↳
In-reply-to
»
I made a thing. Its a multi password type checker. Using the PHC string format we can identify a password hashing format from the prefix
⤋ Read More
$name$ and then dispatch the hashing or checking to its specific format.
Circling back to the IsPreferred method. A hasher can define its own IsPreferred method that will be called to check if the current hash meets the complexity requirements. This is good for updating the password hashes to be more secure over time.
func (p *Passwd) IsPreferred(hash string) bool {
_, algo := p.getAlgo(hash)
if algo != nil && algo == p.d {
// if the algorithm defines its own check for preference.
if ck, ok := algo.(interface{ IsPreferred(string) bool }); ok {
return ck.IsPreferred(hash)
}
return true
}
return false
}
https://github.com/sour-is/go-passwd/blob/main/passwd.go#L62-L74
example: https://github.com/sour-is/go-passwd/blob/main/pkg/argon2/argon2.go#L104-L133
↳
In-reply-to
»
I made a thing. Its a multi password type checker. Using the PHC string format we can identify a password hashing format from the prefix
⤋ Read More
$name$ and then dispatch the hashing or checking to its specific format.
Hold up now, that example hash doesn’t have a
$prefix!
Well for this there is the option for a hash type to set itself as a fall through if a matching hash doesn’t exist. This is good for legacy password types that don’t follow the convention.
func (p *plainPasswd) ApplyPasswd(passwd *passwd.Passwd) {
passwd.Register("plain", p)
passwd.SetFallthrough(p)
}
https://github.com/sour-is/go-passwd/blob/main/passwd_test.go#L28-L31
↳
In-reply-to
»
I made a thing. Its a multi password type checker. Using the PHC string format we can identify a password hashing format from the prefix
⤋ Read More
$name$ and then dispatch the hashing or checking to its specific format.
Here is an example of usage:
func Example() {
pass := "my_pass"
hash := "my_pass"
pwd := passwd.New(
&unix.MD5{}, // first is preferred type.
&plainPasswd{},
)
_, err := pwd.Passwd(pass, hash)
if err != nil {
fmt.Println("fail: ", err)
}
// Check if we want to update.
if !pwd.IsPreferred(hash) {
newHash, err := pwd.Passwd(pass, "")
if err != nil {
fmt.Println("fail: ", err)
}
fmt.Println("new hash:", newHash)
}
// Output:
// new hash: $1$81ed91e1131a3a5a50d8a68e8ef85fa0
}
This shows how one would set a preferred hashing type and if the current version of ones password is not the preferred type updates it to enhance the security of the hashed password when someone logs in.
https://github.com/sour-is/go-passwd/blob/main/passwd_test.go#L33-L59
I made a thing. Its a multi password type checker. Using the PHC string format we can identify a password hashing format from the prefix $name$ and then dispatch the hashing or checking to its specific format.
Tell me you write go like javascript without telling me you write go like javascript:
import "runtime/debug"
var Commit = func() string {
if info, ok := debug.ReadBuildInfo(); ok {
for _, setting := range info.Settings {
if setting.Key == "vcs.revision" {
return setting.Value
}
}
}
return ""
}()
@movq@www.uninformativ.de, any plans still to clean up the hash from the twtxt’s body? Maybe a Festivus gift? You know, “for the rest of us”. :-D
Dino: Stateless File Sharing: Base implementation
The last few weeks were quite busy for me, but there was also a lot of progress.
I’m happy to say that the base of stateless file sharing is implemented and working.
Let’s explore some of the more interesting topics.
File hashes have some practical applications, such as file validation and duplication detection.
As such, they are part of the [metadata element](https://xmpp.org/extensio … ⌘ Read more
@movq@www.uninformativ.de @prologic@twtxt.net I just reread the spec and it seems to be even a bit outdated regarding machine-parsable conversation grouping. We long dropped the need to specify a whole hash tag with URL (#<hash url>), the simplified version without the URL (#hash) is enough.
The hash tag extension specification is kind of missing the same. However, I’m not sure if that short form is considered supported in general (as opposed to be a special case for subjects only) by the majority of the twtxt/yarn community.
Now the question arises, in order to keep things simple, should we even only allow the simplified twt hash tag for subjects and forbid the long version? This would also save quite a bit of space. The URL is probably not shown anyways in most clients. And if so, clients might rewrite URLs to their own instances. On the other hand, there’s technically nothing wrong with the long version in current parser implementations. And deprecating stuff without very good reason isn’t cool.
@movq@www.uninformativ.de was the request to remove the hash (subject) from showing on twts discarded? I don’t see it on the TODO, so I am curious. Was it something you decided was not worth investing time on?
@movq@www.uninformativ.de, is removing the hash from the body of the twt on the TODO? I read it, but I am unsure if it is there already, or not. 🙈 Sorry if it is, and I failed to spot it!
@movq@www.uninformativ.de You can always use a 5GB video file if the UI hashes it with SHA512 before posting to the server.
