• 2 Posts
  • 244 Comments
Joined 1 year ago
cake
Cake day: June 23rd, 2024

help-circle

  • First and foremost, I do think Windows is the better choice for most people to play games on, mostly due to vendor support.

    However, I’d say that a lot of people have some sort of issue with Windows, albeit probably less than they would have with some Linux distributions. I just wanted to express that “without headaches” is a goal that is maybe higher than necessary.





  • And they said AI wouldn’t boost business. Who’s laughing now, haters?

    The whole thing is just embarrassing. Anyone with a bit of understanding knew that the technology comes with huge risks (after all, there is no understanding, just the imitation of it). Billions have been poured into a glorified autocomplete in one of the biggest corporate FOMOs I can remember. Nvidia is (as much as I hate them, rightfully) laughing all the way to the bank. Crypto and now this allow them to practically buy Intel - back when AMD bought Ati, people speculated it’d be Intel buying Nvidia! Granted, Intel did their part too, but Nvidia selling cards that will be completely outdated in two years in unthinkable amounts is wild. And the best part is, except for them, everyone else lost money, like not even OpenAI themselves are making any, and this is with Microsoft subsidizing them. Absolutely insane!








  • Laser@feddit.orgtoSelfhosted@lemmy.worldHow to selfhost with a VPN
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    29 days ago

    Client data absolutely is encrypted in TLS. You might be thinking of a few fields sent in the clear, like SNI, but generally, it’s all encrypted.

    I never said it isn’t, but it’s done using symmetric crypto, not public key (asymmetric) crypto.

    Asymmetric crypto is used to encrypt a symmetric key, which is used for encrypting everything else (for the performance reasons you mentioned).

    Not anymore, this was only true for RSA key exchange, which was deprecated in TLS 1.2 (“Clients MUST NOT offer and servers MUST NOT select RSA cipher suites”). All current suites use ephemeral Diffie-Hellman over elliptic curves for key agreement (also called key exchange, but I find the term somewhat misleading).

    As long as that key was transferred securely and uses a good mode like CBC, an attacker ain’t messing with what’s in there.

    First, CBC isn’t a good mode for multiple reasons, one being performance on the encrypting side, but the other one being the exact reason you’re taking about: it is in fact malleable and as such insecure without authentication (though you can use a CMAC, as long as you use a different key). See https://pdf-insecurity.org/encryption/cbc-malleability.html for one example where this exact property is exploited (“Any document format using CBC for encryption is potentially vulnerable to CBC gadgets if a known plaintext is a given, and no integrity protection is applied to the ciphertext.”)

    As I wrote in my comment, I was a bit pedantic, because what was stated was that encryption protects the authenticity, and I explained that, while TLS protects all aspects of data security, it’s encryption doesn’t cover the authenticity.

    Anyhow, the point is rather moot because I’m pretty sure they won’t get a certificate for the IP anyways.


  • Laser@feddit.orgtoSelfhosted@lemmy.worldHow to selfhost with a VPN
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    4
    ·
    29 days ago

    Public key crypto, properly implemented, does prevent MITM attacks.

    It does, but modern public key crypto doesn’t encrypt any client data (RSA key exchange was the only one to my knowledge). It also only verifies the certificates, and the topic was about payload data (i.e. the site you want to view), which asymmetric crypto doesn’t deal with for performance reasons.

    My post was not about “does TLS prevent undetected data manipulation” (it does), but rather if it’s the encryption that is responsible for it (it’s not unless you put AES-GCM into that umbrella term).



  • Laser@feddit.orgtoSelfhosted@lemmy.worldHow to selfhost with a VPN
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    2
    ·
    edit-2
    29 days ago

    Let’s Encrypt are rolling out IP-based certs, you may wanna follow its development. I’m not sure if it could be used for your forwarded VPN port, but it’d be nice anyhow

    It shouldn’t be because you’re not actually the owner of the IP address. If any user could get a cert, they could impersonate any other.

    I believe encryption helps prevent tampering the data between the server and user too. It should prevent for example, someone MITM the connection and injecting malicious content that tells the user to download malware

    No, encryption only protects the confidentiality of data. You need message authentication codes or authenticated encryption to make sure the message hasn’t been transported tampered with. Especially stream ciphers like ChaCha (but also AES in counter mode) are susceptible to malleability attacks, which are super simple yet very dangerous.

    Edit: this post is a bit pedantic because any scheme that is relevant for LE certificates covers authenticity protection. But it’s not the encryption part of those schemes that is responsible.



  • Laser@feddit.orgtoTechnology@lemmy.worldOur Channel Could Be Deleted - Gamers Nexus
    link
    fedilink
    English
    arrow-up
    29
    arrow-down
    3
    ·
    edit-2
    1 month ago

    I don’t think they’re sensationalist, they just don’t sugarcoat the industry bullshit. And believe it or not, they need to make money from this, it doesn’t pay itself. It’s like saying newspapers should be free, or else informing the people isn’t their primary concern.

    “A farmer wants the money. Giving the good away for free would be great if they just wanted to feed people, but that’s not their primary concern.” Can even play that game for nurses etc