| Time |
Nick |
Message |
| 04:56 |
|
OldCoder joined #minetest-dev |
| 05:23 |
|
OldCoder joined #minetest-dev |
| 05:26 |
|
ecube joined #minetest-dev |
| 06:57 |
|
user_ joined #minetest-dev |
| 06:57 |
user_ |
Hello. Is anyone here? |
| 06:58 |
user_ |
I suggest to remove any links to minetest_dot_com from the official website. |
| 06:58 |
user_ |
It looks like it is a third-party website, which is not controlled by c55 and |
| 06:59 |
user_ |
is used by someone to get money from AdSense (there are these weird "DOWNLOAD NOW" ads) |
| 07:00 |
sfan5 |
..... |
| 07:01 |
sfan5 |
you're right |
| 07:13 |
|
Calinou joined #minetest-dev |
| 07:18 |
celeron55 |
they maintain the wiki |
| 07:19 |
celeron55 |
i removed the server list link, it's very outdated anyway |
| 07:21 |
celeron55 |
it's there because i don't want the burden of maintain every single piece of the websites |
| 07:21 |
celeron55 |
maintaining* |
| 07:21 |
celeron55 |
feel free to make and reliably host a better one |
| 08:42 |
|
PilzAdam joined #minetest-dev |
| 08:57 |
|
Calinou joined #minetest-dev |
| 11:02 |
|
jordach joined #minetest-dev |
| 11:48 |
|
Calinou joined #minetest-dev |
| 12:18 |
|
BloodyFire_ joined #minetest-dev |
| 14:41 |
|
Calinou joined #minetest-dev |
| 14:50 |
|
Octupus joined #minetest-dev |
| 14:52 |
|
hmmmm joined #minetest-dev |
| 16:29 |
|
jordach joined #minetest-dev |
| 16:41 |
|
saschaheylik joined #minetest-dev |
| 16:57 |
|
jordach joined #minetest-dev |
| 17:25 |
|
pfaff joined #minetest-dev |
| 17:35 |
|
OWNSyouAll joined #minetest-dev |
| 19:59 |
hmmmm |
just going through issues |
| 19:59 |
hmmmm |
"EDIT: Also, something like hashing the password 5000 times through SHA1 would be useful to really hinder brute force attacks." |
| 19:59 |
hmmmm |
you're not seriously going to even consider that... are you....? |
| 19:59 |
celeron55 |
of course, it's pretty much standard practice |
| 20:00 |
hmmmm |
no it's not standard practice at all |
| 20:00 |
hmmmm |
where on earth did you get that idea from |
| 20:01 |
hmmmm |
why not do something sane, like add an account lockout after X failed attempts |
| 20:01 |
VanessaE |
if you really want to frustrate brute-force attacks, you need to use two ro three unrelated algorithms, and between them a small but random number of times |
| 20:01 |
VanessaE |
and hash between* |
| 20:01 |
hmmmm |
so now you have it in your mind that it's standard practice, chances are you're going to do it |
| 20:01 |
celeron55 |
hmmmm: you're considering a whole different case here |
| 20:02 |
hmmmm |
because people are really going to brute force a sha1 hash over a network connection |
| 20:02 |
hmmmm |
in the first place |
| 20:02 |
celeron55 |
an artificially hard hash is required for cases where an attacker gets the password hash file as-is |
| 20:03 |
hmmmm |
if that's what you're concerned about, a salt ought to be completely sufficient |
| 20:03 |
celeron55 |
no it isn't, plain SHA1 is brute-forceable in reasonable time with today's computers |
| 20:03 |
hmmmm |
i dunno about you, but 5000 is a lot of sha1 hashes, and that's over 2 seconds of computation for me. |
| 20:04 |
celeron55 |
oh god; this discussion isn't useful at all |
| 20:04 |
celeron55 |
Be Never Back, doing somethinf useful instead -> |
| 20:04 |
hmmmm |
then don't reply |
| 20:04 |
celeron55 |
g* |
| 20:05 |
hmmmm |
something i thought was a joke at first |
| 20:05 |
hmmmm |
okay, how about two rounds of salted sha256. |
| 20:07 |
jordach |
i aint there, but its still bad for 1/32 |
| 20:07 |
jordach |
wrong channel |
| 20:09 |
hmmmm |
i'm disgusted at the complacency with these kinds of things, that's all. |
| 20:12 |
celeron55 |
i belive in "it will end up working in some way at implementation time" |
| 20:12 |
celeron55 |
until that, all is just guesses |
| 20:13 |
celeron55 |
i become frustrated when people start nitpicking any plans related to minetest because of that |
| 20:13 |
celeron55 |
nothing is supposed to work as-is |
| 20:15 |
hmmmm |
i have this friend with the same sort of mindset as you do; lay down a bunch of flack first and then try to polish a turd later on. and it never ends up getting polished or there's some critical design flaw that would've never happened if things were thought through before |
| 20:15 |
hmmmm |
i find it very frustrating |
| 20:15 |
celeron55 |
ehm |
| 20:15 |
hmmmm |
now granted, a detail related to authentication like this isn't going to lead to a huge design flaw, but the same sort of thinking will |
| 20:15 |
celeron55 |
i do design things |
| 20:16 |
celeron55 |
i've done this at the limits of my abilities for all time, and it sometimes ends up bad |
| 20:17 |
celeron55 |
then the part is just re-done |
| 20:18 |
celeron55 |
or improved; whatever |
| 20:20 |
celeron55 |
hmmmm: so what kinds of software projects have you finished? |
| 20:21 |
hmmmm |
i get your point |
| 20:21 |
celeron55 |
i do listen people that have actual credibility, but generally the loudest people on IRC are the dumbest |
| 20:21 |
celeron55 |
same goes for internet overall |
| 20:22 |
hmmmm |
am i loud? i don't talk unless there's something that's worth mentioning |
| 20:23 |
celeron55 |
considerably louder than those who don't say anything |
| 20:23 |
celeron55 |
actually, i haven't even noticed you having been here for so long |
| 20:24 |
celeron55 |
eh, whatever |
| 20:26 |
celeron55 |
hmmmm: anyway, the thing that matters is if you do something |
| 20:26 |
celeron55 |
something of quality |
| 20:35 |
celeron55 |
and yes, it is hard |
| 20:37 |
celeron55 |
and yes, i have coded the whole day and i am tired |
| 21:39 |
|
saschaheylik joined #minetest-dev |
| 23:15 |
|
cy1 joined #minetest-dev |
