spacefrogg
spacefrogg
> I think pam is fundamentally broken, so I am not entirely opposed to a custom Auth method. > > Two security relevant things. > > * hashing is too...
What I just wrote is, of course, not equally true, for hashes that are used without salt.
> > Is that not true for PAM as well? So, it should be some general artificial delay between login tries, not just for this method. > > All PAM...
I concur with @jonenst first statement. The original "bug" in the Python code is that `9007199254740993.` is not representable as double, leading to wrong assumptions about the second comparison. Another...
Another simple fact is loss of monotonicity of arithmetic functions like `+`. ```factor IN: scratchpad 0.0000000000000000000000000000000000001 [ 0.0 number= . ] [ 1.0 + 1.0 number= . ] bi f...
Of course (how could I not have checked before typing... ;) )! Then, `number=` clearly should print a warning, because exact comparison of coerced floats is more often wrong than...
Would it, at that point, not be easier to just convert the number to float and back and see whether it is `eq?` to the original?