Data breach on this site?

navychop · Dec 22, 2020

NYDutch said:
BELIEVE what? That Chrome doesn't save passwords unless I want it to? Yes... Chrome is built on the open source Chromium engine, and I'm quite capable of reviewing the inner workings.

That Chrome, etc, don’t have records/traces of your PWs, saved or not.

I’ve given up on expecting any privacy.

Side note: Sometime in or around the 60s, the Soviets tried to compromise an African leader. They provided him with beautiful women. Then showed him part of what they taped, threatening to release them.

He was elated, and asked for a copy!

(Whoops)

Juan · Dec 22, 2020

harshness said:
Hashes are fairly useless. The don't work as passwords themselves and they're typically pretty difficult to crack if the software has any of the recommended protocols involved (especially salting).

Thats not true at all..plenty of websites can workout hashes

harshness · Dec 22, 2020

Juan said:
Thats not true at all..plenty of websites can workout hashes

I didn't say that they couldn't use plaintext or some other simple encoding. I said that you can't use a captured hash in lieu of a password.

Web admins like hashes because saves them a lot of trouble and prevents most leaks from yielding useful credentials. PHP, the basis of many websites, has all the required tools built in.

Juan · Dec 22, 2020

navychop said:
That Chrome, etc, don’t have records/traces of your PWs, saved or not.

I’ve given up on expecting any privacy.

Side note: Sometime in or around the 60s, the Soviets tried to compromise an African leader. They provided him with beautiful women. Then showed him part of what they taped, threatening to release them.

He was elated, and asked for a copy!

(Whoops)

T

harshness said:
I didn't say that they couldn't use plaintext or some other simple encoding. I said that you can't use a captured hash in lieu of a password.

Web admins like hashes because saves them a lot of trouble and prevents most leaks from yielding useful credentials. PHP, the basis of many websites, has all the required tools built in.

I am telling you that there are easy to use websites that break hashes...if you can get the hash..you can get the username...all they need is access to a pc or even certain apple products

TheKrell · Dec 22, 2020

Juan said:
I am telling you that there are easy to use websites that break hashes...if you can get the hash..you can get the username...all they need is access to a pc or even certain apple products

There are weaker hashes, yes. What I've see on Linux these days is a pretty damn long hash. I doubt you could de-hash that even if you got the username by other means (such as email address). Note that the hashes on Linux are stored in the shadow file, and that is not accessible except as root.

If you already gained root access, you hardly need individual passwords.

Juan · Dec 22, 2020

TheKrell said:
There are weaker hashes, yes. What I've see on Linux these days is a pretty damn long hash. I doubt you could de-hash that even if you got the username by other means (such as email address).

I can post some websites...its much easier than you belive..the best pass word is a long sentence..but you need to change them regularly

Juan · Dec 22, 2020

TheKrell said:
There are weaker hashes, yes. What I've see on Linux these days is a pretty damn long hash. I doubt you could de-hash that even if you got the username by other means (such as email address). Note that the hashes on Linux are stored in the shadow file, and that is not accessible except as root.

If you already gained root access, you hardly need individual passwords.

CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc. ( moderator if this is wrong please remove)

NYDutch · Dec 22, 2020

Juan said:
CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc. ( moderator if this is wrong please remove)

I see they require non-salted hashes to attempt to crack...

Juan · Dec 22, 2020

NYDutch said:
I see they require non-salted hashes to attempt to crack...

You can get salted too...that costs $$$$

NYDutch · Dec 22, 2020

Juan said:
You can get salted too...that costs $$$$

If the cost to access the encrypted data is more than the value of the data, there's little incentive to access that data. I don't think anyone would find much value in accessing my data worth paying for.

Juan · Dec 22, 2020

NYDutch said:
If the cost to access the encrypted data is more than the value of the data, there's little incentive to access that data. I don't think anyone would find much value in accessing my data worth paying for.