@movq@www.uninformativ.de What do you think about this?
diff –git a/jenny b/jenny
index b47c78e..20cf659 100755
— a/jenny
+++ b/jenny
@@ -278,7 +278,8 @@ def prefill_for(email, reply_to_this, self_mentions):
def process_feed(config, nick, url, content, lasttwt):
nick_address, nick_desc = decide_nick(content, nick)
url_for_hash = decide_url_for_hash(content, url)
new_lasttwt = parse(‘1800-01-01T12:00:00+00:00’).timestamp()
# new_lasttwt = parse(‘1800-01-01T12:00:00+00:00’).timestamp()
new_lasttwt = None
for line in twt_lines_from_content(content):
res = twt_line_to_mail(@@ -296,7 +297,7 @@ def process_feed(config, nick, url, content, lasttwt):
twt_stamp = twt_date.timestamp() if lasttwt is not None and lasttwt >= twt_stamp: continueif twt_stamp > new_lasttwt:
if not new_lasttwt or twt_stamp > new_lasttwt:
new_lasttwt = twt_stamp mailname_new = join(config['maildir_target'], 'new', twt_hash)
My thoughts about pagination (paging)
Following the discussion about pagination (paging) I think that’s the right thing to do.
Fetching the same content again and again with only a marginal portion of actually new twts is unbearable and does not scale in any way. It’s not only a waste of bandwidth but with increasing number of fetchers it will also become a problem for pods to serve all requests.
Because it’s so easy to implement and simple to understand, splitting twtxt file in parts with next and prev pointers seems a really amazing solution.
As in RFC5005 there should also be a meta header pointing to the main URL, e.g. current or baseurl or something like that. This way hashes can calculated correctly even for archived twts.
@movq@www.uninformativ.de
With those two (Message-ID, and In-Reply-To) the hashing could become superfluous, and no longer needed. I would vote for that!
I am noticing that Yarn doesn’t treat “outside” (that is, twts coming from a client other than Yarn) twts hashes right. Two examples:
There are many more, but those two will give you the gist. Yarn links the hash to the poster’s twtxt.txt, so conversation matching will not work.
A screenshot of a very tiny c program written on System7
I’ve got to use macOS by nature of my work. Lately I’m increasingly down on this. Here I will not re-hash anything about the current state of Apple’s hardware and software ecosystem. I don’t care.
Wanting to take a trip down nostolgia lane, however (to when I was 2 years old) I thought I’d install Mac OS System 7. What follows is a quick guide for doing the sa … ⌘ Read more
↳
In-reply-to
»
I wrote a 'banner'-like program for Plan 9 (and p9p) that uses the Unicode box drawing characters: http://txtpunk.com/banner/index.html
⤋ Read More
No, I’m still doing them manually. 🤣🤦🏻 But I do think they are a good idea and will be adding them, I just haven’t gotten around to finding a compatible implementation of the hash yet.
@prologic@twtxt.net @anth Sounds like a good idea. The hash to conv/search url should stay local to a pod.
@movq@www.uninformativ.de No argument that threading is an improvement. But I think (#hash) does that, and I think figuring out how to search should mostly be up to the client.
@prologic@twtxt.net i think i finally suss’d out my hash issue.. now to figure out why im losing avatars on restart.
Okay, a bit better: it now preserves the author, although it prints a hash right now. Tomorrow’s problem.
@prologic@twtxt.net yeah it reads a seed file. I’m using mine. it scans for any mention links and then scans them recursively. it reads from http/s or gopher. i don’t have much of a db yet.. it just writes to disk the feed and checks modified dates.. but I will add a db that has hashs/mentions/subjects and such.
@prologic@twtxt.net do you have any info on how the ‘!’ tags are supposed to work? are they just a different kind of hash tag?
@prologic@twtxt.net just an off the wall question about hashes. why not use the time+message as it was in the original twtxt.txt file? is it because it’s just not store anyplace?
also how set in stone is using user+url? vs user@domain? the latter would mean the url could change without invalidating the hash.
@prologic@twtxt.net Web Key Directory: a way to self host your public key. instead of using a central system like pgp.mit.net or OpenPGP.org you have your key on a server you own.
it takes an email@address.com hashes the part before the @ and turns it into [openpgpkey.]address.com/.well-known/openpgpkey[/address.com]/<hash>
@prologic@twtxt.net huh.. true.. the email is md5/sha256 before storing.. if twtxt acted as provider you would store that hash and point the SRV record to the pod. .. to act as a client it would need to store the hash and the server that hosts the image.
Argon2 Password Hashing ⌘ Read more…
Beating hash tables with trees? The ART-ful radix trie https://www.the-paper-trail.org/post/art-paper-notes/
Prospecting for Hash Functions « null program https://nullprogram.com/blog/2018/07/31/
Fibonacci Hashing: The Optimization that the World Forgot (or: a Better Alternative to Integer Modulo) | Probably Dance https://probablydance.com/2018/06/16/fibonacci-hashing-the-optimization-that-the-world-forgot-or-a-better-alternative-to-integer-modulo/
A new fast hash table in response to Google’s new fast hash table | Probably Dance https://probablydance.com/2018/05/28/a-new-fast-hash-table-in-response-to-googles-new-fast-hash-table/
Bad idea of the day: A browser extension that links everything in your browser cache with a fake file whose name is a hash of that item, serves those fake files over bittorrent, and, for all URLs whose expiration date is in the future, keeps a distributed table of URL to hash & attempts to fetch from bittorrent before from http
The False Allure of Hashing for Anonymization https://gravitational.com/blog/hashing-for-anonymization/
Generating a SHA256 HMAC Hash ⌘ Read more…
Bad idea of the day: an extension that renders every word in a font chosen based on the hash of that word
Bad idea of the day: Instead of ads mining bitcoins in your browser, they run IPFS nodes and pin arbitrary hashes in browser persistent storage then store them.
Too Many Requests https://www.reddit.com/r/ProgrammerHumor/comments/78aa07/reddit_host_a_joke_etcpasswd_with_hashes_for/dosn53u/?context=1