While that might be true there is still a point to be considered regarding vaping which is that it is an order of magnitute less harmful than smoking tabacco cigarettes because nothing is burned in a vape and the "burning stuff" is what makes normal smoking so harmful. Therefore I'd argue it should definitely be available for smokers at a price tag lower than cigarettes if they can't quit smoking to reduce harm. This would massively decrease the huge costs for health care.
If I tell a lie to support a good cause and you tell a lie to support the same cause and a third and a fourth person do the same thing then, then, being so propped up by lies how can we be sure it even is a good cause worth lying for?
In this way, the harms of lying compound while the benefits do not. For this reason I believe it highly unwise to allow it to be normalized.
Hashing client-side is a good idea. You must also hash server-side, for storage/comparison.
Otherwise, an insider may be able to harvest the original password, from logs, proxies, load balancers, etc. that requests pass through after the end of the TLS connection, on the way to the db.
They can then try the credentials on other, perhaps more lucrative sites. That's what the brothers are accused of doing here, so client-side hashing (or just simple encryption) may have been the missing piece of security that would have thwarted the credential stealing.
I wonder how common are setups where an internal person has access to the TLS private key part of the certificate or access to a network equipment that all traffic passes through, yet they cannot access the inputs required for hashing/encryption client-side?
This seems to mostly prevent accidental logging and is thus a matter of defense in depth, stopping malicious actors from exploiting it later — but an actively malicious IT person would not be deterred.
Yes, and that's not uncommon, IME. There's generally a lot of logging that's at least potentially available, and it gets turned on, and the logs shared when there's a problem that needs to be fixed (especially when it needs to be fixed quickly, which is usual).
This is going to make more sense for "enterprise"-type deployments, where there's a significant distinction between the people who might have access to request logs at times, and the people who can push code to production.
Yes limited protection against insiders is good defense in depth but not the primary purpose which is to protect end user accounts on other services in the event that you are breached.
My question still stands: how do you disallow cleartext password extraction if you are breached, assuming all your IT infrastructure and code is now accessible to an attacker?
I am talking about not logging them ever, using internal TLS and strong hashing in general, and wondering what exact value is added on top with client side hashing.
There are substantial differences between database access, snooping the logs, internal (no TLS) wiretap, and full MITM of the frontend.
Hashing client side minimizes the risk of any blast radius exceeding the bounds of your own service. There's obviously no way to prevent an adversary who achieves full MITM from gradually harvesting credentials over time. The only solution there is to use keys instead of passwords.
We are not disagreeing, but I am not getting my answer: how is client side hashing really helping, what are the circumstances it helps with if you do have the basics right?
In your enumeration, what is breached for this to be meaningfully impactful for other services where customers might be reusing credentials?
As opposed to what? Your question seems unclear to me.
I already answered you that if you assume full MITM of the frontend then it is physically impossible to prevent gradual credential harvesting. Did you have a different scenario in mind?
> how is client side hashing really helping
Compared to what? Server side hashing? It prevents the plaintext from ever hitting your infra which minimizes to the greatest extent possible an insider or intruder gaining access to the plaintext. Since preventing access to the plaintext is the primary purpose of hashing it's the sensible option if you're forced to pick only one.
Of course there's really no good reason to pick only one of the two. You might as well elect for defense in depth against rogue insiders with full db access even though it's difficult to imagine what use they would have for a password based login at that point.
There is certainly good reason to do server-side hashing: you do not keep a persistent record of the customer's secret, yet keep the ability for them to authenticate with it.
If you are never logging a clear-text secret and storing a hashes version to validate against, and using TLS between client and server, client-side hashing does not bring much benefit other than protecting customers' reused passwords against people who have sufficient access to the infrastructure to MITM the client but no ability to modify the client side code where they could extract the password directly.
When IT has write access to code, client side hashing protects only against accidental log leakage and similar.
> There is certainly good reason to do server-side hashing: you do not keep a persistent record of the customer's secret, yet keep the ability for them to authenticate with it.
That is not a property of server side hashing but rather hashing in general.
> If you are never logging a clear-text secret
Yeah good luck with that. /s
It's better not to need to worry about logging plaintext. The less of your infra that falls within any given security boundary the easier it will be to properly secure. The difference between server and client side hashing is how much of your infra touches the plaintext. Less is always better.
