frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

1•brauhaus•37s ago

We Built Colonist Rush

https://blog.colonist.io/colonist-rush-development/
1•kamphey•1m ago•0 comments

Why is tiny Norway so good at sports? It's more than Erling Haaland

https://www.csmonitor.com/World/Europe/2026/0710/norway-erling-haaland-soccer-youth-sports-compet...
1•RickJWagner•3m ago•0 comments

I created a Ruby gem that makes it easy to create websites

https://rubygems.org/gems/jimmu/versions/1.0.0
1•Yamatov•8m ago•0 comments

Gray Scott model of reaction diffusion

https://groups.csail.mit.edu/mac/projects/amorphous/GrayScott/
1•marysminefnuf•9m ago•0 comments

Three sacred cows that must die so Europe can live

https://world.hey.com/dhh/three-sacred-cows-that-must-die-so-europe-can-live-1afb203d
3•backlit4034•10m ago•1 comments

Zero-dependency streaming tar parser and writer for JavaScript

https://ayuhito.com/projects/modern-tar/
1•ayuhito•11m ago•0 comments

Google AI Overview Rewrote Their Signature Recipe and Attributed It to Them [video]

https://www.youtube.com/watch?v=J0lLvVYahNY
1•pknerd•12m ago•0 comments

Show HN: Open-source skills that make any AI agent write native social posts

https://github.com/inklate/social-skills
2•missingstack•12m ago•0 comments

Reddit is now asking age verification for all users in the EU

https://old.reddit.com/r/europrivacy/comments/1uexser/reddit_is_now_asking_age_verification_for_all/
4•inigyou•15m ago•0 comments

Show HN: Safehttp – an SSRF-resistant HTTP client for Go

https://github.com/ayuhito/safehttp
3•ayuhito•21m ago•0 comments

Federal employees can download TikTok on government devices, DOJ says

https://www.reuters.com/world/federal-employees-can-download-tiktok-government-devices-doj-says-2...
3•giuliomagnifico•24m ago•0 comments

What I learned on reducing token spend in your agent after $500 on iterations

https://twitter.com/chrisvxd/status/2078446083496108282
3•chrisvxd•26m ago•1 comments

America Broke Its Own Military

https://tribunemag.co.uk/2026/07/how-america-broke-its-own-military
5•robtherobber•30m ago•0 comments

From the Editor: Commercial Aviation's Innovation Dilemma – Aviation Week

https://aviationweek.com/aerospace/manufacturing-supply-chain/editor-commercial-aviations-innovat...
2•rbanffy•31m ago•0 comments

The Zoom hack that says, 'Don't record me'

https://techcrunch.com/2026/07/17/the-zoom-hack-that-says-dont-record-me/
2•nyku•33m ago•0 comments

Baba Is Solved by Fable 5 and GPT-5.6 Sol, but at what cost?

https://quesma.com/blog/baba-is-bench/
2•stared•35m ago•3 comments

What if restaurant menus had AI copilots?

1•irnco•36m ago•0 comments

Claude Code team should try macro so users can complete 3x as many tasks

1•yohji1984•39m ago•1 comments

Show HN: We built fractional GPU slicing without Nvidia MiG – works on AMD too

https://podstack.ai/
1•saurav7055•41m ago•0 comments

No don't Google it, ask me about it

https://river.berlin/blog/no-don-t-google-it-ask-me-about-it/
1•adityashankar•44m ago•0 comments

They Ran Nattokinase Against a Statin. The Enzyme Won

https://sayerji.substack.com/p/they-ran-nattokinase-against-a-statin
1•bilsbie•45m ago•0 comments

Show HN: Csvtool.io – 60 free CSV tools that run in the browser

https://www.csvtool.io
2•jamesweb•47m ago•0 comments

Show HN: BlazeRules – vectorized YAML rules for JSON, Kafka, and Arrow events

1•jspuri•53m ago•0 comments

Laser Fault Injection on the TROPIC01 Open-Source Secure Element

https://donjon.ledger.com/blog/tropic01-laser-fault-injection/
1•ahlCVA•54m ago•0 comments

Optimistic Sync Library for the Web

https://therealpaulplay.github.io/PlaySocketJS/
1•PaulPlay•56m ago•0 comments

Another Taste of Verse [video]

https://www.youtube.com/watch?v=QIiU-QGzcqc&list=PLQtDWkrawhsE&index=2
2•mpweiher•57m ago•1 comments

Slople – can you pass the reverse Turing test?

https://unslop.run/slople
1•dopamine_daddy•1h ago•1 comments

What AI did to stackoverflow in a graph

https://data.stackexchange.com/stackoverflow/query/1953768#graph
57•secretslol•1h ago•48 comments

Why do AI company logos look like buttholes?

https://velvetshark.com/ai-company-logos-that-look-like-buttholes
169•miniBill•1h ago•50 comments
Open in hackernews

Are Your Passwords in the Green? (2025)

https://www.hivesystems.com/blog/are-your-passwords-in-the-green
1•kemotep•1y ago

Comments

kemotep•1y ago
With NIST finally updating their standards to recommend 15 character password minimums last, I like to use their recommendations and compare them to these charts show how effective such a password would be.

Using E = L x log2(R), where E is entropy, L is number of characters in the password (15), and R is the total number of possible characters used (26 for all lowercase letters), you can get ~70 bits of entropy. Using a password manager like Bitwarden for a 15 character password using the full character set minus the ambiguous characters (65 characters total) leads to ~90 bits of entropy.

Using these charts and figures from the article, a well configured bcrypt setup means even the fastest computer systems still in 2025 cap out at 1 billion hashes per second for offline cracking (without getting into Nation States spending billions on just cracking your passwords, or dedicating all the world’s supercomputers or some other speculations). So to calculate how long it would take with a “realistic” password cracker in 2025, would use this formula:

((((((2^(70-1))/ 1 billion hashes per second)/ 60 seconds)/ 60 minutes)/ 24 hours)/ 365 days) to get ~18,700 years. (Nearly 20 billion years for the Bitwarden generated one)

But without a password filter checking for known bad passwords somewhere like Have I Been Pwned, even a 30 character password that has been leaked is useless. Would be instantly “cracked”. So I personally would have the password policy be:

1. 15 character minimum, no composition rules.

2. All passwords filtered for known bad passwords against HIBP.

3. Accounts protected by MFA.

4. Combination of network controls, best practices security configurations, and alerts and monitoring to help detect and limit/eliminate password guessing attacks, password database dumps.