what are your thoughts on quantum computers breakimg encryption soon? by hunter2 in c/asklemmy@lemmy.ml
[-] hunter2@lemmy.ml 1 points 11 months ago

I'm not well versed on the speed of Grover's over classical brute force. According to NIST this is correct! Thanks for the addition.

what are your thoughts on quantum computers breakimg encryption soon? by hunter2 in c/asklemmy@lemmy.ml
[-] hunter2@lemmy.ml 39 points 11 months ago

Quantum computers are nowhere near usable for breaking classical cryptography at the moment, though opinions on how soon it will come vary. As others have said, we have quantum resistant algorithms ready to go, so future encryption is fine.

The greater concern is that a lot of traffic and data encrypted using classical algorithms has been logged or stored in various mediums. An old encrypted drive, or communications stored by nation state actors (the NSA and such). These will be broken, and a lot of past secrets might come out from hiding.

What was your first experience using Linux? How old were you? Stick around or did you go back to windows before eventually circling back to Linux? by hunter2 in c/linux@lemmy.ml
[-] hunter2@lemmy.ml 1 points 11 months ago

sadly no longer available to get

What was your first experience using Linux? How old were you? Stick around or did you go back to windows before eventually circling back to Linux? by hunter2 in c/linux@lemmy.ml
[-] hunter2@lemmy.ml 3 points 1 year ago

It was Ubuntu 8.04 in around 2013. I only did it to get a promotional item for Team Fortress 2 called Tux, a cosmetic item that looks like... Tux. I remember hating the UI/UX and promptly uninstalled it afterwards.

Eventually circled back around to Xubuntu for my low-end hardware and various other distros. Currently daily driving Fedora.

What is a website everyone should know about? by hunter2 in c/asklemmy@lemmy.ml
Lemmy.world (and some others) were hacked by hunter2 in c/lemmyworld@lemmy.world
[-] hunter2@lemmy.ml 2 points 1 year ago

Agree with the points on PGP and other features. I almost made a lengthier reply mentioning the signing issues, which seems appropriate now. It would not be easy, but a successful implementation would definitely need clients to automatically detect and verify signed content, due to the human issues you mention. A problem is obtaining public keys from a trusted source. Maybe it could be attached to profile information with a 2FA requirement to modify it. Just an idea. In this way, verification is not dependent on the user to perform.

What is a website everyone should know about? by hunter2 in c/asklemmy@lemmy.ml
What generic products do you swear are superior to the name brand? by hunter2 in c/asklemmy@lemmy.ml
[-] hunter2@lemmy.ml 5 points 1 year ago

Hashbrowns - McCain is tasteless in comparison

Lemmy.world (and some others) were hacked by hunter2 in c/lemmyworld@lemmy.world
[-] hunter2@lemmy.ml 4 points 1 year ago* (last edited 1 year ago)

PGP private keys are harder to steal than JWTs, as they are not generally stored as a long-term cookie but briefly just to sign something. Through XSS (the vulnerability in this case), cookies are relatively easy to steal, but to steal a PGP key would require a more complex script able to steal the key at the time it is loaded in the browser (assuming the signing feature is implemented in the browser). It's a bit more sophisticated, but not totally bulletproof.

Lemmy.world (and some others) were hacked by hunter2 in c/lemmyworld@lemmy.world
[-] hunter2@lemmy.ml 15 points 1 year ago* (last edited 1 year ago)

No, the vulnerability was due to a client-side bug in the Lemmy web UI. Mobile apps render content in a different way, and are not vulnerable to this kind of attack (apart from in exceptional circumstances).

Should probably log out and back in still though.

hunter2

joined 1 year ago