Thread: Security reminder
View Single Post
Old 05-18-2008, 21:53   #13
Omnedon
Provider
Omnedon Unskilled  
  Activity Longevity
0/203/20
Posts: 151
Blog Entries: 5
Avatar Name:
Tamryn Oscuro Kelsey
Location: Kalamazoo, MI, USA, in front of the computer(s)
EFD: 2,252.77
Reputation: Unskilled
Fame: 15 Achievements: 1
permalink
Quote:
Originally Posted by extince View Post
In theory u can do md5-collisionchecks .. sure i guess the passwords got a salt within the md5, but still, in theory its still possible to get the password back in plaintext Many examples from sweden about that issue (sites gets hacked and databases started to spread, even with salt they succeed to get passwords from this )
This is generally known as a brute force attack (simplified as a dictionary attack as most people use "common" words as passwords) which is throwing everything through the md5 routine and checking to see if anything that comes out matches an encrypted password in the database.

The only reasonable defense is the use of longer passwords with more complexity. Still won't be entirely safe (if the attacker has a copy of the password database) but will increase the time needed to yield anything useful.

Don't use your name, street address, birthdate, or any other "common" words as password and you make your account much harder to crack.

Quote:
Originally Posted by extince View Post
But, i guess you as admin don't have any interest of it
What exactly are the admins supposed to do to "show interest"? Unless they are "teh ubar programmers", other than use of forum software that encrypts passwords and making sure the server is secure (which is behind the scenes), there is not really much they can do.
Omnedon is offline Reply With Quote