dnd 5th – How would the fight work without attacks of opportunity?

I have tried this for one time only with a few new players, and we have removed the OAs for the sake of simplicity. The more experienced players at the table had fun exploring the consequences of this.

Mobility

Everyone enters, attacks, flees. Enemies and group members take advantage of the coverage and we noticed that the layout of the units on the map was much more chaotic.

Speed ​​is more precious

If mobility is increased, speed will improve accordingly. Both the Tabaxi and the Monk enjoyed jumping backstage hassle-free and focusing on the distant squishy goblins harassing them.

Front line players may not be as good on the front line

One of the reasons why a barbarian or a fighter stands in front of the group and prevents several enemies from approaching wizards and wizards from behind is their threatening presence and the threat of reprisals. Without AoO, enemies could easily run and jump in the back lines, and the group's first scrimmages did the same.

Being at a distance is more difficult, but at the same time, perhaps unnecessary

In closed areas, where you cannot shoot your bow 150 feet away, enemies quickly take the leap from remote attackers and new tactics are needed. If the character is in range because it deals more damage, then he can simply stand within 5 feet of any enemy and attack. If they are at a distance because they are very spongy, they need new tactics to always be at a distance.

Cat and mouse

Although this has not happened to us, in open areas, cat and mouse play may occur. Goblin rushes to Wizard. The wizard starts. Gobling Dashes to Wizard. Repeat. Because there is no consequence for running away, kiting enemies is easier (you don't take damage to run) in large spaces.

Overall, it was a fun experience for the players, but we decided it didn't work for us. The players appreciated the fact that their frontline players were originally there to prevent enemies from crossing them. They no longer loved the enemies who fled and kit them. But everyone has their fate.

address – What are the potential attacks against ECDSA that would be possible if we used raw public keys as addresses?

The theory

It is assumed that to forge an ECDSA signature, you must first calculate the private key for a given public key (this operation is known as "discrete logarithm" (DL), and its hardness is the basis of ECDSA security). To do this, you must actually have the public key.

Once you have the public key, it is assumed that you need at least 2128 to calculate his private key. It is huge (if every computer in the world could perform a relevant operation per clock cycle, it would take more than 100 million years; in reality, it would be orders of magnitude more than that ). However, this assumes that there are no fundamental breakthroughs in the algorithms for calculating the discrete logarithm or quantum computers. A sufficiently powerful quantum computer (not anything close to what already exists) may be able to do this calculation many faster.

By using an address that contains a hash of the public key rather than the public key directly, the actual public key is not revealed to the world until the output is spent by its owner. With the exception of the (spectacular) vulnerabilities found in the hash functions used (SHA256 and RIPEMD160), even a quantum computer cannot trivially find a public key in a hash function. However, the 160-bit hashes used are still considered relatively weak in this case (280 operations on a sufficiently powerful quantum computer).

In short: the argument is that by using public key hashes, the ability of a person with a DL break or a hypothetical quantum computer to steal coins is made more difficult.

In practice

What I write in this section is my own opinion, and not everyone probably agrees with it.

I believe that this (often repeated) advantage of chopped public keys is marginal at best and at worst a false sense of security. There are several reasons for this:

  • The argument only applies until the exit is (tempted to be) spent. Once someone tries to spend a pay-to-pubkey hash output, it reveals the full public key. With minor co-operation from miners, the original transaction could be temporarily delayed to give the hypothetical quantum computer attacker time to find the private key and steal the coins.
  • Address reuse was, and still is, very common and seemingly difficult to avoid. Each time the addresses are reused, their public key is revealed during the first expenditure, making all future ones still vulnerable.
  • Almost all of the interesting things that people do with Bitcoin (including multisig, 2FA, escrows, payment channels, BIP32 accounts, …) involve sharing public keys with other parties. It is an illusion to think that in such a world, all security is gained by using public key hashes – because public keys are always revealed, often without people knowing it.
  • Even if you limit yourself to not relying on any of these techniques and keeping all of your public keys secret until you use them, there are more than 5 million BTCs (mine research) stored with publicly known public keys. I cannot imagine that BTC retains a value if these become practically vulnerable to theft.

This does not mean that we have a problem. Sufficiently powerful quantum computers are far – if they are achievable for the huge number of q-bits needed to solve these problems. This gives us time to slowly migrate to patterns that are actually quantum resistant (not using ECDSA or similar cryptography at all). This has not yet been done, as the current quantum resistance patterns come with very large keys and signatures, and various other caveats. This makes them very unattractive now, but research on them is advancing rapidly and, if necessary, they exist.

Should you use public key addresses?

If writing a cryptocurrency, would you not recommend that the addresses be the public key encoded in base58 with a checksum at the end? Why?

Advice on other cryptocurrencies is irrelevant here, but the Taproot proposal for Bitcoin would actually do that. Its outputs (and therefore its addresses) contain a complete public key, because it has many advantages (it is smaller, cheaper and makes a number of more advanced protocols much easier).

The Bech32 address format is used for these types of outputs, which has a number of advantages over Base58 (easier to transliterate / compare, stronger error detection, more extensible , smaller QR codes, …).

