It’s OK for manufacturers to say using aftermarket parts voids the warranty, it’s not OK for them to prevent using them entirely. Likewise if there’s a safety concern that should be handled by regulation and things like safety inspections, not by forcing all repairs to go through the manufacturer. If whatever it is is that critical to the safe operation it should be publicly documented so that third parties can manufacture it correctly to the needed tolerances.
It’s because layering doesn’t really gain you anything so it only has downsides. It’s important to differentiate encryption and hashing from here on since the dangers are different.
With hashing, layering different hashing algorithms can lead to increased collision chance and if done wrong a reduced entropy (for instance hashing a 256 bit hash with a 16 bit hashing algorithm). Done correctly it’s probably fine and in fact rehashing a hash with the same algorithm is standard practice, but care should be taken.
With encryption things get much worse. When layering encryption algorithms a flaw in one can severely compromise them all. Presumably you’re using the same secret across them all. If the attacker has a known piece of input or can potentially control the input a variety of potential attack vectors open up. If there’s a flaw in one of the algorithms used that can make the process of extracting the encryption key much easier. Often times the key is more valuable than any single piece of input because keys are often shared across many encrypted files or data streams.
Banks usually have the absolute worst password policies. It’s typically because their backend is some crusty mainframe from the 80s that limits inputs to something absurdly insecure by today’s standards and they’ve kicked the upgrade can down the road for so long now that it’s a staggeringly monumental task to rewrite it all. Thankfully most of them have upgraded at this point, but every now and then you still find one that’s got ridiculous limits like a maximum password length of 8 and only alphanumeric characters (with no 2FA obviously).
Trimming whitespace from the start and end of a password is fine but you absolutely should not remove whitespace from the middle of a password.
The rest of that sentence is important. Hashing passwords is the minimum practice, not best practice. You should always be at least hashing passwords. Best practice would be salting and peppering them as well as picking a strong hashing function with as high a number of iterations as you can support. You would then pair that with 2FA (not SMS based), and a minimum password length of 16 with no maximum length.
A KDF is not reversible so it’s not encryption (a bad one can be brute forced or have a collision, but that’s different from decrypting it even if the outcome is effectively the same). As long as you’re salting (and ideally peppering) your passwords and the iteration count is sufficiently high, any sufficiently long password will be effectively unrecoverable via any known means (barring a flaw being found in the KDF).
The defining characteristic that separates hashing from encryption is that for hashing there is no inverse function that can take the output and one or more extra parameters (secrets, salts, etc.) and produce the original input, unlike with encryption.
That’s a pepper not a salt. A constant value added to the password that’s the same for every user is a pepper and prevents rainbow table attacks. A per-user value added is a salt and prevents a number of things, but the big one is being able to overwrite a users password entry with another known users password (perhaps with a SQL injection).
Hashing passwords isn’t even best practice at this point, it’s the minimally acceptable standard.
Which shouldn’t even matter because passwords are salted and hashed before storing them, so you’re not actually saving anything. At least they better be. If you’re not hashing passwords you’ve got a much bigger problem than low complexity passwords.
Ultimately that’s the problem, the evidence isn’t very compelling either way. Could it have happened exactly the way Trump claimed? Yes, it’s certainly possible, and Trump also isn’t likely to sign off on someone actually taking a shot at him. On the other hand that gaping hole on the secret service security perimeter is very suspicious, and Trump is exactly the kind of person to fake an assassination plot to drum up support. Lastly the bleeding ear (which Trump hammed up considerably in the following days) could be explained either by a very small graze or a blood pack.
It’s just a very weird situation with lots of upsides for Trump but one possibly very bad downside if things go wrong. Trump is a natural born grifter so it’s very easy and tempting to assume anything shady and beneficial to him that he could have had a hand in, he did.
Religious exemption from taxes needs to go away period. If a church wants tax exempt status they should file as a 501c3 or whatever and just follow the same rules as everyone else.
