Lutrick: Kalinoski ahh thats sounds pretty darn cute lol
Fiscus: Ill actually look it up then see what it is
Nishio: RonRichie: parsing/lexing is more than just recursion. you also have to do fun crazy things like: { ‘”hello i’m”‘: ‘Nishio }
Pingel: Nishio yeah. sounds daamnnnn intense! lol I only have 4 months of programming experience in generaland its been JS since day one and this recursive implementation is part of my pre-course in order to successfully get into to school. ive already re-implemented underbar, twitter and stuff and now we are at recursions :-/
Bottino: Hi, anyone familiar with making spherical panorama on site?
Librizzi: Or dealing with 360 or spherical panoramas in general?
Montejo: Do all p***words stored in a database typically have the same salt?
Infinger: Bayman: What is something I can do to make storing p***words more secure? I am playing with bcrypthttps://github.com/ncb000gt/node.bcrypt.js/
Nishio: Bradfordli123: bcrypt is enough, make it autogen the salt
Diffee: Nishio: I autogen the salt using var salt = bcrypt.genSaltSync10; I am not sure to do because I am new to this. Does every p***word in my DB share this autogenerated salt? If I change the salt for each p***word, how will I know which salt to use besides storing the salt in the DB as well? I dont think I should store the salt in the DB
Nishio: Bradfordli123: that’s not auto. that’s manually. look at the docs, it shows how to autogen
Silverberg: Bradfordli123: also, storing the salt in the database is fine
Berthold: Bradfordli123: You definitely store the salt in the db. The use of the salt is just to force a possible attacker to have to make one guess per user in the db
Schexnayder: Bradfordli123: otherwise how would you verify a user’s p***word against the hashed p***word?
Kolkemeyer: Max-P: so the attacked would have to guess which is the salt and which is the p***word?
Nishio: No. that’s going to be pretty obvious
Nishio: It means if two users have the p***word “p***word1”, they won’t hash to the same thing, because of different salts. so it’s harder to break large numbers of p***words
Streiff: Bradfordli123: Adding to what Nishio said, it also means the time it takes to identify all users with “p***word1” is proportional to the number of users in the database. You have to try each p***word seperately for each member you have in your database, making it extremely expensive to guess on large databases
Kier: It’s useless if the attacker wants to attack a single user, but it makes it a lot harder to make a table and map each email with the p***word that was used. Such table are often mades from big leaks with weak p***word hashes to then try to see where that user might have reused a p***word
Lenoir: Nishio: you mentioned autogenerating salt and hash from p***word. I found this: var hash = bcrypt.hashSync’bacon’, 8; How would I know the salt for the hash?
Nishio: That’s the fun bit of bcrypt
Delena: Does anyone have any resources on working with dates and times in mongodb? for a prototype billing system i want to display past due bills
Thetford: Epichero: It’s just regular dates. There’s nothing to look at unless you care about how it is stored behind the scenes. Otherwise all the regular date/time rules applies
Dewyse: Nishio: still a bit confused. How can I decrypt the hash to get my p***word back?
Delfavero: Bradfordli123: hashes are not encryption. They’re an one-way thing, you can’t get the p***word back. That’s precisely why they’re used for p***words, in the first place.
Leyh: Yeah i’ll just tinker with the date/time picker to coerce it.
Schiavi: Nishio: i think i got it nvm
Gillmore: Bradfordli123: what you want to do is hash the other string and compare the two. With bcrypt you’ll have a brcypt.comparetheString, theHash, and then the library will do it for you
Walther: Hylle: thanks for the tip!
Ehr: Thank you everyone for the help!
Mate: Tcsc: SyntaxError: illegal character
Tarpley: Tcsc: That was a dash, not a minus sign