on.
(Yes I know they're sunglasses and not rose-tinted)
I think this meme has the images backwards... He should be taking off the rose-tinted glasses, not putting them on.
(Yes I know they're sunglasses and not rose-tinted)
I don't think anything changed. This isn't a false statement depending on the product. As long as there's some single rare scenario where it could be 100% effective, they're not lying. Really it's just to make you feel a certain way even if the sentence doesn't actually say anything at all.
Yeah, that's 47 million in tax payer dollars. So instead of stealing millions from a few people, it's pennies from millions of people. Definitely a lot of better things that money could have gone to.
I think you're missing the point of what I'm asking. In what way are regular salted passwords insecure? Sure you can keep adding extra steps to encryption, but at a certain point you're just wasting CPU cycles.
I have no doubts about Argon2 being secure, I just think the extra steps are unnecessary for anything I would build (i.e. not touching financial transactions or people's SSNs). By design argon2 uses a lot of memory and CPU time to make bruteforce attacks much harder, but that's more of a downside when you're just doing basic account logins on a low end server.
I'll happily retract my point about external dependencies. It's available in most languages, and notably std C++ contains neither argon2 or sha256/512 hashing, so that kind of makes my original point invalid anyway.
I hope this becomes available before my teeth start having problems... Now that I think about it, I think I'll go brush my teeth now.
If they're hashing, the column size should be irrelevant. Ideally the database should never see the plaintext password in the first place (though I could understand calculating the hash in the query itself). If they're not hashing, they should really be rewriting their database anyway.
I'd rather see a paper explaining the flaws with salted passwords rather than "just use this instead".
My initial reaction is that this overcomplicates things for the majority of use-cases, and has way more to configure correctly compared to something basic like a salted sha256/sha512 hash that you can write in any language's standard library.
If the database of everyone's salted password hashes gets leaked, this still gives everyone plenty of time to change passwords before anything has a chance of cracking them. (Unless you're about to drop some news on me about long time standard practices being fundamentally flawed)
If they're not already rate-limiting login attempts that's another huge problem...
I'm upgrading from no TV, and I expect it to last me at least 10 years or I'll be very disappointed.
Not to mention if you want an OLED display, any sort of commercial variant of that will be $10000+ and marketed to Hollywood producers and other creative industries that care about color accuracy.
Good luck implementing all the display color calibration, pixel refresher, anti-burn in features, etc... on these new TV panels. Personally I'd rather keep my warranty and just use a separate device to run the apps.
TIL