Hacker News: ninov

New comment by ninov in "Virginia has decertified its most hackable voting machines"

ninov — Sat, 09 Sep 2017 23:19:04 +0000

Another important property of voting systems is that you can't prove who you voted for, so that you can't be forced or paid to vote for someone. A blockchain based solution, even like ZCash does not fulfil this.

New comment by ninov in "Let’s kill no-reply"

ninov — Fri, 25 Aug 2017 19:25:13 +0000

Companies often use noreply@… as sender and add a real address as Reply-To so their staff does not have to deal with bounce messages.

New comment by ninov in "Txt.fyi"

ninov — Fri, 24 Feb 2017 21:51:15 +0000

So, like 4chan but without images?

New comment by ninov in "Peter Todd (Bitcoin core dev) set up a SHA-1 “Pinata” and it's been claimed"

ninov — Thu, 23 Feb 2017 21:18:01 +0000

Can everyone place a custom challenge in the Bitcoin blockchain?

New comment by ninov in "German parents told to destroy Cayla dolls over hacking fears"

ninov — Fri, 17 Feb 2017 12:47:41 +0000

Yeah it's getting investigated, but it's not looking like there will be any consequences.

New comment by ninov in "Reversing Go Binaries Like a Pro"

ninov — Fri, 16 Dec 2016 23:32:33 +0000

Is this really how the names are represented internally? if so, how can it tell apart e.g. "github.com/group_name/package" and "github.com/group/name_package"?

New comment by ninov in "Show HN: Forgiva – Never saves your passwords but regenerates them"

ninov — Sun, 02 Oct 2016 12:03:17 +0000

I wrote something similar some time ago: https://addons.mozilla.org/de/firefox/addon/masterkey/ https://github.com/ninov/masterkey-firefox

Or as android app: https://play.google.com/store/apps/details?id=de.ninov.maste...

It works by using SHA256-HMAC on the service name with your master key as key and then encoding it in Base85 or Base62 (if you don't want special characters)

New comment by ninov in "Free “Deep Learning” Textbook by Goodfellow and Bengio Now Finished"

ninov — Thu, 07 Apr 2016 16:32:30 +0000

Only returns a blank pdf page for me...

New comment by ninov in "The birth of the web"

ninov — Sun, 20 Dec 2015 11:49:38 +0000

That's actually the complete form of a FQDN (full qualified domain name): https://en.wikipedia.org/wiki/Fully_qualified_domain_name#Sy...

New comment by ninov in "I included emoji in my password and now I can't log in to my Account on Yosemite"

ninov — Wed, 16 Dec 2015 13:46:07 +0000

My bank (German "Sparkasse") only allows passwords with exactly 5 letters or numbers for their online banking. I asked why they're doing this, but didn't get a good response.

New comment by ninov in "First draft of the “tree of life” for the 2.3M named organisms released [pdf]"

ninov — Sun, 20 Sep 2015 17:04:07 +0000

Direct link to Homo sapiens: http://tree.opentreeoflife.org/opentree/opentree3.0@776755/H... (loads even slower than the home page)

Ask HN: Is derivating passwords from a master key and service name a good idea?

ninov — Wed, 14 Jan 2015 21:01:21 +0000

Hi, I had an idea about generating passwords for different services (e.g. Hacker News, Facebook, Twitter, ...) by using a cryptographic hash of a master key chosen by each person and the services name, like this (python):

  import hashlib
  import base64
  
  def password(masterkey, service):
      h = hashlib.sha256() # probably could use hashlib.hmac?
      h.update(bytearray(masterkey, "utf-8"))
      h.update(bytearray(service, "utf-8"))
      return base64.b85encode(h.digest()).decode("utf-8") # With Base85 and SHA256 we'll get passwords of 40 characters including numbers, letters and some special chars
  
  key = "&T{TEeN_\q9+-L9_"
  
  print(password(key, "hackernews"))  # "kLh4WhHTC^M*$uko=plAViC{J;%WJ)9`jlo&-`cS" will be used as my HN password
  print(password(key, "facebook"))    # "0B+37p0n@JKP)b>nz}yfJ%#Qy*^d+gsQRwF08S}Q" will be used as my facebook password
  print(password(key, "twitter"))     # "SeR$P!-Z_z%%J5NI0qtO@5Y#$`K-d*7glNC%w=EQ" will be used as my twitter password

One would only have to remember his master key and then could derivate all of his passwords from this and use a similar app on his smartphone or other devices. So it has the simplicity of using one password for all services, but it's way more secure, because when someone knows my password for that service he doesn't know it for any other services. It's probably not as secure as using a password manager with independently random generated passwords, but you have to maintain its database, sync it with other devices and so on...

As I didn't find any program which does this and as this isn't really complicated, there must be a serious downside I didn't notice. (Or not, and I just didn't google well enough or I'm really the first one to think about this)

So, to all cryptography nerds on HN: Is there something stupid about this I'm not seeing?

Comments URL: https://news.ycombinator.com/item?id=8889012

Points: 1

# Comments: 1

New comment by ninov in "Show HN: Interactive DOS prompt in an HTML5 canvas"

ninov — Fri, 07 Nov 2014 13:24:09 +0000

I don't really get why you need to render this on a canvas. It's text only, you should be able to render this in pure HTML with some CSS.

New comment by ninov in "Taco Bell drops website, goes app-only"

ninov — Tue, 28 Oct 2014 18:42:30 +0000

Am I the only one who's seeing that bad JPEG compression on these app download buttons?