Tcsc: That was a dash, not.

Lutrick: Kalinoski ahh thats sounds pretty darn cute lol

Fiscus: Ill actually look it up then see what it is

Nishio: RonRichie: parsing/lexing is more than just recursion. you also have to do fun crazy things like: { ‘”hello i’m”‘: ‘Nishio }

Pingel: Nishio yeah. sounds daamnnnn intense! lol I only have 4 months of programming experience in generaland its been JS since day one and this recursive implementation is part of my pre-course in order to successfully get into to school. ive already re-implemented underbar, twitter and stuff and now we are at recursions :-/

Bottino: Hi, anyone familiar with making spherical panorama on site?

Librizzi: Or dealing with 360 or spherical panoramas in general?

Montejo: Do all p***words stored in a database typically have the same salt?

Infinger: Bayman: What is something I can do to make storing p***words more secure? I am playing with bcrypt

Nishio: Bradfordli123: bcrypt is enough, make it autogen the salt

Diffee: Nishio: I autogen the salt using var salt = bcrypt.genSaltSync10; I am not sure to do because I am new to this. Does every p***word in my DB share this autogenerated salt? If I change the salt for each p***word, how will I know which salt to use besides storing the salt in the DB as well? I dont think I should store the salt in the DB

Nishio: Bradfordli123: that’s not auto. that’s manually. look at the docs, it shows how to autogen

Silverberg: Bradfordli123: also, storing the salt in the database is fine

Berthold: Bradfordli123: You definitely store the salt in the db. The use of the salt is just to force a possible attacker to have to make one guess per user in the db

Schexnayder: Bradfordli123: otherwise how would you verify a user’s p***word against the hashed p***word?

Kolkemeyer: Max-P: so the attacked would have to guess which is the salt and which is the p***word?

Nishio: No. that’s going to be pretty obvious

Nishio: It means if two users have the p***word “p***word1”, they won’t hash to the same thing, because of different salts. so it’s harder to break large numbers of p***words

Streiff: Bradfordli123: Adding to what Nishio said, it also means the time it takes to identify all users with “p***word1” is proportional to the number of users in the database. You have to try each p***word seperately for each member you have in your database, making it extremely expensive to guess on large databases

Kier: It’s useless if the attacker wants to attack a single user, but it makes it a lot harder to make a table and map each email with the p***word that was used. Such table are often mades from big leaks with weak p***word hashes to then try to see where that user might have reused a p***word

Lenoir: Nishio: you mentioned autogenerating salt and hash from p***word. I found this: var hash = bcrypt.hashSync’bacon’, 8; How would I know the salt for the hash?

Nishio: That’s the fun bit of bcrypt

Delena: Does anyone have any resources on working with dates and times in mongodb? for a prototype billing system i want to display past due bills

Thetford: Epichero: It’s just regular dates. There’s nothing to look at unless you care about how it is stored behind the scenes. Otherwise all the regular date/time rules applies

Dewyse: Nishio: still a bit confused. How can I decrypt the hash to get my p***word back?

Delfavero: Bradfordli123: hashes are not encryption. They’re an one-way thing, you can’t get the p***word back. That’s precisely why they’re used for p***words, in the first place.

Leyh: Yeah i’ll just tinker with the date/time picker to coerce it.

Schiavi: Nishio: i think i got it nvm

Gillmore: Bradfordli123: what you want to do is hash the other string and compare the two. With bcrypt you’ll have a brcypt.comparetheString, theHash, and then the library will do it for you

Walther: Hylle: thanks for the tip!

Ehr: Thank you everyone for the help!

Mate: Tcsc: SyntaxError: illegal character

Tarpley: Tcsc: That was a dash, not a minus sign