R. A. Dehi @radehi@qoto.org

@lauren No.

@lauren Are they allowed to do that? I thought grand jury proceedings were secret.

@popey Also works without joining Mastodon!

md5crypt() is from 1995, and although has been deprecated since 2012 because is too fast to be secure nowadays, cracking it takes 1000 times longer than Hive is claiming (or, more specifically, than @Tutanota is claiming by their choice of one of Hive's images.)

Is that what the password data breaches they talk about were using? Or were they really just using single-iteration MD5 like a fresh bootcamp graduate?

https://web.archive.org/web/20180317164935/http://phk.freebsd.dk/sagas/md5crypt_eol.html

If Hive is willing to assume that your security design is such shit that you're using MD5 without iteration for password hashes, why not just assume you're storing the password in plain text? That's pretty much the same level of incompetence, and it would make all the cells in the table read "Instantly". They actually do have this table further down in the post.

Hive also produced some tables for PBKDFs that have tunable difficulty parameters, such as bcrypt() and PBKDF2, but didn't specify which parameter settings are being used for these tables, or talk about the tradeoff space; also, incorrectly describe bcrypt() as not being "a key derivation function like PBKDF2", when that's exactly what it is.

Oh, reading the page at https://www.hivesystems.io/blog/are-your-passwords-in-the-green, they're assuming your password hashing algorithm is just plain MD5 without any hash iteration, claiming is "2018 cybersecurity practices". @Tutanota, please tell me are not hashing your users' passwords with plain MD5 without any hash iteration? Because Unix has iterated its password hashing function since 7th edition Unix, 25 iterations of modified DES: https://en.wikipedia.org/wiki/Crypt_(C)#Traditional_DES-based_scheme. That was in 1979. The password encryption approach Hive is suggesting has been known to be bad practice since 1979. When PHK implemented md5crypt for BSD in the 90s, it used 1000 iterations of MD5. A single iteration is not 2018 practice.

(Some people surely did commit this error in building their systems.)

Aren't actually proposing "a hacker" with a hundred times as much power as the entire Bitcoin network; are proposing to rent eight A100 GPUs from Amazon AWS which they say would get 523 billion hashes per second, the which is 16 million times less compute than the Bitcoin network. At this speed 2^90 hashes would take 75 million years, not the 3 weeks they state, the which is correct for 2^60.

Seems incorrect; 10 "Numbers, Upper and Lowercase Letters" is 64^10 = 2^60, and with properly applied key stretching (a difficulty factor of 2^30, say), that's 2^90. To do 2^90 hash operations in 3 weeks would require to do almost 700 quintillion hash operations per second. Bitcoin hashrate is 7.983.858 terahashes per second, almost a hundred times lower. Hivesystems is proposing "a hacker" with a hundred times as much power as the entire Bitcoin network, assuming your PBKDF's difficulty factor is set to 2^30.

@Jbat sounds reasonable to me; can't tell if they'll have to damage the drive to get it to spin up, or whether is already damaged, until they succeed in spinning up it. The price is in the normal range.

@oskay Guess you deal with a lot of early learners, no? Appreciate you being willing to offer me advice, which would have been good for an early learner!

@oskay Oh, I wanted to say, except through-feed dies, a cylindrical or planetary thread rolling die has threads on it, so is itself a screw. Assumed by "trilobular thread rolling screw" you meant such a thread rolling die, so the question was how to make the die with limited equipment. Was puzzled at the idea of trying to make such a die by rolling!

In how much grinding and EDM, grinding is already common for hardened ballscrews (maybe forgot about ballscrews), and EDM tapping is already common, so clearly EDM is an option for making threads, though don't know of anyone using it for outside threads now. Obviously is not competitive for volume production.

Now see that meant https://taptite.com/assets/files/taptiteii-conti-reminc_5.pdf the which is a self-"tapping" machine screw with a non-circular cross-section. ("TRILOBULAR" is a trademark.) Seems like rare geometry is principal problem, together with surface finish.

The REMINC brochure emphasizes the need to request the brand name from distributors, so maybe are selling generic manufacturers clones of off-patent REMINC screws under different name. The brochure also gives geometry pretty detailed. Fascinating product, thanks.

@oskay Is surprising to me you would think I haven't looked at how screws are made, generally speaking, when yesterday was talking about relative advantages of rolling, grinding, and EDM for making hardened threads when lathe is no option

@oskay Thanks! Any information in particular you've noticed I'm missing from the last time I studied that? I could start there.

@oskay I'd like to understand what the relevant difficulties are so that someday I can solve them.