User Name
Password

Go Back   Planetarion Forums > Planetarion Related Forums > Planetarion Discussions

Reply
Thread Tools Display Modes
Unread 25 Aug 2005, 10:11   #1
Lockhead
Cabeza Coder
 
Join Date: Oct 2000
Posts: 212
Lockhead is a jewel in the roughLockhead is a jewel in the roughLockhead is a jewel in the rough
Angry How can this be? Change your passes...

Hi

I just noticed something......that really SHOULDNT be done.

Why is my PA password NOT encrypted in the database?

Thats a NO NO NO in Coding..........................................

an angry Lockhead
__________________
Lockhead
Developer, Solutions Architect, DevOps Engineer

lockhead.net

Quote:
Round 24 Conspiracy HC Comment at my planet
<Germania> 4.9.1
<Germania> hes our top hostile
Lockhead is offline   Reply With Quote
Unread 25 Aug 2005, 10:37   #2
wakey
Hamster
 
wakey's Avatar
 
Join Date: Apr 2000
Location: Crewe, England
Posts: 3,606
wakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like him
Re: How can this be? Change your passes...

And you know its not encrypted how?
__________________
Wakey
PD and Suggestions Moderator
Co-founder of [F-Crew]
The Farnborough Crew
Cos anything else is just an alliance
Join our public channel at #f-crew
wakey is offline   Reply With Quote
Unread 25 Aug 2005, 10:49   #3
Lockhead
Cabeza Coder
 
Join Date: Oct 2000
Posts: 212
Lockhead is a jewel in the roughLockhead is a jewel in the roughLockhead is a jewel in the rough
Re: How can this be? Change your passes...

Use the "Email Password" feature...

You get your real pass back, not a new one.

md5 cant be de-encrypted.
__________________
Lockhead
Developer, Solutions Architect, DevOps Engineer

lockhead.net

Quote:
Round 24 Conspiracy HC Comment at my planet
<Germania> 4.9.1
<Germania> hes our top hostile
Lockhead is offline   Reply With Quote
Unread 25 Aug 2005, 11:11   #4
Gio2k
Bolivian Alpaca
 
Gio2k's Avatar
 
Join Date: Jun 2004
Posts: 912
Gio2k has a reputation beyond reputeGio2k has a reputation beyond reputeGio2k has a reputation beyond reputeGio2k has a reputation beyond reputeGio2k has a reputation beyond reputeGio2k has a reputation beyond reputeGio2k has a reputation beyond reputeGio2k has a reputation beyond reputeGio2k has a reputation beyond reputeGio2k has a reputation beyond reputeGio2k has a reputation beyond repute
Re: How can this be? Change your passes...

Maybe they use a decryptable method.
But most probably, you are right. Don't use your CC number as password
__________________
"I throw myself into the sea, release the wave, let it wash over me ..."
MadCowS - Angels - eXilition - Destiny - Wolfpack - Jenova - p3nguins
Gio2k is offline   Reply With Quote
Unread 25 Aug 2005, 11:19   #5
wakey
Hamster
 
wakey's Avatar
 
Join Date: Apr 2000
Location: Crewe, England
Posts: 3,606
wakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like himwakey is an inspiration to us all and we should try to be more like him
Re: How can this be? Change your passes...

Quote:
Originally Posted by Lockhead
Use the "Email Password" feature...

You get your real pass back, not a new one.

md5 cant be de-encrypted.
Many sites allow you to retrieve your password, this doesnt mean they arr stored unencrypted. Take Amazon for example, do you really think they take major risks with security when its a simple solution, no they dont but guess what you can retrieve your password still.

md5 is not the only encryption algorithm out there and there are many out there that use key systems to allow for the information to be decrypted for those whom have the right credentials.

oh and md5 can be decrypted btw, if it hasnt been cracked yet that doesnt mean it cant be because anything thats done to encrypt something can be reversed. Assuming that an encryption method is perfectly sound and secure is as much of a development no no as leaving the password field unencrypted
__________________
Wakey
PD and Suggestions Moderator
Co-founder of [F-Crew]
The Farnborough Crew
Cos anything else is just an alliance
Join our public channel at #f-crew
wakey is offline   Reply With Quote
Unread 25 Aug 2005, 11:34   #6
Heartless
CRASHING BEATS 'N FANTASY
 
Heartless's Avatar
 
Join Date: Mar 2001
Location: Cold Country.
Posts: 1,912
Heartless is an inspiration to us all and we should try to be more like himHeartless is an inspiration to us all and we should try to be more like himHeartless is an inspiration to us all and we should try to be more like himHeartless is an inspiration to us all and we should try to be more like himHeartless is an inspiration to us all and we should try to be more like himHeartless is an inspiration to us all and we should try to be more like himHeartless is an inspiration to us all and we should try to be more like himHeartless is an inspiration to us all and we should try to be more like himHeartless is an inspiration to us all and we should try to be more like himHeartless is an inspiration to us all and we should try to be more like himHeartless is an inspiration to us all and we should try to be more like him
Re: How can this be? Change your passes...

