passwords

Replies

• 

  Kaustubh Katdare

  abhimanipal

  how are passwords stored of each individual users in web sites like orkut/yahoo etc. ????if it is stored in the orignal form will not be very easy for the administrators to obtain them ???

  Passwords are usually stored in encrypted form. Therefore, even the administrators cannot read your passwords.
  
  On CrazyEngineers, the passwords are stored in encrypted form. The administrator can only reset your password. This is to ensure that your privacy is protected.
  
  I hope this answers your question.
  
  -The Big K-
• 

  Prasad Ajinkya

  A safer method for saving passwords would be hashing them and storing the hash key ... a la md5. Thus, the sanctity of the password remains only with the user who has input it. When the user is inputting this in through a form, there should also be a client side .js file which can convert the pswd into a hashkey and then submit this over the net. Thus, the actual password is never transmitted on the net. howzzat?
• 

  A SudhaKar

  Ya What admin says is correct,
  
  As me to a Admin in other site,
  
  @ any rate the Admin or any one could not able to see the password of their users.
  
  Rather he/she can reset or Give New Password.
  
  Bcoz passwords are the only hidden thing by machines in the form of encryption , decryption , authorization etc...
  Where Human Contnously try to waste trying by haking ...
  
  Hope So, It helped
  
  Regards,
  A.Sk...
• 

  Anil Jain

  kidakaka

  A safer method for saving passwords would be hashing them and storing the hash key ... a la md5. Thus, the sanctity of the password remains only with the user who has input it. When the user is inputting this in through a form, there should also be a client side .js file which can convert the pswd into a hashkey and then submit this over the net. Thus, the actual password is never transmitted on the net. howzzat?

  Am not a hacker.. BUt for your kind information I read siomewhere that seemingly great MD5 files can be hacked.. (although its tough to solve factorial 20 combination.. ) but I can write a program for facorials and break it.. Am I CRAZY on this.. or this is impossible.. ???
  
  Your comments...???
  
  --crazy
• 

  pad

  crazyboy

  Am not a hacker.. BUt for your kind information I read siomewhere that seemingly great MD5 files can be hacked.. (although its tough to solve factorial 20 combination.. ) but I can write a program for facorials and break it.. Am I CRAZY on this.. or this is impossible.. ???
  
  Your comments...???
  
  --crazy

  Dear Crazy... well that is a cray idea but certainely not something new...
  
  i'll describe first the shadow mechanism from the Unix world and tell you what is possible and what is not.
  
  when i change/set my password system computes a hash using a "salt" to add computational complexity. i.e. same algorithm with same password will not generate the same hash without using same salt. so if i add a 10 bit salt i can have about 1024 different hashes for the same password with same hashing algorithm.
  
  my password is never ever saved on a host.
  
  now breaking the password (well this is wrong to say.. right is find the loophole in password verification method... but for the sake of siplicity we'll use the term u use).....
  
  what is possible... well write a program that computes hash for all the stings supplied to it with all the possible salts and compare the results with the hash at hand if hash matches then u've broken the password.
  
  sounds simple... right... ? to me too theoritically...
  
  now do some mathematics and compute how much time is required to braek a password of length 8 characters and every character can be one of 80 possible characters. (if i am right it is 80*80*80*80*80*80*80*80=1,677,721,600,000,000 combinations) now multiply it with 1024 (1,717,986,918,400,000,000) to accomodate salts...
  
  if we compute 1,000,000 passwords a second we require 1,717,986,918,400 seconds, which equals 828504.49 days or 2269.87 years.... of course the worst case scenerio... average case about 1000 years...and best case you already know the password
  
  how crazy this seems to you now...😉
• 

  A SudhaKar

  pad really your infos with explanations were sounds good.
  
  I got cleared perfectly.
  
  Regards,
  A.Sudhakar...
• 

  miteshmanani

  hey recently i saw ankit fadia on televion on some of the news channel and demontrated on hacking of passwords quite easily.
  that is supposed to be caled as Ethical Hacking.
  Can ne one contribute information on what "Ethical Hacking" actually.
  I appreciate the above information conveyed is fantastic and does take years to break password but then how that person could do it?
• 

  pad

  miteshmanani

  hey recently i saw ankit fadia on televion on some of the news channel and demontrated on hacking of passwords quite easily.
  that is supposed to be caled as Ethical Hacking.
  Can ne one contribute information on what "Ethical Hacking" actually.
  I appreciate the above information conveyed is fantastic and does take years to break password but then how that person could do it?

  i'm no authority on Ankit Fadia... why dont you try and find something on him in Real IT security groups...
  
  i found following...
  
  #-Link-Snipped-#
  Ankit, DOS what?
  
  no insult meant... no personal grudge...
• 

  miteshmanani

  pad

  i'm no authority on Ankit Fadia... why dont you try and find something on him in Real IT security groups...
  
  i found following...
  
  #-Link-Snipped-#
  Ankit, DOS what?
  
  no insult meant... no personal grudge...

  wooohh...that was like a rocket fired no sooner you might have seen his name. neways m no fan of him. just requested a peice of infomation on ethical hacking.
• 

  kalyan553

  computer stores password hash key instead of password