Sure, an insider could make direct use of hashes pulled from the logs. However if the attacker already has access to your systems then they are already inside the security boundary (or at least most of them) and likely have many other (probably better) options available to them.
It's important to keep in mind that the primary purpose behind hashing credentials is to minimize the degree to which your systems come into contact with the plaintext. The goal here is to contain the blast radius of any intrusion to only your own systems and only the immediate intrusion (ie to prevent future abuse after you've cleaned everything up) given the unfortunate reality that end users will frequently reuse credentials.
It's also important to keep in mind that hashing is cheap enough that you should probably be doing both. Hash it on the client so that you don't need to worry about logs (or snooping the LAN or whatever other way an employee might come up with to obtain plaintext passwords) and then hash it again before it enters the db so that you don't need to worry about the logs that contain hashes leaking.
You actually want to one-way passwords both client-side, for transport, and again server-side, for storage/comparison.
Otherwise, there's a hole, between the end of the TLS connection and where the server-side encryption happens, where the password is in plain text. Think logs and load-balancers and proxies.
While the client-side hashing doesn't help protect your site a lot (as you say, the hashed value the client sends effectively becomes the password), it helps protect the users who use the same password across multiple sites.
Notice in this case, that's exactly what the brothers are accused of doing: using credentials harvested from their site to log into other, potentially more lucrative accounts.
I didn't see if that's the hole the brothers exploited but it very well could have been.
The client-side encryption may have been all that was missing in this case.
If you're worried about MITM in the TLS web connection between client and server, you already lost and no prevention method client side will work, because if you own the connection you can just give client malicious JS to extract the password when they enter it
By law is how we got to where we currently are. There's no reason to think that would change. You'd have to trick all the people who are old (plus all the people who realize they will get old too) to vote away their assets, income, and power.
Unrest will just harden the people who see your cause as unjust against it. That will be a strong majority of people, so will go no where.
Revolution seems highly unlikely to succeed -- it would be unpopular and you'd have to turn much of the military/police to your side.
Frankly, I think the push of the idea of the intergenerational conflict is a con. It will not lead to anything getting better, but when people are angry and scared, they become vulnerable.
Be wary of anyone offering big, impossible promises. They'll be sticking their hands into your wallet soon enough.
If most people were fed up I think you'd see it in voting patterns.
Instead, a substantial fraction of the population don't care enough to vote one way or the other. Those that do vote have been pushing us toward the system we have now.
It's going to be hard to sell policies that disenfranchise old people...
There are a lot of people who don't want to be penniless and homeless with a diminished capacity to work. That includes people who are old already and people who realize they will become old.
That's why I think this is all a scam. We are, almost all of us, old people or people who hope to get old. This is an effort to get us all upset enough at each other that we don't stop to realize we're fighting ourselves.
It you want to unravel the scam, follow the money.
>It's going to be hard to sell policies that disenfranchise old people...
Not at all. Remember how before he got dementia the president ran on an antidementia platform?
> That's why I think this is all a scam. We are, almost all of us, old people or people who hope to get old. This is an effort to get us all upset enough at each other that we don't stop to realize we're fighting ourselves.
Not at all, it's just a fact that old people have arranged things so that old/young is simply more important than left/right. Old people are absolutely committed to protecting and boosting the stock/real-estate markets that young people are locked out of. The market is not the economy.. except that actually for old people with assets, it basically is. Youth may have left/right preferences, but establishment Left/Right are really just Old, and both have clear and stable intent to inflict economic violence on everyone else.
> It you want to unravel the scam, follow the money.
You're suggesting I'm a shil? The money trail is simple.. people don't have much and things are getting worse. Who's in charge now? Who was in charge before that? And who was in charge before that? Who paid off the people in charge? Who continuously benefits and who suffers?
> In his book, “A Generation of Sociopaths: How the Baby Boomers Betrayed America,” Bruce Gibney argued that “generational plunder” was their economic legacy. Through tax cuts and deficit financing of several wars, the Boomers left America in shock. “Plunder” is a strong word. In the corporate legal world, it is enough to justify a clawback of the plunderers’ assets.
