96·
1 day agoThere are endless positive but fundamentally dysfunctional ideologies. Anything which doesn’t address how large populations behave is dysfunctional.
Natanael
Cryptography nerd
Fediverse accounts;
Natanael@slrpnk.net (main)
Natanael@infosec.pub
Natanael@lemmy.zip
Lemmy moderation account: @TrustedThirdParty@infosec.pub - !crypto@infosec.pub
@Natanael_L@mastodon.social
Bluesky: natanael.bsky.social
- 0 Posts
- 17 Comments
Joined 2 months ago
Cake day: January 18th, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
1·7 days agoPasskeys can be synchronized, but aren’t intended to be exported raw as they’re meant to be used with a TPM / secure element chip or equivalent secure hardware to protect the key in use. Bitwarden can synchronize them.
Also, they intentionally create distinct keys per site, so you can’t link multiple accounts using the same passkey / hardware security key.
That’s literally no different from a regular password manager or having a 2FA TOTP code app set up for it
It literally just takes a slightly different domain name. Lots of infosec pros have been phished when not paying attention
Passkeys use unique keys per site for that reason
TOTP codes can be phished, hardware security keys and passkey can’t
Google Chrome on PC can let you verify from the phone to unlock passkeys
TOTP can be phished remotely, passkeys / hardware security keys can’t (need to get malware into the users’ computer instead)
The synchronization part is the annoying part. And when you have multiple accounts on one site you can end up with multiple passkeys for it.
They’re using the same standard as FIDO2 / WebAuthn hardware security keys. The protocol is phishing resistant, unlike TOTP and similar one time code solutions.
I prefer the physical ones, because they’re easy to organize. Passkey synchronization can be annoying.
Yes, but not as widespread.
Multiple toolmaking skills has been lost and had to be rediscovered. Metalworking, mechanical computers (clockworks), etc.
Secrecy in trades and lack of documentation used to be the main cause. Now the cause is lack of interest…
Interviewers look for excess confidence, not skill
Now you have to reread this too
The heckler’s veto is not freedom.
There are a lot of groups which coordinate spreading of lies to shout down others and deter others from contributing, firehose of falsehood style, and allowing that does not contribute to free speech. It does not support sharing facts, it doesn’t support healthy conversation, it doesn’t help anybody learn or discover the truth. Allowing conspiracy theories and nonsense like that is a net negative.
You need moderators who are focused on making sure people feel free to join in good faith.
Kinda - the dev team was external and had already started the project when Twitter offered funding for an open protocol based version of Twitter, and selected the current team to do it (so Jack could avoid moderation duties, lol)
Yup and iPhones use a patented codec (HEVC) by default. No care for compatibility.
Lol no