If they're hashing, the column size should be irrelevant. Ideally the database should never see the plaintext password in the first place (though I could understand calculating the hash in the query itself). If they're not hashing, they should really be rewriting their database anyway.
xthexder
joined 1 year ago
I'd rather see a paper explaining the flaws with salted passwords rather than "just use this instead".
My initial reaction is that this overcomplicates things for the majority of use-cases, and has way more to configure correctly compared to something basic like a salted sha256/sha512 hash that you can write in any language's standard library.
If the database of everyone's salted password hashes gets leaked, this still gives everyone plenty of time to change passwords before anything has a chance of cracking them. (Unless you're about to drop some news on me about long time standard practices being fundamentally flawed)
If they're not already rate-limiting login attempts that's another huge problem...
I'm upgrading from no TV, and I expect it to last me at least 10 years or I'll be very disappointed.
Not to mention if you want an OLED display, any sort of commercial variant of that will be $10000+ and marketed to Hollywood producers and other creative industries that care about color accuracy.
Good luck implementing all the display color calibration, pixel refresher, anti-burn in features, etc... on these new TV panels. Personally I'd rather keep my warranty and just use a separate device to run the apps.
That's not really true because even the high end top of the line Samsung QD-OLED TVs have ads on the home screen if you connect Internet. If you want the latest display technology, your only options are Smart TV with ads, or spending 10x the price for a commercial display that nobody will actually sell you.
I'm taking this as a sign the Internet is healing that I fully understood this as sarcasm. The last couple of years I wouldn't have been so sure.
Not helpful when something like Consent-o-matic needs to operate on every possible website with a cookie banner.
I have had the same concerns, since watching it click through things faster than I can see is scary. Maybe some day someone sneaks in a cookie banner detector that activates on banking pages to steal your money? uBlock Origin has similar risks, but at least it's not actively controlling browser inputs.
Musk said that in 2022 before he renamed Twitter.
Is dropping your phone on your face really this common shared experience tons of people have? (I've done it myself) I swear I've been seeing a lot of memes about it recently.
I think you're missing the point of what I'm asking. In what way are regular salted passwords insecure? Sure you can keep adding extra steps to encryption, but at a certain point you're just wasting CPU cycles.
I have no doubts about Argon2 being secure, I just think the extra steps are unnecessary for anything I would build (i.e. not touching financial transactions or people's SSNs). By design argon2 uses a lot of memory and CPU time to make bruteforce attacks much harder, but that's more of a downside when you're just doing basic account logins on a low end server.
I'll happily retract my point about external dependencies. It's available in most languages, and notably std C++ contains neither argon2 or sha256/512 hashing, so that kind of makes my original point invalid anyway.