Umm..it all depends what you are looking for...remember I only posted the obvious site...the police have much more powerful tools...whatever the police have..the bad guys have

NYDutch · Dec 22, 2020

Juan said:
Umm..it all depends what you are looking for...remember I only posted the obvious site...the police have much more powerful tools...whatever the police have..the bad guys have

Either way that still doesn't make my data worth the effort to access it. A legal authority has much better means of getting the data they might want without bothering to decrypt my account data.

Is your glass always half empty?

Juan · Dec 22, 2020

NYDutch said:
Either way that still doesn't make my data worth the effort to access it. A legal authority has much better means of getting the data they might want without bothering to decrypt my my account data.

Is your glass always half empty?

You still don't understand...everything on your cellphone is hackable..if you use wifi

NYDutch · Dec 22, 2020

Juan said:
You still don't understand...everything on your cellphone is hackable..if you use wifi

Well, if they want to know what book I'm reading on my phone or what the weather is where I am, they could just ask. I use my direct phone data most of the time, and my WiFi comes from my cell hotspots, so good luck hacking through that only to find little of any value if they did manage to get in...

harshness · Dec 23, 2020

Juan said:
I can post some websites...its much easier than you belive..the best pass word is a long sentence..but you need to change them regularly

The best password probably involves many punctuation characters and as little of the alphabet as possible. Using a good password manager makes that easy.

Long sentences don't play well for several reasons:

password length limits (the longest I've seen is 32 characters)
character type requirements probably aren't met with sentences (up to four different kinds of characters - upper, lower, numeric, punctuation)
likelihood of typos if you don't use a password manager

The silly thing about the first reason is that no matter how long the password is, a modern hash will typically be the same length.

Changing your password frequently isn't of much value unless you suspect that a site has been compromised or that they're using software that isn't maintained.

Juan · Dec 23, 2020

harshness said:
The best password probably involves many punctuation characters and as little of the alphabet as possible. Using a good password manager makes that easy.

Long sentences don't play well for several reasons:

password length limits (the longest I've seen is 32 characters)

character type requirements probably aren't met with sentences (up to four different kinds of characters - upper, lower, numeric, punctuation)

likelihood of typos if you don't use a password manager

The silly thing about the first reason is that no matter how long the password is, a modern hash will typically be the same length.

Changing your password frequently isn't of much value unless you suspect that a site has been compromised or that they're using software that isn't maintained.

Sorry..but that really doesn't help that much anymore

ZetaMale · Dec 23, 2020

Don in CT said:
Use complex passwords of at least 20 characters.

Some special characters aren't allowed on some websites or you're restricted to 10 characters. Which makes me growl. But what is one to do? At least my passwords are different for every website. Some websites have 2 factor authorization by text message, e-mail, or yubikey.

Don in CT · Dec 23, 2020

johnnynobody said:
Some special characters aren't allowed on some websites or you're restricted to 10 characters. Which makes me growl. But what is one to do? At least my passwords are different for every website. Some websites have 2 factor authorization by text message, e-mail, or yubikey.

That pisses me off when a website limits a password to 12 or less and no special characters.

ZetaMale · Dec 23, 2020

Juan said:
You still don't understand...everything on your cellphone is hackable..if you use wifi

Maybe I don't understand what you're trying to say but I would imagine that using WPA2/AES and a VPN would keep out hackers.

Don in CT · Dec 23, 2020

johnnynobody said:
Maybe I don't understand what you're trying to say but I would imagine that using WPA2/AES and a VPN would keep out hackers.

End to end encryption is the only option.

Data breach on this site?

Member of the Month - July 2014!

Supporting Founder

SatelliteGuys Master

Supporting Founder

A mighty and noble race originating on Altair IV.

Supporting Founder

Supporting Founder

SatelliteGuys Master

Supporting Founder

SatelliteGuys Master

Supporting Founder

SatelliteGuys Master

Supporting Founder

SatelliteGuys Master

SatelliteGuys Master

Supporting Founder

Free speech is more important than your feelings

SatelliteGuys Master

Free speech is more important than your feelings

SatelliteGuys Master

Similar threads

Users Who Are Viewing This Thread (Total: 0, Members: 0, Guests: 0)

Who Read This Thread (Total Members: 1)

Share this page