CrazyEngineers
CrazyEngineers

  • passwords

    abhimanipal

    Member

    Updated: Oct 25, 2024
    Views: 1.1K
    how are passwords stored of each individual users in web sites like orkut/yahoo etc. ????if it is stored in the orignal form will not be very easy for the administrators to obtain them ???
    0
    Replies
Howdy guest!
Dear guest, you must be logged-in to participate on CrazyEngineers. We would love to have you as a member of our community. Consider creating an account or login.
Replies

  • Kaustubh Katdare

    AdministratorDec 25, 2006

    abhimanipal
    how are passwords stored of each individual users in web sites like orkut/yahoo etc. ????if it is stored in the orignal form will not be very easy for the administrators to obtain them ???
    Passwords are usually stored in encrypted form. Therefore, even the administrators cannot read your passwords.

    On CrazyEngineers, the passwords are stored in encrypted form. The administrator can only reset your password. This is to ensure that your privacy is protected.

    I hope this answers your question.

    -The Big K-
    Are you sure? This action cannot be undone.
    Cancel

  • Prasad Ajinkya

    MemberDec 25, 2006

    A safer method for saving passwords would be hashing them and storing the hash key ... a la md5. Thus, the sanctity of the password remains only with the user who has input it. When the user is inputting this in through a form, there should also be a client side .js file which can convert the pswd into a hashkey and then submit this over the net. Thus, the actual password is never transmitted on the net. howzzat?
    Are you sure? This action cannot be undone.
    Cancel

  • SudhaKar Arjunan

    MemberJan 4, 2007

    Ya What admin says is correct,

    As me to a Admin in other site,

    @ any rate the Admin or any one could not able to see the password of their users.

    Rather he/she can reset or Give New Password.

    Bcoz passwords are the only hidden thing by machines in the form of encryption , decryption , authorization etc...
    Where Human Contnously try to waste trying by haking ...

    Hope So, It helped

    Regards,
    A.Sk...
    Are you sure? This action cannot be undone.
    Cancel

  • Anil Jain

    MemberJan 28, 2007

    kidakaka
    A safer method for saving passwords would be hashing them and storing the hash key ... a la md5. Thus, the sanctity of the password remains only with the user who has input it. When the user is inputting this in through a form, there should also be a client side .js file which can convert the pswd into a hashkey and then submit this over the net. Thus, the actual password is never transmitted on the net. howzzat?
    Am not a hacker.. BUt for your kind information I read siomewhere that seemingly great MD5 files can be hacked.. (although its tough to solve factorial 20 combination.. ) but I can write a program for facorials and break it.. Am I CRAZY on this.. or this is impossible.. ???

    Your comments...???

    --crazy
    Are you sure? This action cannot be undone.
    Cancel

  • pad

    MemberJan 28, 2007

    crazyboy
    Am not a hacker.. BUt for your kind information I read siomewhere that seemingly great MD5 files can be hacked.. (although its tough to solve factorial 20 combination.. ) but I can write a program for facorials and break it.. Am I CRAZY on this.. or this is impossible.. ???

    Your comments...???

    --crazy
    Dear Crazy... well that is a cray idea but certainely not something new...

    i'll describe first the shadow mechanism from the Unix world and tell you what is possible and what is not.

    when i change/set my password system computes a hash using a "salt" to add computational complexity. i.e. same algorithm with same password will not generate the same hash without using same salt. so if i add a 10 bit salt i can have about 1024 different hashes for the same password with same hashing algorithm.

    my password is never ever saved on a host.

    now breaking the password (well this is wrong to say.. right is find the loophole in password verification method... but for the sake of siplicity we'll use the term u use).....

    what is possible... well write a program that computes hash for all the stings supplied to it with all the possible salts and compare the results with the hash at hand if hash matches then u've broken the password.

    sounds simple... right... ? to me too theoritically...

    now do some mathematics and compute how much time is required to braek a password of length 8 characters and every character can be one of 80 possible characters. (if i am right it is 80*80*80*80*80*80*80*80=1,677,721,600,000,000 combinations) now multiply it with 1024 (1,717,986,918,400,000,000) to accomodate salts...

    if we compute 1,000,000 passwords a second we require 1,717,986,918,400 seconds, which equals 828504.49 days or 2269.87 years.... of course the worst case scenerio... average case about 1000 years...and best case you already know the password

    how crazy this seems to you now...😉
    Are you sure? This action cannot be undone.
    Cancel

  • SudhaKar Arjunan

    MemberJan 29, 2007

    pad really your infos with explanations were sounds good.

    I got cleared perfectly.

    Regards,
    A.Sudhakar...
    Are you sure? This action cannot be undone.
    Cancel

  • miteshmanani

    MemberFeb 8, 2007

    hey recently i saw ankit fadia on televion on some of the news channel and demontrated on hacking of passwords quite easily.
    that is supposed to be caled as Ethical Hacking.
    Can ne one contribute information on what "Ethical Hacking" actually.
    I appreciate the above information conveyed is fantastic and does take years to break password but then how that person could do it?
    Are you sure? This action cannot be undone.
    Cancel

  • pad

    MemberFeb 26, 2007

    miteshmanani
    hey recently i saw ankit fadia on televion on some of the news channel and demontrated on hacking of passwords quite easily.
    that is supposed to be caled as Ethical Hacking.
    Can ne one contribute information on what "Ethical Hacking" actually.
    I appreciate the above information conveyed is fantastic and does take years to break password but then how that person could do it?
    i'm no authority on Ankit Fadia... why dont you try and find something on him in Real IT security groups...

    i found following...

    #-Link-Snipped-#
    <a href="https://www.whoisdeep.com/2005/10/01/ankit-dos-what/" target="_blank" rel="nofollow noopener noreferrer">Ankit, DOS what?</a>

    no insult meant... no personal grudge...
    Are you sure? This action cannot be undone.
    Cancel

  • miteshmanani

    MemberMar 5, 2007

    pad
    i'm no authority on Ankit Fadia... why dont you try and find something on him in Real IT security groups...

    i found following...

    #-Link-Snipped-#
    <a href="https://www.whoisdeep.com/2005/10/01/ankit-dos-what/" target="_blank" rel="nofollow noopener noreferrer">Ankit, DOS what?</a>

    no insult meant... no personal grudge...
    wooohh...that was like a rocket fired no sooner you might have seen his name. neways m no fan of him. just requested a peice of infomation on ethical hacking.
    Are you sure? This action cannot be undone.
    Cancel

  • kalyan553

    MemberAug 16, 2011

    computer stores password hash key instead of password
    Are you sure? This action cannot be undone.
    Cancel
Home Channels Search Login Register