pellej_s's comments

pellej_s · on Oct 14, 2016

Amazing feature. Amazing product. Thanks antirez.

pellej_s · on Aug 22, 2016

So, everyone's basically saying:

> Google sucks

> Don't rely on Google if you want your business to succeed

> This is old news! Happens all the time

> Google = SPoF

...you're all looking like trolls to me. Please, do tell how Spotify manages to service 60+ markets with some core pieces of infrastructure on Google's Cloud offerings.

eadz · on Aug 22, 2016

Spotify will have a phone number of someone they can call.

I've had this issue with google too. They'll shut down your account, your whole account - google apps email and all - if an automated system detects something dodgy. In my case an automated system at ebay accused my site of phishing which it wasn't.

There is a paid support option, but when your account is shut down you are unable to access the required code.

I don't think you can appreciate how inaccessible Google is until they decide you're a bad actor.

1_2__3 · on Aug 22, 2016

By being Spotify-scale, thus forcing Google to care about them. See also: Snapchat.

ocdtrekkie · on Aug 22, 2016

Pretty sure if Google guts Spotify, Spotify can literally call Sundar Pichai himself on the phone to get it resolved. There's a scale issue there in terms of whether or not Google considers you worth bothering with.

Guyag · on Aug 22, 2016

I don't know that the comparison with Spotify is very fair - I would imagine they have a direct contact to employees.

CaptSpify · on Aug 22, 2016

Google doesn't typically have bad products. Google is amazing when things go right, it's only when they go wrong that Google really shows their true nature. I'd wager a guess that most of the time things just don't go wrong.

I also imagine that Spotify pays a lot of money and has a dedicated account manager.

blakeyrat · on Aug 23, 2016

Same way Pewdiepie gets excellent YouTube customer service: he has millions invested in Google properties. Google's great at helping their huge money-makers, it's the literally everybody else who gets screwed by their awful robot systems.

pellej_s · on June 20, 2016

Yes, sure. You should not be using anything but Bcrypt et al for passwords (salt, salt, salt!) – but... Out of curiosity. What if these passwords were SHA-512 hashed (unsalted) rather than SHA1?

Anyone know of comparable articles?

CariadKeigher · on June 20, 2016

As part of a presentation I did at a local OWASP chapter, here are some numbers based on just using CPython's Hashlib processing of 14,000,000 someodd passwords:

Intel Xeon E5-1620 3.6 GHz: SHA: 8.16 seconds, SHA256: 11.01 seconds, MD5: 8.7 seconds

AMD FX-8320 3.5 GHz: SHA: 10.63 seconds, SHA256: 13.49 seconds, MD5: 10.06 second

Intel Celeron N2840 2.2 GHz: SHA: 32.4 seconds, SHA256: 39.75 seconds, MD5: 28.95 seconds

Intel Pentium M 1.7 GHz: SHA: 37.98 seconds, SHA256: 48.12 seconds, MD5: 34.49 seconds

SHA512 isn't going to make it much better.

simik · on June 20, 2016

SHA-512 would be just 7-8 times slower. Not much of an improvement. Check hashcat's page for performance figures:

https://hashcat.net/oclhashcat/#performance

schoen · on June 20, 2016

It's presumably not the most optimized for attacks, but you can try the "openssl speed" command (including specific algorithms, if you want, like "openssl speed sha1 sha512").

jlgaddis · on June 20, 2016

(cuda)hashcat can do SHA512 just fine, too.

pellej_s · on June 20, 2016

There are some efforts, like https://haveibeenpwned.com/. However, personally? I always feel naked dishing out my email(s) in a <form>... Irregardless of HTTPS or HTTP.