Warning: I am co-author of the Taproot proposal and the Bech32 standard.

TL; DR: public keys must be Public.

dnd 5e – How do the bases of combat change without attacks of opportunity?

I tried this for a one-shot once with a few new players, and we removed AoO for the sake of simplicity. The more experienced players at the table had fun exploring the consequences of this.

Mobility

Everyone enters, attacks, flees. Enemies and group members take advantage of the coverage and we noticed that the layout of the units on the map was much more chaotic.

Speed ​​is more precious

If mobility is increased, speed will improve accordingly. Both the Tabaxi and the Monk enjoyed jumping backstage hassle-free and focusing on the distant squishy goblins harassing them.

Front line players may not be as good on the front line

One of the reasons why a barbarian or a fighter stands in front of the group and prevents several enemies from approaching wizards and wizards from behind is their threatening presence and the threat of reprisals. Without AoO, enemies could easily run and jump in the back lines, and the group's first scrimmages did the same.

Being at a distance is more difficult, but at the same time, perhaps unnecessary

In closed areas, where you can't shoot your bow 150 feet away, enemies quickly get the jump on remote attackers and new tactics are needed. If the character is in range because it deals more damage, he can simply stand within 5 feet of any enemy and attack. If they are at a distance because they are very spongy, they need new tactics to always be at a distance.

Cat and mouse

Although this has not happened to us, in open areas, cat and mouse play may occur. Goblin rushes to Wizard. The wizard starts. Gobling Dashes to Wizard. Repeat. Because there is no consequence for running away, kiting enemies is easier (you don't take damage to run) in large spaces.

Overall, it was a fun experience for the players, but we decided it didn't work for us. The players appreciated the fact that their frontline players were originally there to prevent enemies from crossing them. They no longer loved the enemies who fled and kit them. But everyone has their fate.

iot – What types of attacks could be made on the CoAP protocol?

I'm a student and I'm studying the security of the CoAP protocol. So, thinking about the attack surface, my thinking was about internal attacks (i.e. inside the network) and external attack (this ; i.e. outside the network). As for them, given the scenario without encryption (i.e. without DTLS), there could be attacks like packet sniffing. So I was also wondering what kind of other attacks could be made?

dnd 5th – What happens if we completely get rid of the attacks of opportunity?

Opportunity attacks have their way into the world of table games and D&D in particular. 3.5e / PF both had an exhaustive list of actions that may or may not trigger an OA.

The 5th edition has simplified things a lot. Only one trigger on the left:

You can perform an attack of opportunity when a hostile creature you can see moves out of your range.

It seems that the developers consider this particular trigger as the most important. What happens if we delete it?

The reason I ask is because there are games based on 5th which don't have OA at all (Five Torches Deep, for example), so I want to find out how a typical 5th gameplay will change if the DM introduces a house "without opportunity attacks". rule.

Is an external wifi adapter needed to do man attacks in the middle in a dual boot kali

I see that the mac address is changed after the spoofing of arp, but the victim does not get internet. I use an internal wifi card.

What are the potential attacks against ECDSA that would be possible if we used raw public keys as addresses?

According to this answer explaining why addresses are hashes rather than public keys, there are potential attacks that are possible if you have the public key rather than the address, what are these attacks? If writing a cryptocurrency, would you not recommend that the addresses be the public key encoded in base58 with a checksum at the end? Why?

dnd 5e – What does "… non-magic attacks not made with silver weapons" mean?

The Werewolf's immunity to damage applies to "clubbing, piercing and cutting non-silvery non-magic attacks". Let's first assume that the damage we are considering is hitting, piercing or cutting damage, because the werewolf is not immune to other types of damage.

Is the attack magical? The werewolf is therefore not immune to its damage.

Is the attack made with a silver weapon? The werewolf is therefore not immune to its damage.

Otherwise, if neither of these two criteria is met, the werewolf is immune to damage. Note that the werewolf is do not immune to damage of this type caused by things that are not attacks, such as blunt damage from a fall or piercing damage from a spike trap that requires a Dexterity saving throw.

passwords – How to mitigate both DOS and brute force attacks online?

I was recently reading this question, where the accepted answer claims that it is easy for attackers to bypass IP based rate limiting, which makes any sort of IP rate limiting to prevent brute force attack much less useful. But, if it is based on the account that is a victim, then it becomes very easy for an attacker to block access to a victim's account. What is the best way to defend against DOS attacks and online brute force attacks (and anything in the same category)?

Simply sleeping for, say, 1 second is not enough because the attacker can simply make more requests before the end of the first (1 second latency, but unlimited bitrate, and bitrate is what account for brute force). If the following requests are blocked until the end of the first one, they must be blocked by IP or by user, which creates the same problem.

2FA is not always a good solution either, because even worse, many people do not use it.

dnd 5e – Which monster attacks have "Miss" results?

I looked at the piercer and I noticed that his attack not only has a Hit result but a Miss line as well which is both fun and adapts to attack. My sources are all linked (not D&D Beyond), so I have no easy way to browse them, but as far as I know, the piercer is the only creature like this in the Monster Manual.

What other monsters have specified Miss's results for their attacks / actions?