VaultNetwork.net Vault Network Boards

VaultNetwork.net: Vault Network Boards | Boards

[VaultNetwork.net] Vault Network Boards » Archive » Outpost » Sinlock's board emails your password in plain text
Welcome, Guest - Login | Register | Search | Blogs | Board Rules/FAQ | Contact Mods
Author Topic: Sinlock's board emails your password in plain text [Locked]
NuEM  4 stars
Posts: 1,007
Registered: 2004-3-2 09:08:11
 Date Posted: 1/1/00 12:00am Subject: Sinlock's board emails your password in plain text
Yay!

 

-----signature-----
It's time we became European:
http://www.youtube.com/watch?v=6VzdZ1i8YM8
The Federalist's Song:
http://www.youtube.com/watch?v=lz70fFZHEhw
Darkblade_The_Great  1 star
Posts: 150
Registered: 2000-8-10 09:20:33
 Date Posted: 1/1/00 12:00am Subject: Sinlock's board emails your password in plain text
paulg_68 posted:
I used a different password than I ever use anywhere else because I know that Sinlock is evil and devious.

 

-----signature-----

the less you gamble, the more you lose when you win.
"Just get us on the ground." "I think that part'll happen pretty definitely!"
Freedom only lives where good men make a stand
Sinlock  2 stars
Title: Savior of the Camelot Outpost
Posts: 376
Registered: 2000-5-14 16:20:01
 Date Posted: 1/1/00 12:00am Subject: Sinlock's board emails your password in plain text
I'm an idiot. Post edited.

 

-----signature-----
THOOOOKA...THOOOOOKA...THOOOOOKA...
Future Grand President For Life of the Universe (you'll see! you'll be sorry then!)
Outpost Terrorist #1! I don't care what any law says!
NuEM  4 stars
Posts: 1,007
Registered: 2004-3-2 09:08:11
 Date Posted: 1/1/00 12:00am Subject: Sinlock's board emails your password in plain text
nt

 

-----signature-----
It's time we became European:
http://www.youtube.com/watch?v=6VzdZ1i8YM8
The Federalist's Song:
http://www.youtube.com/watch?v=lz70fFZHEhw
Sinlock  2 stars
Title: Savior of the Camelot Outpost
Posts: 376
Registered: 2000-5-14 16:20:01
 Date Posted: 1/1/00 12:00am Subject: Sinlock's board emails your password in plain text
bstulic posted:
Sinlock posted:
paulg_68 posted:
I used a different password than I ever use anywhere else because I know that Sinlock is evil and devious.




I have been known to crack MD5 passwords; that said, if you keep it 10 characters (11 or even 12 is better) with at least one special character/number/cap letter, then it can take YEARS to brute force.

Rainbow tables are another matter. I haven't played with them much, but I understand they are very effective.

Just use unique passwords for sites and there would never be a problem here or anywhere.



Don't crack it, man. Just put code to save it in plain text in your private database



I'm being ethical and stuff. I don't want to do that.

 

-----signature-----
THOOOOKA...THOOOOOKA...THOOOOOKA...
Future Grand President For Life of the Universe (you'll see! you'll be sorry then!)
Outpost Terrorist #1! I don't care what any law says!
bstulic  3 stars
Posts: 761
Registered: 2002-7-26 04:55:00
 Date Posted: 1/1/00 12:00am Subject: Sinlock's board emails your password in plain text
Sinlock posted:
I'm being ethical and stuff. I don't want to do that.



 

-----signature-----
http://gimpchimp.etilader.com/display.php?user=segro
http://img102.imageshack.us/my.php?image=killinguj9.gif
http://www.youtube.com/watch?vRzZuVqyAQI
Scarne  4 stars
Title: Capo di Scientifico
Posts: 1,087
Registered: 2001-7-23 15:24:34
 Date Posted: 1/1/00 12:00am Subject: Sinlock's board emails your password in plain text
You "should" also be salting the passwords so even if the user is dumb, the MD5 codes can't be reversed plausibly. But that might be overkill for the size of your website.

 

-----signature-----
E Pluribus Unum
ZigmundZag  4 stars
Title: Grammar Nazi
Posts: 1,211
Registered: 2002-3-25 23:03:00
 Date Posted: 1/1/00 12:00am Subject: Sinlock's board emails your password in plain text
I have three different tiers of passwords based upon how secure I need it to be. Sinlock's board received a slightly modified version of the lowest tier I use. You could probably rainbow table or brute force the password, but even if you could connect it to other accounts of mine you wouldn't find anything more interesting than a message board to open.

 

-----signature-----
"Take the cheese to sickbay!"
Sinlock  2 stars
Title: Savior of the Camelot Outpost
Posts: 376
Registered: 2000-5-14 16:20:01
 Date Posted: 1/1/00 12:00am Subject: Sinlock's board emails your password in plain text
Scarne posted:
You "should" also be salting the passwords so even if the user is dumb, the MD5 codes can't be reversed plausibly. But that might be overkill for the size of your website.



That is actually an issue with Drupal 6.0, which we use. Drupal 7 does use salts.

I could likely hack drupal 6 to start using salts, but then that would be a potentially maintenance issue when I do drupal updates, which would essentially blow away my hack and then I'd have to remind myself how to do it again.

It's not really a "big" issue, so I'm not worrying too much about it.

 

-----signature-----
THOOOOKA...THOOOOOKA...THOOOOOKA...
Future Grand President For Life of the Universe (you'll see! you'll be sorry then!)
Outpost Terrorist #1! I don't care what any law says!
[VaultNetwork.net] Vault Network Boards » Archive » Outpost » Sinlock's board emails your password in plain text
69 Boards | 434,053 Messages (1 Today)
CoreBB Stable Pre-Release v1.4.0 | © 2005-2026 CoreBB

VaultNetwork.net is an independently operated community forum and is not affiliated with, endorsed by, or technically based on IGN, GameSpy, FilePlanet, GameStats, or the former IGN/GameSpy Vault Network.
References to VaultNetwork.net mean this site/domain. VNBoards-style presentation is a visual homage only. By using this site, you agree to the forum rules.