abhimanipal
abhimanipal
Branch Unspecified
25 Dec 2006

passwords

how are passwords stored of each individual users in web sites like orkut/yahoo etc. ????if it is stored in the orignal form will not be very easy for the administrators to obtain them ???
25 Dec 2006
abhimanipal
how are passwords stored of each individual users in web sites like orkut/yahoo etc. ????if it is stored in the orignal form will not be very easy for the administrators to obtain them ???
Passwords are usually stored in encrypted form. Therefore, even the administrators cannot read your passwords.

On CrazyEngineers, the passwords are stored in encrypted form. The administrator can only reset your password. This is to ensure that your privacy is protected.

I hope this answers your question.

-The Big K-
Prasad Ajinkya

Prasad Ajinkya

Branch Unspecified
25 Dec 2006
A safer method for saving passwords would be hashing them and storing the hash key ... a la md5. Thus, the sanctity of the password remains only with the user who has input it. When the user is inputting this in through a form, there should also be a client side .js file which can convert the pswd into a hashkey and then submit this over the net. Thus, the actual password is never transmitted on the net. howzzat?
A SudhaKar

A SudhaKar

Branch Unspecified
04 Jan 2007
Ya What admin says is correct,

As me to a Admin in other site,

@ any rate the Admin or any one could not able to see the password of their users.

Rather he/she can reset or Give New Password.

Bcoz passwords are the only hidden thing by machines in the form of encryption , decryption , authorization etc...
Where Human Contnously try to waste trying by haking ...

Hope So, It helped

Regards,
A.Sk...
28 Jan 2007
kidakaka
A safer method for saving passwords would be hashing them and storing the hash key ... a la md5. Thus, the sanctity of the password remains only with the user who has input it. When the user is inputting this in through a form, there should also be a client side .js file which can convert the pswd into a hashkey and then submit this over the net. Thus, the actual password is never transmitted on the net. howzzat?
Am not a hacker.. BUt for your kind information I read siomewhere that seemingly great MD5 files can be hacked.. (although its tough to solve factorial 20 combination.. ) but I can write a program for facorials and break it.. Am I CRAZY on this.. or this is impossible.. ???

Your comments...???

--crazy
pad

pad

Branch Unspecified
29 Jan 2007
crazyboy
Am not a hacker.. BUt for your kind information I read siomewhere that seemingly great MD5 files can be hacked.. (although its tough to solve factorial 20 combination.. ) but I can write a program for facorials and break it.. Am I CRAZY on this.. or this is impossible.. ???

Your comments...???

--crazy
Dear Crazy... well that is a cray idea but certainely not something new...

i'll describe first the shadow mechanism from the Unix world and tell you what is possible and what is not.

when i change/set my password system computes a hash using a "salt" to add computational complexity. i.e. same algorithm with same password will not generate the same hash without using same salt. so if i add a 10 bit salt i can have about 1024 different hashes for the same password with same hashing algorithm.

my password is never ever saved on a host.

now breaking the password (well this is wrong to say.. right is find the loophole in password verification method... but for the sake of siplicity we'll use the term u use).....

what is possible... well write a program that computes hash for all the stings supplied to it with all the possible salts and compare the results with the hash at hand if hash matches then u've broken the password.

sounds simple... right... ? to me too theoritically...

now do some mathematics and compute how much time is required to braek a password of length 8 characters and every character can be one of 80 possible characters. (if i am right it is 80*80*80*80*80*80*80*80=1,677,721,600,000,000 combinations) now multiply it with 1024 (1,717,986,918,400,000,000) to accomodate salts...

if we compute 1,000,000 passwords a second we require 1,717,986,918,400 seconds, which equals 828504.49 days or 2269.87 years.... of course the worst case scenerio... average case about 1000 years...and best case you already know the password

how crazy this seems to you now...😉
A SudhaKar

A SudhaKar

Branch Unspecified
29 Jan 2007
pad really your infos with explanations were sounds good.

I got cleared perfectly.

Regards,
A.Sudhakar...
miteshmanani

miteshmanani

Branch Unspecified
08 Feb 2007
hey recently i saw ankit fadia on televion on some of the news channel and demontrated on hacking of passwords quite easily.
that is supposed to be caled as Ethical Hacking.
Can ne one contribute information on what "Ethical Hacking" actually.
I appreciate the above information conveyed is fantastic and does take years to break password but then how that person could do it?
pad

pad

Branch Unspecified
27 Feb 2007
miteshmanani
hey recently i saw ankit fadia on televion on some of the news channel and demontrated on hacking of passwords quite easily.
that is supposed to be caled as Ethical Hacking.
Can ne one contribute information on what "Ethical Hacking" actually.
I appreciate the above information conveyed is fantastic and does take years to break password but then how that person could do it?
i'm no authority on Ankit Fadia... why dont you try and find something on him in Real IT security groups...

i found following...

https://seclists.org/fulldisclosure/2003/Sep/0254.html
https://www.whoisdeep.com/2005/10/01/ankit-dos-what/

no insult meant... no personal grudge...
miteshmanani

miteshmanani

Branch Unspecified
05 Mar 2007
pad
i'm no authority on Ankit Fadia... why dont you try and find something on him in Real IT security groups...

i found following...

https://seclists.org/fulldisclosure/2003/Sep/0254.html
https://www.whoisdeep.com/2005/10/01/ankit-dos-what/

no insult meant... no personal grudge...
wooohh...that was like a rocket fired no sooner you might have seen his name. neways m no fan of him. just requested a peice of infomation on ethical hacking.
kalyan553

kalyan553

Branch Unspecified
17 Aug 2011
computer stores password hash key instead of password

Share this content on your social channels -

Only logged in users can reply.