I’ve been reading about password managers recently out of personal interest, however since I don’t have any experience in the area of information security, I found myself confused about two aspects after watching the following Computerphile video.
Let’s say I download and set up one of the commercially available password managers on my device A. I understand that what the server (i.e. the ‘vault’) stores is only encrypted information that is useless if intercepted. To decypher this information, one needs some kind of a ‘vault key’ generated from my master password by hashing it. I can verify my identity with the server by using the authentification key, then download my vault and decypher it to recover the actual passwords on device A.
Now, if I try to do the same on device B, in order to authenticate myself again, presumably I need to replicate the same hashing procedure to tell the server it’s me again who’s trying to access the data. If that’s true, then the information about how to hash my master password correctly has to be somehow transferred from A to B? Does that not leave the possibility that someone can intercept that information when it’s being synchronised across devices and therefore pose a security threat? Or does it simply not matter as long as the attacker doesn’t know my master password, since then they won’t be able to reproduce my vault key or authentification key anyway, even knowing the right hashing procedure?
Can the authentification key be intercepted when it’s trying to access the encrypted data on the server? Then, the attacker would be able to access and download all this data. Again, is that not a concern because, as the video mentions, there is no way to replicate the vault key from the authentification key, so the data cannot be decrypted? Why is that impossible?
Please point out any mistakes in my reasoning. I would be grateful if you could recommend some resources about how password managers deal with security issues like that in greater detail – the information readily available on their websites is quite basic and I don’t really know where to look for something in-depth.
I am a bit confused with the D&D 5e Starter Set. I’m fairly new to the game.
In the character sheets, I am confused of what dice I use for damage rolls and what the modifiers are?
Is it the one listed under attacks and spellcasting?
One of the properties of Red Black trees is: “every path from a given node/vertex to any of the leaves goes through the same number of black nodes”
Two related questions about this property:
1) is the vertex we start at counted in this black vertex count?
2) is the leaf we end at counted in the black vertex count?
I have a secret theory about both of these questions, but am hoping for confirmation and so shalt not yet reveal it.
Can anyone explain to me why the average runtime complexity of the program here – https://www.geeksforgeeks.org/tree-sort/ – is nlogn and not n^2logn? Similarly, why is the worst case time complexity n^2 and n^3?
The explanations for both the average and worst case runtime seem to only consider inserting the elements from the array into the tree. The runtime of doing an inorder tree traversal is O(n), so shouldn’t the runtimes in the link be multiplied by n?
Is it because the elements are simply being printed out and not added to a new array?
I’m a bit unsure about refocus. If I have a pool of 3 focus points and spend 2, accordingto the refocus rules I can regenerate 1, but need to use up at least 1 again before I can refocus again?
Am I overlooking something or can I only come to a full focus point pool again by resting?
Am I really understanding things correctly if I claim that:
- If an USB stick/device is inserted into a PC running Windows, currently in “lock screen” mode (that is, somebody has pressed WinKey + L), it will auto-mount it behind the scenes?
- If an USB stick/device is inserted into a PC running Windows, currently NOT in “lock screen” mode, it will auto-mount it by default?
- In both cases above, will it ever run any kind of executable found on it by default? (Like which I believe used to be the case for setup.exe on CD-ROMs back in the day.)
- Regardless of all of the above, will Windows ever auto-install DRIVERS found on the device itself when inserted into the PC (with or without lock screen)? Or is just the “device id” grabbed from the stick/device and then the appropriate drivers are downloaded from Microsoft’s secure, curated servers based on the device id?
- Why exactly are “drivers” needed whatsoever? Isn’t it using the USB standard? And also the “mass storage” standard? I don’t understand why it would ever need special “drivers” for a standard device…?
- Is the idea that sticking a USB stick/device into a PC is insecure in itself complete nonsense? Is not the truth that the user would have to actively select “Yes, please install the drivers from this random unknown device” or “Yes, please run this untrusted EXE found on this stick you just inserted and which I auto-mounted for you but would never run anything on without your active consent”? I get the same feeling as when people claim to get “hacked” constantly, but then it turns out they ran some binary e-mail attachment or clicked a big red box saying: “WARNING! Do you really want to run this EXE from sketchy-hack-toolz-4-u.ru?”… but nothing would surprise me at this point, frankly.
I wonder this both for the current Windows 10 and also for all previous versions of Windows.
I’ve been reading information about the surprise mechanic and still confused on which to use. There are 3 methods of Surprise that I see all over the internet.
First: Group Surprise Check
To make a Group Surprise Check, half or majority of the PCs must beat the highest passive perception of the monsters to succeed the surprise.
Second: Fail one Stealth, not all is surprised.
If one of the PCs rolls (Stealth) lower than one of the passive perception of the monsters, the Surprise is botched for everyone.
Third: Some are surprised, some are not.
PC 1 rolls 14 PC 2 rolls 14 PC 3 rolls 12 PC 4 rolls 11
Monster 1 with PP of 15 Monster 2 with PP of 15 Monster 3 with PP of 13 Monster 4 with PP of 10
PC 1 and 2 surprises Monster 3 and 4, but not Monster 1 and 2
I know the Group Check can be an optional check for this. But what about the Second and Third checks? Which are true? Which should be used?
Hello for the contingency table: [true positive, false negative, false positive, true negative]. I am having a hard time remembering the difference between these terms because all the terms are composed of words which have a high similarity with each other but they are used in such opposing contexts. The only ones that make sense is true positive and false negative but the other ones I always get mixed up and is wondering is there some quick mnemonic I can use?
Recently I started googling out old AD&D books but I stumbled upon very strange mix-up in terms of edition naming convention. For example listing on this site:
…have most of the Greyhawk book covers but strangely enough many times newer books are named AD&D while older ones have AD&D 2nd Edition in the title. Same happens for Forgotten Realms listings and other setting books too. I’ve read somewhere that AD&D 1 and 2 had some small overlap in terms of releases but it doesn’t explain scale of the issue and the examples below.
How am I supposed to know which books are actually of 2nd Edition and which are of the 1st Edition?
Even assuming small overlap mentioned above and some reprints which I identified I’m still finding books released 5+ years into the 2nd Edition lifespan yet still with old 1st Edition logo.
Was the release schedule that insanely messy back in the days? Or did they drop the “2nd Edition” part of logo for some reason? Or did something else happen there?
Examples of the problem:
- Greyhawk Players Guide 1998, not a reprint (at least not of anything I can find), nearly 10 years into the 2nd Edition lifespan but with a 1st Edition Logo. Also released long after other Greyhawk 2nd Edition content which makes it even more odd.
- The Scarlett Brotherhood 1999, also not a reprint, also has 1st Edition logo. Even Wikipedia says it’s for 2nd Edition though https://en.wikipedia.org/wiki/The_Scarlet_Brotherhood
- Silver Anniversary Updated Modules 1999, on the first page there is information it’s content updated for 2nd Edition yet cover still has 1st Edition logo.
There are of course many more examples, ones I found so far are mostly of setting specific books (Forgotten Realms, Greyhawk, Dark Sun, etc.).