the so complete pouët.net oneliner
- 2008-05-03
-
jftr: the only pwd i tried to bruteforce (by rainbow tables) was analogue's one (with success oops) but i told him already. no idea whoelse used the same hole before. -
so after he changed all his passwords, are you going to tell us what this password was that exists on rainbow tables? :P - no. he may do it if he wants to, but i won't. (6 chars only lowercase+digits is just too weak nowadays)
-
http://www.viedemerde.fr/ -
well I guess we should have used salts in the password storage anyway.. that'd render the brute force a great deal harder - you can still put md5(login+md5(pwd)) into the db if you want to as long as everyone authenticates via that sceneid.php
-
What are salts? -
mihi: password security isn't an issue as long as the hash is inaccesible - xerno: http://en.wikipedia.org/wiki/Salt_%28cryptography%29
- Gargaj: sure. But can you be sure that the hash is inaccessible (by what kind of adversary)?
-
xernobyl: try to rub some salt into a wound :] - mihi: if you can't be sure, you might as well publish them on the web.
- \The Who\Then And Now\03 - The Kids Are Alright.mp3
- gargaj: IBTD. The advisory might be privileged (e. g. he can walk into the datacenter and steal a hard disk, or get hold of an old backup tape). Or phpmyadmin behind htaccess.
- yeah that's always an issue
- http://thedailywtf.com/Articles/The-Super-Hacker.aspx
-
MY EYES HAVE SEEN YOU ALL ALONE IN THE TOILETS ! - plus nobody listened to me when I suggested to use pki based auth for sceneid ;)
-
uncle x don't get to play. -
"Wenn die Musik nich so laut war, wär sie auch nur halb so schön..." -
http://www.youtube.com/watch?v=FVbf9tOGwno omg :D - 2008-05-04
-
he should rather do a install linux video - *applauses* http://www.youtube.com/watch?v=Ce02YJV3mKg&feature=related
-
that was fucking bad acting - good night -
bush hid the facts