Data breach on this site?

[navychop]

BELIEVE what? That Chrome doesn't save passwords unless I want it to? Yes... Chrome is built on the open source Chromium engine, and I'm quite capable of reviewing the inner workings.

That Chrome, etc, don’t have records/traces of your PWs, saved or not.

I’ve given up on expecting any privacy.


Side note: Sometime in or around the 60s, the Soviets tried to compromise an African leader. They provided him with beautiful women. Then showed him part of what they taped, threatening to release them.

He was elated, and asked for a copy!

(Whoops)

 

[Juan]

Hashes are fairly useless. The don't work as passwords themselves and they're typically pretty difficult to crack if the software has any of the recommended protocols involved (especially salting).

Thats not true at all..plenty of websites can workout hashes

 

[harshness]

Thats not true at all..plenty of websites can workout hashes

I didn't say that they couldn't use plaintext or some other simple encoding. I said that you can't use a captured hash in lieu of a password.

Web admins like hashes because saves them a lot of trouble and prevents most leaks from yielding useful credentials. PHP, the basis of many websites, has all the required tools built in.

 

[Juan]

That Chrome, etc, don’t have records/traces of your PWs, saved or not.

I’ve given up on expecting any privacy.


Side note: Sometime in or around the 60s, the Soviets tried to compromise an African leader. They provided him with beautiful women. Then showed him part of what they taped, threatening to release them.

He was elated, and asked for a copy!

(Whoops)

T

I didn't say that they couldn't use plaintext or some other simple encoding. I said that you can't use a captured hash in lieu of a password.

Web admins like hashes because saves them a lot of trouble and prevents most leaks from yielding useful credentials. PHP, the basis of many websites, has all the required tools built in.

I am telling you that there are easy to use websites that break hashes...if you can get the hash..you can get the username...all they need is access to a pc or even certain apple products

 

[TheKrell]

I am telling you that there are easy to use websites that break hashes...if you can get the hash..you can get the username...all they need is access to a pc or even certain apple products

There are weaker hashes, yes. What I've see on Linux these days is a pretty damn long hash. I doubt you could de-hash that even if you got the username by other means (such as email address). Note that the hashes on Linux are stored in the shadow file, and that is not accessible except as root.

If you already gained root access, you hardly need individual passwords.

 

[Juan]

There are weaker hashes, yes. What I've see on Linux these days is a pretty damn long hash. I doubt you could de-hash that even if you got the username by other means (such as email address).

I can post some websites...its much easier than you belive..the best pass word is a long sentence..but you need to change them regularly

 

[Juan]

There are weaker hashes, yes. What I've see on Linux these days is a pretty damn long hash. I doubt you could de-hash that even if you got the username by other means (such as email address). Note that the hashes on Linux are stored in the shadow file, and that is not accessible except as root.

If you already gained root access, you hardly need individual passwords.

CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc. ( moderator if this is wrong please remove)

 

[NYDutch]

CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc. ( moderator if this is wrong please remove)

I see they require non-salted hashes to attempt to crack...

 

[Juan]

I see they require non-salted hashes to attempt to crack...

You can get salted too...that costs $$$$

 

[NYDutch]

You can get salted too...that costs $$$$

If the cost to access the encrypted data is more than the value of the data, there's little incentive to access that data. I don't think anyone would find much value in accessing my data worth paying for.

 

[Juan]

If the cost to access the encrypted data is more than the value of the data, there's little incentive to access that data. I don't think anyone would find much value in accessing my data worth paying for.

Umm..it all depends what you are looking for...remember I only posted the obvious site...the police have much more powerful tools...whatever the police have..the bad guys have

 

[NYDutch]

Umm..it all depends what you are looking for...remember I only posted the obvious site...the police have much more powerful tools...whatever the police have..the bad guys have

Either way that still doesn't make my data worth the effort to access it. A legal authority has much better means of getting the data they might want without bothering to decrypt my account data.

Is your glass always half empty?

 

[Juan]

Either way that still doesn't make my data worth the effort to access it. A legal authority has much better means of getting the data they might want without bothering to decrypt my my account data.

Is your glass always half empty?

You still don't understand...everything on your cellphone is hackable..if you use wifi

 

[NYDutch]

You still don't understand...everything on your cellphone is hackable..if you use wifi

Well, if they want to know what book I'm reading on my phone or what the weather is where I am, they could just ask. I use my direct phone data most of the time, and my WiFi comes from my cell hotspots, so good luck hacking through that only to find little of any value if they did manage to get in...

 

[harshness]

I can post some websites...its much easier than you belive..the best pass word is a long sentence..but you need to change them regularly

The best password probably involves many punctuation characters and as little of the alphabet as possible. Using a good password manager makes that easy.

Long sentences don't play well for several reasons:

1. password length limits (the longest I've seen is 32 characters)
2. character type requirements probably aren't met with sentences (up to four different kinds of characters - upper, lower, numeric, punctuation)
3. likelihood of typos if you don't use a password manager

The silly thing about the first reason is that no matter how long the password is, a modern hash will typically be the same length.

Changing your password frequently isn't of much value unless you suspect that a site has been compromised or that they're using software that isn't maintained.

 

[Juan]

The best password probably involves many punctuation characters and as little of the alphabet as possible. Using a good password manager makes that easy.

Long sentences don't play well for several reasons:

1. password length limits (the longest I've seen is 32 characters)
2. character type requirements probably aren't met with sentences (up to four different kinds of characters - upper, lower, numeric, punctuation)
3. likelihood of typos if you don't use a password manager

The silly thing about the first reason is that no matter how long the password is, a modern hash will typically be the same length.

Changing your password frequently isn't of much value unless you suspect that a site has been compromised or that they're using software that isn't maintained.

Sorry..but that really doesn't help that much anymore

 

[LocutusOfBorg]

Use complex passwords of at least 20 characters.

Some special characters aren't allowed on some websites or you're restricted to 10 characters. Which makes me growl. But what is one to do? At least my passwords are different for every website. Some websites have 2 factor authorization by text message, e-mail, or yubikey.

 

[Don in CT]

Some special characters aren't allowed on some websites or you're restricted to 10 characters. Which makes me growl. But what is one to do? At least my passwords are different for every website. Some websites have 2 factor authorization by text message, e-mail, or yubikey.

That pisses me off when a website limits a password to 12 or less and no special characters.

 

[LocutusOfBorg]

You still don't understand...everything on your cellphone is hackable..if you use wifi

Maybe I don't understand what you're trying to say but I would imagine that using WPA2/AES and a VPN would keep out hackers.

 

[Don in CT]

Maybe I don't understand what you're trying to say but I would imagine that using WPA2/AES and a VPN would keep out hackers.

End to end encryption is the only option.