Boof

  • 0 Posts
  • 25 Comments
Joined 2 years ago
cake
Cake day: June 16th, 2023

help-circle

  • dog@suppo.fitoProgrammer Humor@programming.devExam Answer
    link
    fedilink
    arrow-up
    10
    arrow-down
    1
    ·
    10 months ago

    Yes, it’s a full 24 hours, but a library doesn’t use 24:00:00 to represent the last hour, it’s 23:59:59. Once it hits 24:00, it rolls over to 00:00:00.

    Hence my initial error of answering 23.

    It’s not valid, but I don’t edit out erronous answers because I believe all data should be preserved, no matter how dumb it makes one look.











  • Hashing on client side is both more private, and secure. All the user ever submits is a combined hash (auth/pubkey) of their username + password.

    If the server has that hash? Check the DB if it requires 2FA, and if the user sent a challenge response. If not, fail the login.

    Registering is pretty much the same. User submits hash, server checks DB against it, fail if exists.

    Edit: If data is also encrypted properly in the DB, it doesn’t even matter if the entire DB is completely public, leaked, or secured on their own servers.




  • Your password could also just be a long, unique sentence, without any excessive special characters. Maybe even a poem.

    Like "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum eu leo eu nibh efficitur viverra. Integer lacinia tortor est, quis aliquet tortor varius sed. Sed dapibus vel turpis at suscipit. Nulla consequat orci in nibh dapibus sodales. Phasellus at arcu ac dolor suscipit pretium. Curabitur sit amet justo sit amet ipsum scelerisque accumsan ac ac nulla. Nullam accumsan lorem sagittis iaculis varius. Nullam convallis nisi ante, id congue diam tincidunt vel. Aliquam sed iaculis mauris. Nam leo nisi, consequat sed sodales non, tempor vel ante. Nunc eleifend vulputate turpis bibendum bibendum. Morbi nec massa in mi sagittis lacinia id ut metus. Maecenas gravida mi vitae lorem laoreet sagittis. "

    That’s alot of common characters and words; yet, it’ll take centuries to crack.


  • That’s a misunderstanding of DDoS. 0 byte packets are actually worse than large packets.

    Which is why most DDoS (at least was) is extremely slow 0 byte requests until the server throttles/crashes under the number of requests.

    E: Consider this. Are you more likely to throttle a bandwidth of terabytes/petabytes with couple million 1gb requests; or break it entirely by sending >4294967295 0 byte requests that effectively never stop being requested from the server?