Quote:
Originally Posted by wakey
oh and md5 can be decrypted btw, if it hasnt been cracked yet that doesnt mean it cant be because anything thats done to encrypt something can be reversed. Assuming that an encryption method is perfectly sound and secure is as much of a development no no as leaving the password field unencrypted
You cannot decrypt a hash. MD5 generates a 32-Byte hash out of any datastream, no matter how long it is.
You can find datastreams with identical hashes, though, that is called collision attack. And MD5 is vulnerable to those.
__________________
Ià! Ià! Munin F'tagn! - [*scendancy]
Heartless is offline   Reply With Quote
Unread 25 Aug 2005, 11:47   #7
Phil^
Insomniac
 
Phil^'s Avatar
 
Join Date: May 2003
Posts: 3,583
Phil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus would
Re: How can this be? Change your passes...

theres a mysql Encrypt() function which can retrieve it, or there could be a seperate algorithm to encode it.
Ive not seen the code so i have no idea which is in effect, if any but there are several ways it could be encrypted and still be retrievable
__________________
Phil^
Phil^ is offline   Reply With Quote
Unread 25 Aug 2005, 14:13   #8
Ramihyn
Emperor
 
Join Date: Jul 2001
Location: in front of a computer
Posts: 490
Ramihyn has much to be proud ofRamihyn has much to be proud ofRamihyn has much to be proud ofRamihyn has much to be proud ofRamihyn has much to be proud ofRamihyn has much to be proud ofRamihyn has much to be proud ofRamihyn has much to be proud ofRamihyn has much to be proud of
Re: How can this be? Change your passes...

It really hurts to read this large amount of misinformation :s

hashing isnt encryption.

MD5 was considered weak in 1996 already and migration to SHA1 was advised for a decade.

Since at least 2004 there are several confirmed efficient attacks on MD5 and it is considered "broken" nowadays. (See the papers of Xiaoyun Wang, Dengguo Feng, Xuejia Lai and Hongbo Yu).

MD5 does NOT generate a 32-Byte sum but a 128-bit sum.

Nobody "de-crypts" passwords unless they are ... "without any clue".

The SQL encrypt() function uses the unix "crypt" system call. Read the corresponding man-page why its a bad idea to use the crypt() system call (Hint: its a salt-based DES implementation as used in traditional unix password encryption). Nevertheless it is not _THAT_ weak that you can "decrypt" it (in a practical timely way by software only) - not even mysql

Oh and the general opinion that "if it has been done by a human - it can be broken by a human" which wakey hinted at - you may want to check out "quantenkryptographie". (none of my translators know the english word for it - but if you are really interested, i will look up some english articles about it - basically it is revolves around heisenbergs unschärfetheorie and its limitations - ofc. you can argue that even "law of nature" is only a temporary scientific viewpoint).

The ability to recover a password may not have to do anything with how a password is stored in the database used for account verification anyway.
Ramihyn is offline   Reply With Quote
Unread 25 Aug 2005, 14:55   #9
kaos
peon
 
Join Date: Mar 2001
Posts: 163
kaos is an unknown quantity at this point
Re: How can this be? Change your passes...

everybody but Ramihyn should go back to school and read something about cryptography
but i don't really think md5 is THAT weak (for those cryptographers everything which is faster then brute force makes and algorithm weak in their eyes ... but i think we'll have 128 bit quantum computers before a home pc can crack an md5 hash in a reasonable time)

wakey: amazon doesn't send you your current password, they send you an email with a link to a site where you can change your password, there is no way to retrieve your current password

Ramihyn: i think the (naive ?) translation would be quantum cryptography (yields some results at google too, so can't be that far off )

Lockhead: would you have expected anything reasonable from that absoluty non buggy (yay at input validation ...) r10 code where you could even make your ships origin be a fake coord?
that almost like thinking that angie would do any better then our current beloved "kanzler"

edit: @ pateam: i don't really think i have to mention how ridiculous this is ...
__________________
Elysium / patools
kaos is offline   Reply With Quote
Unread 25 Aug 2005, 18:37   #10
Bashar
Idle Git
 
Join Date: Aug 2001
Location: Wandering
Posts: 1,550
Bashar is a pillar of this Internet societyBashar is a pillar of this Internet societyBashar is a pillar of this Internet societyBashar is a pillar of this Internet societyBashar is a pillar of this Internet societyBashar is a pillar of this Internet societyBashar is a pillar of this Internet societyBashar is a pillar of this Internet societyBashar is a pillar of this Internet societyBashar is a pillar of this Internet societyBashar is a pillar of this Internet society
Re: How can this be? Change your passes...

AFAIK passwords have never been encrypted in PA. What do you think the main method of multi-hunting has been over the rounds?

This is why my password to PA is different to my password to anything I actually care about.
__________________
Here we go again....
Bashar is offline   Reply With Quote
Unread 26 Aug 2005, 03:14   #11
xtothez
¯¯¯¯¯¯¯¯¯
 
xtothez's Avatar
 
Join Date: May 2001
Location: Sept 2057
Posts: 1,813
xtothez has much to be proud ofxtothez has much to be proud ofxtothez has much to be proud ofxtothez has much to be proud ofxtothez has much to be proud ofxtothez has much to be proud ofxtothez has much to be proud ofxtothez has much to be proud ofxtothez has much to be proud ofxtothez has much to be proud of
Re: How can this be? Change your passes...

Quote:
Originally Posted by Bashar
This is why my password to PA is different to my password to anything I actually care about.
...and also why my login name is randomly selected each round.
__________________
in my sig i write down all my previous co-ords and alliance positions as if they matter because I'm not important enough to be remembered by nickname alone.
xtothez is offline   Reply With Quote
Reply


Thread Tools
Display Modes

Forum Jump


All times are GMT +1. The time now is 06:05.


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2018