It’s OK for manufacturers to say using aftermarket parts voids the warranty, it’s not OK for them to prevent using them entirely. Likewise if there’s a safety concern that should be handled by regulation and things like safety inspections, not by forcing all repairs to go through the manufacturer. If whatever it is is that critical to the safe operation it should be publicly documented so that third parties can manufacture it correctly to the needed tolerances.
It’s because layering doesn’t really gain you anything so it only has downsides. It’s important to differentiate encryption and hashing from here on since the dangers are different.
With hashing, layering different hashing algorithms can lead to increased collision chance and if done wrong a reduced entropy (for instance hashing a 256 bit hash with a 16 bit hashing algorithm). Done correctly it’s probably fine and in fact rehashing a hash with the same algorithm is standard practice, but care should be taken.
With encryption things get much worse. When layering encryption algorithms a flaw in one can severely compromise them all. Presumably you’re using the same secret across them all. If the attacker has a known piece of input or can potentially control the input a variety of potential attack vectors open up. If there’s a flaw in one of the algorithms used that can make the process of extracting the encryption key much easier. Often times the key is more valuable than any single piece of input because keys are often shared across many encrypted files or data streams.
Banks usually have the absolute worst password policies. It’s typically because their backend is some crusty mainframe from the 80s that limits inputs to something absurdly insecure by today’s standards and they’ve kicked the upgrade can down the road for so long now that it’s a staggeringly monumental task to rewrite it all. Thankfully most of them have upgraded at this point, but every now and then you still find one that’s got ridiculous limits like a maximum password length of 8 and only alphanumeric characters (with no 2FA obviously).
Trimming whitespace from the start and end of a password is fine but you absolutely should not remove whitespace from the middle of a password.
The rest of that sentence is important. Hashing passwords is the minimum practice, not best practice. You should always be at least hashing passwords. Best practice would be salting and peppering them as well as picking a strong hashing function with as high a number of iterations as you can support. You would then pair that with 2FA (not SMS based), and a minimum password length of 16 with no maximum length.
A KDF is not reversible so it’s not encryption (a bad one can be brute forced or have a collision, but that’s different from decrypting it even if the outcome is effectively the same). As long as you’re salting (and ideally peppering) your passwords and the iteration count is sufficiently high, any sufficiently long password will be effectively unrecoverable via any known means (barring a flaw being found in the KDF).
The defining characteristic that separates hashing from encryption is that for hashing there is no inverse function that can take the output and one or more extra parameters (secrets, salts, etc.) and produce the original input, unlike with encryption.
That’s a pepper not a salt. A constant value added to the password that’s the same for every user is a pepper and prevents rainbow table attacks. A per-user value added is a salt and prevents a number of things, but the big one is being able to overwrite a users password entry with another known users password (perhaps with a SQL injection).
Hashing passwords isn’t even best practice at this point, it’s the minimally acceptable standard.
Which shouldn’t even matter because passwords are salted and hashed before storing them, so you’re not actually saving anything. At least they better be. If you’re not hashing passwords you’ve got a much bigger problem than low complexity passwords.
I mean, it’s about time, and I’m glad they’re finally realizing the thing they should have realized like… half a century ago, but this really shouldn’t be a new idea for them.
Putin would be very angry and threaten to use nukes… so basically just another Tuesday.
This is the most blindingly stupid conspiracy theory yet. How the hell do you even rig a debate? Trump got his ass handed to him because he’s a moron, so unless they’re accusing ABC of feeding Trump lead paint chips a couple decades ago there’s no way to claim ABC rigged this.
He was very popular which made him that much more dangerous. His trickle down economics lie has done more to destroy the US economy than just about anything else. To this day there’s still people who feel it’s a viable model despite nearly half a century now of showing it doesn’t work. He and Nancy Reagan are also responsible for continuing the culture war against minorities that Nixon started.
Little of both. Ronald Reagan tilled the soil, and the later Republicans fertilized it. Why wouldn’t foreign disinformation groups sow seeds in such perfect fields?
A big chunk of the problem in US politics is the two party system enforced by first past the post. Very few people actually agree with 100% of either party’s policies, so the deciding factor for most people becomes either which party do I agree with more of their policies, or in some cases which policies do I feel are most critical and therefore drive the overall decision. This has been made even worse by Republicans strategically picking policies to try to drive a wedge in between them and Democrats particularly around certain hot button issues like abortion, gun control, and religion.
This is why the GOP has been working hard for decades to destroy public education in the US. They want to make sure that only the rich are educated because the uneducated can be easily tricked into voting against their own interests. Unfortunately it’s working.
It’s mandatory in a functioning democracy for the public to be educated and well informed or it doesn’t work. Unfortunately it’s highly debatable whether the US still qualifies as educated, and the likes of Fox News and Sinclair are hard at work destroying the informed part.
All that said the ease with which misinformation spreads these days does need some kind of counter, otherwise we open ourselves up to Soviet style disinformation campaigns where the goal isn’t so much to drive a particular narrative as it is to sow confusion and make people distrust all information. They drown the signal in noise, so everyone just makes decisions based on their gut instead of facts. Social media has given a false equivalence where any random person on Facebook is treated as just as reliable a source of news and information as actual reporters are. This is incredibly dangerous.
Ah yes, it’s…
checks notes
the US fault that Russia invaded Ukraine. Right, makes perfect sense, carry on.
The only involvement the US or even most of the NATO countries have had in this complete shitshow has been to sell obsolete military hardware to Ukraine at a steep discount. It was probably cheaper to ship the stuff in bulk to Ukraine than it would cost to properly decommission it so might even have saved some money doing that.
Russia desperately wants to make this a fight with NATO or even better the US so they look like less of a laughing stock for losing this badly.
Great, now do the Senate and President as well. FPTP needs to die.
I uh… hmm… I got nothing, you’re probably right unfortunately.
They tried making subscription turn signals but nobody bought them. /s
Behold all the fucks I do not give. If it’s that critical they lose all claim to being proprietary. It’s just like patent, there’s no such thing as a secret patent, so anything that safety critical doesn’t get to stay secret either.
It doesn’t now but it’s utterly trivial to fix that. Just make the regulations say that components must meet the manufacturer specifications and require manufacturers to publish and maintain all the specifications of all safety critical components. If they want to keep it secret then that means it’s not safety critical and they’re responsible for any accidents resulting from its failure.