Which makes sense as they’re the cornerstones of Fox News and Trump is just a walking talking distillation of all the worst parts of Fox News. At least he was at the start. Now Fox News isn’t cutting it so he needed something harder and started doing OAN, and most recently has been dabbling in uncut Facebook and Twitter.
Better headline would be “Debunking false Harris cheating conspiracies”, but if they did that no one would bother reading it. The conspiracy believers will ignore everything that goes against their conspiracy (including ironically this article even if they read it), and everyone else will ignore it because of course she didn’t “cheat”. It’s pure clickbait.
… you know that didn’t even occur to me, but it’s just dumb enough it might be true. Then again, that’s probably giving Trump more credit than he deserves, he just regurgitates whatever stupid bullshit is making the rounds on the alt-right portions of Facebook/Twitter that week.
I did read all of it.
tends to fight for himself, not for the American people.
This was a great statement. More of this.
I expect that he’s gonna, you know, I think he’s gonna lie.
This is far too weak, and doesn’t come across as sarcasm when printed. Maybe in person hearing her tone it would, but printed it’s too ambiguous. I’m just absolutely fed up with people soft peddling around Trump. He’s a habitual liar with at best a poor grasp of reality, who has run cons and scams for nearly as long as he’s been alive. It was one thing when he was just a scummy business man, but with his turn to politics and dictatorship we can’t afford half steps anymore.
The problem is a “sarcastic jab” is only one way of interpreting that statement. It also comes across as a mild but politically deniable statement of the sort that politicians have been criticized for making for nearly as long as politicians have existed. This is just the latest in a very long line of responses to Trump that stop short of actually saying what needs to be said. It’s the equivalent of news companies peppering “alleged” and “accused” throughout their reports. Most of the time that’s a good thing, but Trump has long since burned through whatever good will he was due. Stop treating him like a reasonable functional adult. If you give him and his followers (as well as the boot lickers over on fox) any wiggle room at all they’ll take advantage of it.
No I’m criticizing a weak wishy-washy statement of the kind that has been made repeatedly for decades now and allowed Trump to happen in the first place. We need to stop treating Trump like an adult and start treating him like the petulant child he is. He deserves absolutely no respect. People need to stop being afraid to speak the truth about him.
There are only two kinds of people in Trump’s orbit, morons, and grifters trying to exploit the morons, with Trump occupying the point in the Venn diagram exactly in between the two.
I disagree, this smacks of the same limp wristed response that Democrats have been using for decades now. That’s how we ended up in this situation in the first place. It’s beyond time everyone stop pretending the emperor has clothes and actually acknowledge it. Trump lies. He always lies. I don’t think he’s ever given a single speech where he hasn’t lied at least once. There’s a reason his lawyers will move heaven and earth to prevent him from testifying in front of a jury in all his legal cases, and it’s because doing so would be an absolutely guaranteed way to catch a perjury charge.
So yes, she should have just said “Trump will be repeating lies during the debate, so we’re preparing to counter them. At this point everyone knows all his favorite lies, so we’ve got a pretty good idea of what we need to be prepared for.”
That would have been an actually good statement that clearly sets expectations and shows an understanding of the situation. Soft peddling anything with Trump and the MAGA crowd just wastes time and makes you look indecisive.
I think he’s going to lie
You think he’s going to lie? Anyone who doesn’t know with 100% certainty at this point that he’s going to lie has either been living under a rock for the better part of a decade now, or they’re effectively braindead. Trump lying every time he opens his mouth is approaching death and taxes levels of certainty.
Behold all the fucks I do not give. If it’s that critical they lose all claim to being proprietary. It’s just like patent, there’s no such thing as a secret patent, so anything that safety critical doesn’t get to stay secret either.
It doesn’t now but it’s utterly trivial to fix that. Just make the regulations say that components must meet the manufacturer specifications and require manufacturers to publish and maintain all the specifications of all safety critical components. If they want to keep it secret then that means it’s not safety critical and they’re responsible for any accidents resulting from its failure.