This is also why using a password manager with crypto-random generated passwords that are site-unique is important. For security to work, it has to be convenient enough that people don't take shortcuts around it.
Also, sure pbkdf2 is not the worst thing in the world, but OWASP only recommends it when targetting FIPS. Is there a reason that we aren't using argon2id, or at least scrypt or bcrypt?
Ako Suminoe :njp: /
npub1tu…5axml
2023-08-13 08:39:04
in reply to nevent1q…lzaj
Author Public Key
npub1tuqhwmqxj9g4aqjcw8gn42hugmvqwgquksejcrt3ztpnsmlm9cjq55axmlPublished at
2023-08-13 08:39:04Event JSON
{
"id": "eec45cf7b8fbb382ad26ad6f983cf7afbc13c9f153948f3671534375069f0c3b",
"pubkey": "5f01776c0691515e825871d13aaafc46d807201cb4332c0d7112c3386ffb2e24",
"created_at": 1691915944,
"kind": 1,
"tags": [
[
"p",
"6be61ca6c65a6d80ae4deb98eb27943cba1bc93dfc975b8161028c099c2b54dc",
"wss://relay.mostr.pub"
],
[
"p",
"79c4b3e2b1e7d8d74fa652cdc1dee37f9cd08fefdc13a79f8d1146c0b69fd1fb",
"wss://relay.mostr.pub"
],
[
"p",
"2beb3c33e63568fe28b3d97c5ff795af72576394038ce160bc2122781e3036b9",
"wss://relay.mostr.pub"
],
[
"p",
"3ba9aa8fc1bbff68f18a109959374aad3e258eb8131b260a61733bfb9a8a74f7",
"wss://relay.mostr.pub"
],
[
"e",
"dcf6ccc0867727ef256d3a18554e568e5db30ee016b2d19b551152f6ae929a45",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://poa.st/objects/054048bc-0b0e-4f60-bd35-fba95c854582",
"activitypub"
]
],
"content": "This is also why using a password manager with crypto-random generated passwords that are site-unique is important. For security to work, it has to be convenient enough that people don't take shortcuts around it.\n\nAlso, sure pbkdf2 is not the worst thing in the world, but OWASP only recommends it when targetting FIPS. Is there a reason that we aren't using argon2id, or at least scrypt or bcrypt?",
"sig": "439ef90e7b9a25c52ad3a6a3f91a8c3e0224b6a028bd0be61a6d99023e0b3b3e97c5feb208e9f84c0f245cd828fbb1f8886d4f03f16bfee1908f7d76b28068ff"
}