User Tag List

First 12

Results 11 to 16 of 16

  1. #11
    Senior Member ptgatsby's Avatar
    Join Date
    Apr 2007
    MBTI
    ISTP
    Posts
    4,474

    Default

    Quote Originally Posted by highlander View Post
    Nobody has access to passwords here for example. VBulletin hashes them with MD5. A hashing function is like a one way encryption algorithm. When you login, it runs the hashing algorithm against what you entered and compares it to the hashed password in the database to see if they match. Of course you could program a site it to do whatever you wanted, including capturing people's passwords but I doubt many webmasters would care to bother. It's more likely that the site would get hacked and software installed to capture passwords or that your PC gets hacked with malware on it and the passwords would be stolen from your machine that way. It does happen sometimes however that databases with passwords are hacked though and it is not a good idea to use say your bank account password for other things.
    Just want to point out that MD5 is not at all secure. MD-5 may be better than SHA-1, but we are talking a maximum of hours regardless password length or complexity. We are upwards of 4 billion tests/second (MD-5, 2^32 to 2^33) on a standard PC. Any form of distributable computing power (eg: Amazon EC2, GPU tiers) can run a couple of orders of magnitude above that for about a dollar an hour (EC2 large gpu can run 64 parallel cores at about 2^33, afaik). Password ranges are about 2^38 to 2^46 in brute force, which translates to ~1 min to 273 hours. Note that 2^46 is rather extreme and is a 25+ character password. Unsalted means it takes that long to break everyone's password. Rainbow salts means you will have half the passwords in some variation of that time (say 5-50x).

    Don't reuse passwords. Anyone with access to the database can have your password if they want to.

  2. #12
    Administrator highlander's Avatar
    Join Date
    Dec 2009
    MBTI
    INTJ
    Enneagram
    6w5 sx/sp
    Socionics
    ILI Ni
    Posts
    17,904

    Default

    Quote Originally Posted by ptgatsby View Post
    Just want to point out that MD5 is not at all secure. MD-5 may be better than SHA-1, but we are talking a maximum of hours regardless password length or complexity. We are upwards of 4 billion tests/second (MD-5, 2^32 to 2^33) on a standard PC. Any form of distributable computing power (eg: Amazon EC2, GPU tiers) can run a couple of orders of magnitude above that for about a dollar an hour (EC2 large gpu can run 64 parallel cores at about 2^33, afaik). Password ranges are about 2^38 to 2^46 in brute force, which translates to ~1 min to 273 hours. Note that 2^46 is rather extreme and is a 25+ character password. Unsalted means it takes that long to break everyone's password. Rainbow salts means you will have half the passwords in some variation of that time (say 5-50x).

    Don't reuse passwords. Anyone with access to the database can have your password if they want to.
    It's true. Anyone with access to the password encrypted database can crack passwords. That poses a risk to other systems the person may have access to if they use the same password.

    Please provide feedback on my Nohari and Johari Window by clicking here: Nohari/Johari

    Tri-type 639

  3. #13
    Senior Member Retmeishka's Avatar
    Join Date
    Jan 2011
    MBTI
    ISTP
    Socionics
    SLI
    Posts
    239

    Default

    Quote Originally Posted by miauwington View Post
    Yeah phishing : another technique that relies on user stupidity rather than sophistication.
    Or java plugins and other kinds of add-ons on certain websites. When you click accept you basically give full control to whoever programmed the thing, right!?
    I could be wrong, but I think I remember reading about how 'yes' and 'no' don't mean anything, they mean whatever the programmer wants them to mean. You could just as well be pushing a button that says 'green' or 'blue.' Any button you push on the dialog box does whatever the programmer wanted it to mean, I think (but again I could be wrong). And if I recall, some malware just does whatever it wants to do regardless of what buttons you push. You don't have to push any buttons on any dialog boxes at all. They just get in. I know because I tried, and failed, to fight the battle against constant harassment from some unknown hacker(s) years ago, and did some research on it.

  4. #14
    Ginkgo
    Guest

    Default

    Quote Originally Posted by Qlip View Post
    Kinda. I believe this is happening, because it's easy to do. But with reputable forums, and with standard forum software, the passwords are encrypted and not accessible in-the-clear to anybody. Technically the forum doesn't even know your password, it just knows that what you typed in matches the password you specified when processed through some mathematical operations.
    ^

  5. #15
    Parody Parrot meowington's Avatar
    Join Date
    May 2008
    MBTI
    INFJ
    Enneagram
    6
    Posts
    1,181

    Default

    Quote Originally Posted by Retmeishka View Post
    I could be wrong, but I think I remember reading about how 'yes' and 'no' don't mean anything, they mean whatever the programmer wants them to mean. You could just as well be pushing a button that says 'green' or 'blue.' Any button you push on the dialog box does whatever the programmer wanted it to mean, I think (but again I could be wrong). And if I recall, some malware just does whatever it wants to do regardless of what buttons you push. You don't have to push any buttons on any dialog boxes at all. They just get in. I know because I tried, and failed, to fight the battle against constant harassment from some unknown hacker(s) years ago, and did some research on it.
    Yes very true. You could be pushing a "no" or "cancel" button and it will execute what the "hacker" wants anyway. Even doing a simple "mouse over" movement, could trigger some malicious code, if your browsers security settings allow it.

  6. #16
    Senior Member Retmeishka's Avatar
    Join Date
    Jan 2011
    MBTI
    ISTP
    Socionics
    SLI
    Posts
    239

    Default

    Quote Originally Posted by miauwington View Post
    Even doing a simple "mouse over" movement
    EVEN JUST THINKING ABOUT IT, ha ha. I forgot about mouse over, but yeah, you're right. I actually had a policy for a while there when I would get a weird popup box on my browser - I would just alt-tab or click some other tab to just get away from the page, and then shut the page down without even touching the dialog box. But I had actually forgotten why that was my policy. (This was back when I was still trying to troubleshoot the computer problem and/or avoid being hacked into. I haven't been that worried about it for a long time now.)

Similar Threads

  1. Tor, DarkWeb, Hacking, Anonymity, Security & other resources
    By LovecraftianMonstrosity in forum Science, Technology, and Future Tech
    Replies: 61
    Last Post: 09-18-2017, 06:47 PM
  2. Reuters: Has power grid been hacked? U.S. won't say
    By cogdecree in forum Politics, History, and Current Events
    Replies: 5
    Last Post: 04-08-2009, 11:48 PM
  3. Social Security: Analysis, Diagnosis, and Prognosis
    By Kiddo in forum Politics, History, and Current Events
    Replies: 21
    Last Post: 03-24-2008, 03:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Single Sign On provided by vBSSO