"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." --Edward Snowden
>Recommended operating systems General purpose: Fedora, K/L/Xubuntu, Arch Linux Privacy focused: Whonix, Tails, Qubes OS
>Recommended mobile operating systems Android based: GrapheneOS, CalyxOS, LineageOS/DivestOS Linux based: PureOS, postmarketOS
So let me get it straight. Websites don't actually store your password but a hash that's the result of running said password through a hashing algo, right? So when a data breach happens malicious hackers just run a bruteforce algo with all combinations hashing each one until they get the one that generates a hash that matches, correct?
Christian Young
some websites do. even facebook got popped a while back and was storing passwords in plaintext for like 300 million users of some legacy server.
Daniel James
kek thanks for reposting my doubt man, srry for killing the last thread.
Why the fuck would they store it in play text instead of hashing it? It takes nearly nothing to implement.
How hard is it to host your own bitwarden and firefox sync if you're a brainlet? I've been thinking about trying out docker for this but I really don't have any experience with networking and linux, save for setting up a Pi NAS (just followed tutorials)
Jason Martinez
imagine trusting facebook in 2022
Benjamin Allen
Just keep following tutorials, lots of self hosted resources exist.
privacy is a fucking joke. if the government wants to plant kiddy porn on your pc's, they can. there are backdoors built in on all motherboards and cpu's. no, they can't be removed. the five eyes see all.
Josiah Hall
funny how no one feels like writing anything, anymore. letting the thread die so you can erase this uncomfortable little nugget of truth, are you..?
Cameron Davis
>just don't mitigate any problems because the worst can happen ok retard
Julian Cook
you stupid fucking cunt, there's nothing you can fucking do when your system is cmpromised at the fucking HARDWARE LEVEL!! YOU FUCKING GOT THAT??? NO STUPID FUCKING LITTLE HOMEMADE PROGRAM WILL SAVE YOU!!
Jace Wright
>you stupid fucking cunt >there's nothing you can fucking do >your system is cmpromised >the fucking HARDWARE LEVEL >YOU FUCKING GOT THAT >NO STUPID FUCKING LITTLE HOMEMADE PROGRAM WILL SAVE YOU Cool story faggot, but my primary devices have CPUs without the IME or similar niggotry, and your entire premise implies that people with IME'd CPUs can't do anything to achieve better privacy, which is fundamentally retarded. Anyone can observe activity on their network and ascertain if something is awry, and they can also utilize things like LibreBoot.
Angel Roberts
Hello all especially my friend Beaver. I want to share summaries of what I've done with WLAN hacking, but I am dumb as fuck so I am having a hard time sharing my shit. I am bad at every social media for coders.
>Tried to make a WordPress >can't figure out API >Went to PasteBin >Don't want to use it >Run etherpad like Bober suggested >NodeJS version not new enough Reeeee it is so hard to collaborate.
>There is barely anything there except a readme I apologize for the lack of information in the GitHub right now. I do have a fair bit of knowledge from my experiments. Knowledge that far exceeds what I can post in one thread. I need to find a way to organize it all. For this thread, I tried to record what I learned over the years about WLAN cracking into the readme.txt file
You don't need to get fancy with git (and especially github). Just use a pastebin style service or something.
Lucas Gray
Passwords are usually stored as hash. The hash function is one-way so you can't just take the hash and get a working password - you can't use the hash value and work backwards. So you try different inputs, use the function in the normal forward way and compare the output hash with the one from the database.
First, the hacker can try a wordlist of commonly used passwords. This is very low effort and still yields good results. Next, he can start with passwords of a low length and with no special characters. Then, depending on how much energy he wants to spend on the cracking, he can slowly increase the length and/or include special characters and use longer lists. It's a bit of a black magic to decide when you should start adding special characters instead of increasing length, what type of words of a dictionary to use, etc. It will depend on the type of users of the website as well.
Gabriel Miller
Many websites now use salts to create the hash of the password. If the same salt is used for everyone on the website, then there is one salt per database. This could be the case if the salt is embedded into the code of the hashing function which is not part of the database the hacker has access to. Pre-computed hashes are useless until the salt is found. Users with a weak password will help the hacker find the salt. He can use the common passwords with different salts and would find a match for the weak passwords. Now he also knows the salt for the rest of the users.
Websites can also use different salts per user, though. They are saved next to the hash, so the hacker knows the salt for the user. But since it is different for each user, the hacker needs to run through the wordlists and do the bruteforcing for each individual user again, the hash for the same passwords will be different with this new salt. This makes the cracking much less efficient.
