Time Nick Message 06:57 user_ Hello. Is anyone here? 06:58 user_ I suggest to remove any links to minetest_dot_com from the official website. 06:58 user_ It looks like it is a third-party website, which is not controlled by c55 and 06:59 user_ is used by someone to get money from AdSense (there are these weird "DOWNLOAD NOW" ads) 07:00 sfan5 ..... 07:01 sfan5 you're right 07:18 celeron55 they maintain the wiki 07:19 celeron55 i removed the server list link, it's very outdated anyway 07:21 celeron55 it's there because i don't want the burden of maintain every single piece of the websites 07:21 celeron55 maintaining* 07:21 celeron55 feel free to make and reliably host a better one 19:59 hmmmm just going through issues 19:59 hmmmm "EDIT: Also, something like hashing the password 5000 times through SHA1 would be useful to really hinder brute force attacks." 19:59 hmmmm you're not seriously going to even consider that... are you....? 19:59 celeron55 of course, it's pretty much standard practice 20:00 hmmmm no it's not standard practice at all 20:00 hmmmm where on earth did you get that idea from 20:01 hmmmm why not do something sane, like add an account lockout after X failed attempts 20:01 VanessaE if you really want to frustrate brute-force attacks, you need to use two ro three unrelated algorithms, and between them a small but random number of times 20:01 VanessaE and hash between* 20:01 hmmmm so now you have it in your mind that it's standard practice, chances are you're going to do it 20:01 celeron55 hmmmm: you're considering a whole different case here 20:02 hmmmm because people are really going to brute force a sha1 hash over a network connection 20:02 hmmmm in the first place 20:02 celeron55 an artificially hard hash is required for cases where an attacker gets the password hash file as-is 20:03 hmmmm if that's what you're concerned about, a salt ought to be completely sufficient 20:03 celeron55 no it isn't, plain SHA1 is brute-forceable in reasonable time with today's computers 20:03 hmmmm i dunno about you, but 5000 is a lot of sha1 hashes, and that's over 2 seconds of computation for me. 20:04 celeron55 oh god; this discussion isn't useful at all 20:04 celeron55 Be Never Back, doing somethinf useful instead -> 20:04 hmmmm then don't reply 20:04 celeron55 g* 20:05 hmmmm something i thought was a joke at first 20:05 hmmmm okay, how about two rounds of salted sha256. 20:07 jordach i aint there, but its still bad for 1/32 20:07 jordach wrong channel 20:09 hmmmm i'm disgusted at the complacency with these kinds of things, that's all. 20:12 celeron55 i belive in "it will end up working in some way at implementation time" 20:12 celeron55 until that, all is just guesses 20:13 celeron55 i become frustrated when people start nitpicking any plans related to minetest because of that 20:13 celeron55 nothing is supposed to work as-is 20:15 hmmmm i have this friend with the same sort of mindset as you do; lay down a bunch of flack first and then try to polish a turd later on. and it never ends up getting polished or there's some critical design flaw that would've never happened if things were thought through before 20:15 hmmmm i find it very frustrating 20:15 celeron55 ehm 20:15 hmmmm now granted, a detail related to authentication like this isn't going to lead to a huge design flaw, but the same sort of thinking will 20:15 celeron55 i do design things 20:16 celeron55 i've done this at the limits of my abilities for all time, and it sometimes ends up bad 20:17 celeron55 then the part is just re-done 20:18 celeron55 or improved; whatever 20:20 celeron55 hmmmm: so what kinds of software projects have you finished? 20:21 hmmmm i get your point 20:21 celeron55 i do listen people that have actual credibility, but generally the loudest people on IRC are the dumbest 20:21 celeron55 same goes for internet overall 20:22 hmmmm am i loud? i don't talk unless there's something that's worth mentioning 20:23 celeron55 considerably louder than those who don't say anything 20:23 celeron55 actually, i haven't even noticed you having been here for so long 20:24 celeron55 eh, whatever 20:26 celeron55 hmmmm: anyway, the thing that matters is if you do something 20:26 celeron55 something of quality 20:35 celeron55 and yes, it is hard 20:37 celeron55 and yes, i have coded the whole day and i am tired