Minimum good settings for auth (<10 kH/s/GPU): bscrypt: m=256 (256 KiB), t=8, p=1 bcrypt: 9 Argon2: m=11264 (11 MiB), t=3, p=1 scrypt: N=2^15 (32 MiB), r=8, p=3 (think of p as "t") PBKDF2-SHA512: 130,000 PBKDF2-SHA256: 350,000 PBKDF2-SHA1: 860,000 See:

@dashlane "Best" @Bitwarden Most willing to fix things. Although they ghosted after contacting me @1Password Best tech but you need a 1PW contact to admin your accounts otherwise you expose your encryption key Everything else is likely worse. Also see: https://t.co/d8H4bKLWgT

New blog post "Breaking a PRNG: Is it Called Xor Shift or Xor Shit?" ( https://t.co/mvFZQzL96a)

Only Twitter Blue subscribers get access to SMS 0FA. Cool but for the cost of 4 months of worthless features you can buy a U2F key from @Yubico https://t.co/ePi1sti8YC. It's currently out of stock. Also no option without NFC and no instructions on where to drill to disable NFC ☹️

Just a reminder of the difference between saying use bad hashing for passwords vs saying not to use good hashing for passwords... Yeah that guy is back.

If you implement a PAKE and used a better pw KDF, then you're the best. Bonus: add a secret salt and recovery. If you need help, I'm looking for a better job. Note I'm "making" @hsmVault (I bought the domain name). It's not going to happen but technically we are competitors.

@1Password @Bitwarden @dashlane @LastPass Wait @Bitwarden, you liked my tweet? You know this shows you as a "tied" 2nd with [redacted]. Which is not that bad. Also your downgrade attack is 5000*users weaker (ie much, much better thus a clear 2nd).

Update: I made that "pumpkin leatherface" jack-o-lantern I was talking about for Halloween. Also squirrels love it when you peel a pumpkin and leave it out.

I'm not really on Twitter anymore. You can find me on Mastodon at https://t.co/ILPa0e7xAP or reach me at steve at tobtu dot com. I might keep my drunk rants on Twitter till it dies and sober/tech stuff on Mastodon.

3/ Fix for 🔥: Implement basic features in your apps. Desktop apps have signed updates. Fix for ⬇️: Use a PAKE (1Password) or tokens for authentication (Dashlane). Fix for 🔓: Use a secret salt (1Password's "secret key"). Only known by the user's client apps. Fix for ⚡️⚡️/⚡️: Duh

2/ My simple rating system for online password managers (all symbols are bad): @1Password: 🔥⚡️⚡️ @Bitwarden: ⬇️🔓⚡️⚡️ @Dashlane: 🔓⚡️ [Redacted because I do not want to be sued]: ⬇️🔓⚡️⚡️ @LastPass: 🔥⬇️🔓⚡️⚡️ Obvious winner is Dashlane. Congrats on... sucking the least.

1/ My simple rating system for online password managers: 🔥: Web server has RCE on the client ⬇️: Has downgrade attack 🔓: DB leaks are crackable ⚡️⚡️: Default pw KDF settings are too low for auth (>10 kH/s/GPU) ⚡️: Default pw KDF settings are too low for encryption (>1 kH/s/GPU)

First @hashcat benchmarks on the new @nvidia RTX 4090! Coming in at an insane >2x uplift over the 3090 for nearly every algorithm. Easily capable of setting records: 300GH/s NTLM and 200kh/s bcrypt w/ OC! Thanks to blazer for the run. Full benchmarks here: https://t.co/Bftucib7P9

Yes I'm about a month behind. I found out how to have Twitter not refresh old tabs. So naturally I took it to the extreme because *now* I can. Back when it wouldn't refresh old tabs, I wouldn't go past about a week.

"Rockstar Developers" cc @bartavelle @jmgosney

If you have a new-ish Android phone (works for a Pixel 6a), then Settings->Privacy->Ads->Delete advertising ID. It took me like 4 hours to disable all anti-privacy settings but it might get me $1337 out of it 🤞. They rated my vuln as high. I'm like sure "high" but risk is near 0

@hsmVault P.S. I currently use KeePass version 2. Do not use version 1, X, CX, UX, DX, XM, etc or plug-ins. Set the password KDF to Argon2: 3+ iterations, 64+ MiB/parallelism, and parallelism at most the number of cores (max like 4-8). Note the minimum for encryption is 10x "m=11 MiB, t=3"

Similar web server access=pw bugs on 1Pw, Keeper, and FireFox sync. This is why I'm "making" @hsmVault, but I was told that making a shitty UX pw manager to make others up their game was optimistic. I forget what they said but it was that my world view would include that working.

*Won't give details while sober and/or publicly. But I did tell a few friends about it in like 2018 or 2019. But that was "FriendDAed". Also LP had like every crypto101 bug: ECB, bad key stretching, padding oracle that reports the bad decrypted byte as an error code, etc.

LOL LastPass by default reports when you log into something. There was a bug were it reported these events when disabled. They also store URLs in plaintext. I reported a bug in January that given access to their web server might* give access to your passwords.

Fuck, I forgot to add this Rick and Morty clip