Is a young black dragon enough of a challenge alone for group of five level-5 characters?

I have a 5-member party in D&D 5e (ranger, fighter, sorcerer, rogue and bard) who are all level 5. They will soon be meeting with the “big bad”, a young black dragon, in his lair which contains pools of acid. They would most likely be fully rested before the fight.

I know the CR is 7, but I was wondering whether it would prove to be a satisfying battle, in the sense that they may come close to defeat and might be able to beat the odds.

Is this fight well-balanced? Would it be challenging?

If not, should I add some hatchlings or small mobs to adjust the action economy appropriately?

Are Vengeful Ancestors’ damage-dealing reactions enough to sustain the Barbarian’s rage?

To sustain their rage at the end of their turn, a Barbarian must have attacked a hostile creature since their last turn or must have taken damage since then. [PHB, pg. 48]

In the level 14 feature of the Primal Path of the Ancestral Guardian, "Vengeful Ancestors," the spirits called by the Barbarian’s rage may do force damage to a hostile creature. Mechanically, the Barbarian is using their reaction to cause this damage. [XGtE, pg. 10]

Is the fact that the Barbarian is using their reaction to cause damage to a hostile creature enough to sustain their rage? Or is this insufficient because the damage is not being caused directly by the Barbarian?

Is an improvised weapon treated as similar enough to a weapon to use its properties still considered “improvised”?

In PHB, the 2nd paragraph of the description of Improvised Weapons (p. 147) states:

In many cases, an improvised weapon is similar to an actual weapon and can be treated as such. For example, a table leg is akin to a club. At the DM’s option, a character proficient with a weapon can use a similar object as if it were that weapon and use his or her proficiency bonus.

If I am understanding this correctly, then the mentioned table leg (or similar object) can be treated as a club. If that is correct, then it would have the light property, as the club has it. If that is also correct, that would mean I can wield a light weapon in one hand and an improvised club-like weapon in other hand, and use Two-Weapon Fighting with those, as both are light.

If all of that is still correct, then can an improvised weapon that is similar enough to a real weapon – e.g. a table leg used as a club – still be treated as an improvised weapon for the purpose of the last bullet point in the Tavern Brawler feat (PHB, p. 170)?

Specific scenario that I am wondering about: I wield a Scimitar (a light weapon) in one hand and a table leg (treated as a club, so also light) in the other hand. On my turn, I attack with the table leg as my Attack action. Then one of two things happen:

  1. I miss – then, as both wielded weapons are light, I proceed to attack with my scimitar (per Two-Weapon Fighting)

  2. I hit – then I drop one of my weapons to free one of my hands and attempt to grapple the target.

Of course this is assuming that I have the Tavern Brawler feat, which states:

  • You are proficient with improvised weapons.
  • Your unarmed strike uses a d4 for damage.
  • When you hit a creature with an unarmed strike or an improvised weapon on your turn, you can use a bonus action to attempt to grapple the target.

Does all of that work as I’ve described, or is there somewhere a flaw in my reasoning?

Is a SHA checksum enough to verify integrity and authenticity?

This is a broader question but here a concret example:

From https://www.apache.org/info/verification.html :

File hashes are used to check that a file has been downloaded correctly. They do not provide any guarantees as to the authenticity of the file.

I don’t understand this part: They do not provide any guarantees as to the authenticity of the file.

The checksum used is from a trusted HTTPS source (Eg: https://downloads.apache.org/tomcat/tomcat-8/v8.5.56/bin/apache-tomcat-8.5.56.zip.sha512).

How a file can not be authentic if it match a checksum from a HTTPS trusted source?

Or do I miss something and I still need to validate with a GPG key?

Is this method of 32 char hash generation secure enough for online-based attacks?

A fellow developer and I have been having a discussion about how vulnerable a few different methods of developing a hash are, and I’ve come here to see if smarter people than I (us?) can shed some light.

In PHP, I feel the below is secure ENOUGH to generate as 32 character value that could not be reasonably broken via online attack. There are some other mitigating circumstances (such as in our specific case it would also require the attacker to already have some compromised credentials), but I’d like to just look at the "attackability" of the hash.

str_shuffle(MD5(microtime())) 

The suggested more secure way of generating a 32 character hash is:

bin2hex(random_bytes(16)) 

I acknowledge the first hash generation method is not ABSOLUTELY SECURE, but for an online attack I think being able to guess the microtime (or try a low number of guesses), and know the MD5 was shuffled and/or find a vulnerability in MT which str_shuffle is based on is so low as to make it practically secure.

But I would love to hear why I’m a fool. Seriously.

EDIT — This is being used as a password reset token, and does not have an expiry (although it is cleared once used, and is only set when requested).

Is my code safe enough to be publish on the server side?

I’m new here to ask a question. Sorry if my question had miss explanation. I just wanna ask if my PHP code is secure enough. Please find below is the source code.

Get the ID for choosing the Value

/*Create a new Query for get all the ID from each of Venue Type on the Administration Database*/ $  Q_VenueType = "SELECT Biz_ID FROM Biz";  $  R_VenueType = $  connection->query($  Q_VenueType);  if ($  R_VenueType->num_rows > 0) {     //Success Condition     $  rows = array();     while ($  row = $  R_VenueType->fetch_assoc()) {         $  rows[] = $  row;     }      echo json_encode($  rows);      $  R_VenueType->close();  }else{     //Failed Condition     echo('0'); }  mysqli_close($  connection); 

Get Value with the ID as an Input

//Create Variable to get the Venue Type Value by their ID. $  VenueType_ID = htmlspecialchars($  _POST['TypeID'], ENT_QUOTES);  /*Create a new Query for get all the ID from each of Venue Type on the Administration Database*/ $  Q_VenueTypeValue = "SELECT Biz_Name FROM Biz WHERE Biz_ID = '".$  VenueType_ID."'";  $  R_VenueTypeValue = $  connection->query($  Q_VenueTypeValue);  if ($  R_VenueTypeValue->num_rows > 0) {     //Success Condition     $  rows = array();     while ($  row = $  R_VenueTypeValue->fetch_assoc()) {         $  rows[] = $  row;     }     echo json_encode($  rows);  }else{     //Failed Condition     echo('0'); }  mysqli_close($  connection); 

Please ask for further information, Thank you for the answer before.

Is a random number secure (enough) for card numbers and pins?

I’ve been given the task of generating some gift tokens which comprise a serial number and a pin number, analagous to a pre-paid credit card. The serial and pin will be printed on a card, with the pin behind a scratch panel.

My first thought is for both numbers to be randomly generated with the serial number being unique. Is this secure against guessing?

To my simple mind, adding any kind of logic would make the numbers more gussable as there’d then be something to figure out and understand, whereas random is without reason (ignoring implementation details for now), and so while being simple using pure random gives the attacker less to work with.

Is this a flawed assumption? Are there known “good” ways of doing this?

If the daughter of a night hag avoids her mother long enough can she delay becoming one too?

The daughters of other hags all seem to fully turn into them automatically once 13, except with night hags according to lore. With them it’s said that there must be 13 rituals done on their daughters or the transformation doesn’t occur.

So for campaign purposes I have to ask: does this mean that it’s possible for a daughter of a night hag to be encountered who is older than 13 and thus far been able to evade their mother and being converted? Can it be delayed with them from the usual mandatory age?

And as an aside, if it is possible and such one is encountered, would they be a regular human e.g. stats wise or would there be differences? And would spells used by a party that could detect and reveal a hag also detect them?