| kiefac | Posted: 25 Mar 2021, 11:34 PM |
|---|---|
 Member Posts: 2 Joined: 25-March 21 |
Was browsing the Games Console pages on Chrome on my (non-rooted) Pixel 5 and the browser was freezing on any page with a JS demo. Looks like it may have something to do with the demos running? On the Mario page, I was able to scroll for about a second, which game me a chance to see the full demo screen. Mario hit the ground and the browser instantly froze. Not just the page scrolling, but the entire browser locked up; I wasn't even able to switch tabs. Closing out of the app and re-opening it thankfully took me to the last page I was looking at, so I wasn't permanently stuck on the page, but I wasn't able to actually read those project pages. Also, this is unrelated, but I noticed on the "About this forum" thread that you said you were using salted MD5 hashes for passwords - I hope that this is not still the case, as MD5 suffers from major collision-attack-syndrome. Hopefully everyone on here is using a password manager with randomly generated passwords, but that's a bit optimistic... Love all your project pages though. Very well written and even when I don't quite understand anything (I'm not much of a hardware/assembly guy myself), I can still get the idea of what's going on. Thanks for the insight into how you make things! Edit: Also forgot to mention that I'm not 100% sure this is the right place to post this? Putting it in the "Projects" forum seemed a bit wrong as this isn't actually about the project, just the project page. Sorry if I misplaced it... Last edit by kiefac at 25 Mar 2021, 11:38 PM ------------- |
| [top] | |
| mit | Posted: 26 Mar 2021, 10:32 AM |
 yeah whatever Admin Posts: 538 Joined: 4-May 16 |
QUOTE (kiefac)
Was browsing the Games Console pages on Chrome on my (non-rooted) Pixel 5 and the browser was freezing on any page with a JS demo. Looks like it may have something to do with the demos running? On the Mario page, I was able to scroll for about a second, which game me a chance to see the full demo screen. Mario hit the ground and the browser instantly froze. Not just the page scrolling, but the entire browser locked up; I wasn't even able to switch tabs. Closing out of the app and re-opening it thankfully took me to the last page I was looking at, so I wasn't permanently stuck on the page, but I wasn't able to actually read those project pages. If the browser is freezing up entirely then I think this might be outside my jurisdiction. I just tried it on my (samsung) phone, the page loads fine. My version of Chrome was a bit out of date, updated to the latest version and it's still functions. Of course, on the Mario page all you can do is press reset (or potentially connect a keyboard to the phone?) But yeah if you can predictably crash the browser, that's probably worth filing a bug or a support ticket. QUOTE (kiefac)
It's true! In fact the salt part is not even done right. And of course the forum was written in PHP. I admit this only to encourage people not to use an important password - even if the security was good I wouldn't recommend it. you said you were using salted MD5 hashes for passwords PHP does have password_hash and password_verify functions which, in addition to using stronger hash algorithms, being future proof and storing the salt in the same string, do a timing-safe verification. But even that's not good enough to trust, because I'm just a stranger on the internet, and I could be lying to you and stealing your password the moment you sign up. Use a password manager, or scramble your password and log-in via email reset each time. Or make your password "potato" since there is really nothing at stake here. The whole forum is an early-2000s nostalgia fest, so MD5 seemed like the right choice. ------------- |
| [top] | |
| kiefac | Posted: 27 Mar 2021, 05:35 PM |
|
Member Posts: 2 Joined: 25-March 21 |
QUOTE (mit)
Ah, alright. I'll go ahead and send a feedback email their way.If the browser is freezing up entirely then I think this might be outside my jurisdiction. I just tried it on my (samsung) phone, the page loads fine. My version of Chrome was a bit out of date, updated to the latest version and it's still functions. Of course, on the Mario page all you can do is press reset (or potentially connect a keyboard to the phone?) QUOTE (mit)
I appreciate the proper recreation. I suppose if passwords do leak, any people not using managers/fake passwords/etc. were probably at risk anyways... And like you said, there's not really anything life-critical stored here. I guess the bit in my brain that stores my (admittedly loose) knowledge of web security just pinged when I read "passwords hashed with MD5", hahaThe whole forum is an early-2000s nostalgia fest, so MD5 seemed like the right choice. ------------- |
| [top] | |
| tsprlng | Posted: 27 Mar 2021, 07:40 PM |
 hapless technoweenie Member Posts: 4 Joined: 9-June 17 |
QUOTE (mit)
But even that's not good enough to trust, because I'm just a stranger on the internet, and I could be lying to you and stealing your password the moment you sign up. Finally, some logical security advice on the web! ------------- |
| [top] | |
| mit | Posted: 27 Mar 2021, 08:10 PM |
|
yeah whatever Admin Posts: 538 Joined: 4-May 16 |
I'll never forget the story that facebook - you know, that website with over a billion users - stored passwords in plain text. Not only that, but they log what you typed if the log-in failed, on the assumption that if you're getting the password wrong it's because you typed the one you use for something else. It's only when you set out to write a website of your own that you realize what nefarious activities are possible. There are no laws or regulations about these nitty-gritty details, even the strictest GDPR iteration barely scratches the surface (and the wrong surface, at that) so before you know it the paranoia sets in and you refuse to sign up to anything ever again. Seriously. Don't trust anyone! ------------- |
| [top] | |
Sign in to post a reply.