IMHO if we don't use it to settle the debt, it won't be inherited by people anyway, it will simply be deleted during end-of-life care, where the oldest boomers pay the youngest boomers that are still in charge of whatever insane private-equity healthcare mess we land on, thus making the "greatest generational transfer of wealth" directly to the 1%.
That article is calling for an additional estate tax. That's sounds reasonable to me.
But you seem to be talking about taking the retirement savings and homes of people who are using them to live.
You find different numbers in different places, but the median retirement savings for boomers is under $200,000. That's a lot of money, but it needs to last ~15 years or so, years where they're likely to have reduced or no capacity to work.
A lot of old people have paid-off houses, which is a major asset. You could take those (e.g., by taxing them out), but then where do the old people on a small, fixed income live?
The attitude seems to be, "to hell with them, who cares?"
But I think a lot of people care: the old people themselves, of course. The people who love them. And everyone self-aware enough to realize they too hope to become old.
> Greene desires something that has long been forecast but that has not happened: “more generational conflict.” However, “the boomers are organized,” and there has not been “a broader political awakening among younger generations.” So, boomers are serenely unthreatened as some of their households receive almost $117,000 annually from Social Security, and some Medicare programs cover “golf balls, greens fees, social clubs, ski trips, and horseback riding.”
Indeed, so serenely unthreatened that they are very actively threatening to everyone else. These are the same people that are forever using hunger as a bargaining chip with snap, school lunches, and policing what other people can and cannot get.
> The attitude seems to be, "to hell with them, who cares?"
The attitude is just that they were the primary beneficiaries of the spending. They presided over the debt growth to ~40 trillion and if they did not approve they also did not stop it. They still will not let anyone else stop it! If the generational conflict were literally a war with a truce, one might expect significant reparations, or at least acknowledgement and apology? Far from it. Older folks gouged out 10x profit selling crappy houses, and while young people are delaying life milestones for decades to try to buy that house, boomer landlords charged them rent to stay at their third investment property and mocked legitimate hardship with latte and avocado toast bullshit.
For whoever needs to hear this, that 'ok boomer' reply feels less and less adequate. It's actually deadly serious and a very bloody business to just doom millions of people. Data will be clear about this one day and you already see all the trends.. deaths of despair up, life expectancy down, births down, conflict up, climate crisis closer, all with zero resources to pick up the slack. Boomers have even begun destroying international standing and friendships that might have helped us negotiate the national debt situation later. While they're working to pull the ladder up for the improvements they made to civil liberties and women's lib. On the whole they'll have lived longer, happier lives in better conditions than their kids, and they did it by stealing the future.
> everyone self-aware enough to realize they too hope to become old.
That's exactly what I'm getting it. Again not so much for you but for whoever needs to hear it.. Prospects on HN are better than average, ok? And Gen-Z looks to be childless, which may be painful, but is rational and avoids drama. Listening to average Gen-X / Millennials though.. many obviously don't plan to be old. They know they can't afford to be old. So they are taking care of their elders, they are taking care of their kids, and when that tapers off they're planning to just die quickly themselves if/when they get sick. The worst nightmare of what must never happen to the elderly in civilized society is just another awkward future that boomers may have already caused and will not have to face, but posterity will.
Hope this helps someone, really. Boomers need to be able to hear it. This is a bit like being an American abroad.. you expect to be a bit of punching bag on occasion. It doesn't actually matter if you're personally complicit, you kind of need to acknowledge you're a member of a group that has been up to no good. It's not a shame ritual, or bitter ranting, or just provocative. It's a calculated test that's probing for ignorance or understanding, character, empathy, and solidarity. Most boomers don't pass, and don't pass, and don't pass, and make things worse. => End of patience, end of cordial relations, end of respect, end of trust, end of relationships.
Your logic is, "nothing's perfect so everything is equally good (or bad)".
Which is not true in this case.
For better and sometimes worse, the process through which medical drugs and procedures come to market, including studies and trials, is heavily regulated.
The Egg Board, however, is free to choose whichever studies to fund they prefer, and will gravitate to ones likely to show the positive effects of eggs and avoid ones likely to show the opposite.
The content of the paper may be entirely legitimate, but it still actually tells us nothing about whether we should eat more eggs or not.
I'm not exactly going to get outraged at the NYT's rhetorical tactics against vaping.
reply