Avatar

hunter2

hunter2@lemmy.ml
Joined
0 posts • 10 comments
Direct message

I’m not well versed on the speed of Grover’s over classical brute force. According to NIST this is correct! Thanks for the addition.

permalink
report
parent
reply

Agree with the points on PGP and other features. I almost made a lengthier reply mentioning the signing issues, which seems appropriate now. It would not be easy, but a successful implementation would definitely need clients to automatically detect and verify signed content, due to the human issues you mention. A problem is obtaining public keys from a trusted source. Maybe it could be attached to profile information with a 2FA requirement to modify it. Just an idea. In this way, verification is not dependent on the user to perform.

permalink
report
parent
reply

PGP private keys are harder to steal than JWTs, as they are not generally stored as a long-term cookie but briefly just to sign something. Through XSS (the vulnerability in this case), cookies are relatively easy to steal, but to steal a PGP key would require a more complex script able to steal the key at the time it is loaded in the browser (assuming the signing feature is implemented in the browser). It’s a bit more sophisticated, but not totally bulletproof.

permalink
report
parent
reply

It was Ubuntu 8.04 in around 2013. I only did it to get a promotional item for Team Fortress 2 called Tux, a cosmetic item that looks like… Tux. I remember hating the UI/UX and promptly uninstalled it afterwards.

Eventually circled back around to Xubuntu for my low-end hardware and various other distros. Currently daily driving Fedora.

permalink
report
reply

Hashbrowns - McCain is tasteless in comparison

permalink
report
reply

No, the vulnerability was due to a client-side bug in the Lemmy web UI. Mobile apps render content in a different way, and are not vulnerable to this kind of attack (apart from in exceptional circumstances).

Should probably log out and back in still though.

permalink
report
parent
reply

Quantum computers are nowhere near usable for breaking classical cryptography at the moment, though opinions on how soon it will come vary. As others have said, we have quantum resistant algorithms ready to go, so future encryption is fine.

The greater concern is that a lot of traffic and data encrypted using classical algorithms has been logged or stored in various mediums. An old encrypted drive, or communications stored by nation state actors (the NSA and such). These will be broken, and a lot of past secrets might come out from hiding.

permalink
report
reply