Our great sponsors
-
security-research-pocs
Discontinued Proof-of-concept codes created as part of security research done by Google Security Team.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
scrypt
The scrypt key derivation function was originally developed for use in the Tarsnap online backup system and is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
I'm probably doing it wrong, but I'm getting SIGILL on Haswell for ret_bti and break_kaslr from the demo: https://github.com/comsec-group/retbleed
Though it seems like the code is not portable (?) between CPU microarchitectures.
Those attacks relied on performance.now() https://github.com/google/security-research-pocs/blob/d10780...
Chrome has limited "performance.now" to have a relatively low resolution: https://chromium-review.googlesource.com/c/chromium/src/+/85...
Also, "2018 install of win10", you might have already been patched during install.
Microsoft rolled out specture/meltdown mitigations at the OS level in January 2018.
> Is there anything stronger than blowfish?
I think you mean bcrypt..
Both Argon2 and scrypt win over that:
https://github.com/P-H-C/phc-winner-argon2
Related posts
- Apr 24th is JavaScript Naked Day – Browse the web without JavaScript
- uBlock Origin – 1.55.0
- Ask HN: Is Firefox team too small to do serious security tests?
- No longer possible to operate Ublock origin in "blacklist" mode (where all ads are allowed except sites I blacklist)
- New "Media" tab layout change on X / Twitter seems to be getting blocked