Off Topic > Drama
RBL - Ephialtes
IkeTheGeneric:
--- Quote from: TheFutureOfDark on March 11, 2011, 07:52:30 PM ---
--- End quote ---
Seriously stop using images as a way to talk that's not how you converse with other human beings
cucumberdude:
--- Quote from: DontCare4Free on March 11, 2011, 04:43:30 PM ---No, anyone intercepting it could NOT as good have the password since they can't reverse the hashing which means that they can't use it to use the account on other sites (assuming same pass, etc).
--- End quote ---
That's true. But it still doesn't offer much of an advantage as compared to serverside encryption.
--- Quote from: DontCare4Free on March 11, 2011, 04:43:30 PM ---Using AES for passwords would be entirely useless.
--- End quote ---
I was referring to a different project. I am fully aware that AES can be decrypted. I use md5 for this.
--- Quote from: DontCare4Free on March 11, 2011, 04:43:30 PM ---I assume that you mean "recovering the old password".
No, that would be impossible which is one of the points about it.
However, what you usually do when you use a password recovery feature is that the site sends a new password to your e-mail. That would not be impossible since the encrypted data is already known. What is not known is the encryption KEY. The thing is that you retrieve the encrypted data and the decrypted data from the database. Then you try decrypting it with the password as key and then if it succeeds you compare the decrypted data with the data from the database. If those succeeds, log me in, otherwise, refuse.
--- End quote ---
That's just over complicating things... Easier to apply a simple md5 hash, seeing as there aren't really any advantages to seeding with a password. Interesting idea all the same.
--- Quote from: DontCare4Free on March 11, 2011, 04:43:30 PM ---Actually some big sites allow both using "their" account system and OpenID. Drupal (which I personally like quite much) ships with an OpenID module by default (although disabled), I'm not sure about how it handles passwords though.
Some big sites (for example StackExchange (StackOverflow, etc) and SuseStudio) only allows login via OpenID.
Also, for example Google and Yahoo acts as OpenID providers which means that any site allowing OpenID-logins can be logged into with your Google/Yahoo account.
--- End quote ---
Interesting.
That was a nice tech discussion but, back on topic of the drama...
--- Quote from: Iban on March 11, 2011, 08:07:23 PM ---OpenID is fine. The problem here is that the dude was storing a massive amount of passwords provided by members of Blockland in plain text, associated with their name and email. This isn't OK.
--- End quote ---
That is incorrect. Re-read the ENTIRE thing, then post. Passwords are md5 hashed.
--- Quote from: DontCare4Free on March 11, 2011, 05:07:32 PM ---I agree about it being pointless
--- End quote ---
--- Quote from: Iban on March 11, 2011, 04:53:05 PM ---this service is a) completely loving pointless
--- End quote ---
Yall are right. What's the point of a rating system? Nothing but a lil' source of entertainment. Not really worthwhile. Hey forget it, while we're at it, what's the point of blockland? So loving pointless man. Just some bullstuff game that you enjoy. forget that stuff. Bro brb throwing computer out of window, that stuff is so pointless - I just use it for games and pointless stuff like that.
Come on, that's a terrible argument. It really doesn't matter what the service is - if it's safe and legitimate, it shouldn't be banned from the forums.
Kalphiter:
--- Quote from: cucumberdude on March 11, 2011, 09:00:42 PM ---It really doesn't matter what the service is - if it's safe and legitimate, it shouldn't be banned from the forums.
--- End quote ---
Obviously you have failed to fulfill that.
DrenDran:
--- Quote from: Iban on March 11, 2011, 08:07:23 PM ---OpenID is fine. The problem here is that the dude was storing a massive amount of passwords provided by members of Blockland in plain text, associated with their name and email. This isn't OK.
--- End quote ---
But would you have known this if he didn't tell you?
Kalphiter:
--- Quote from: DrenDran on March 12, 2011, 12:32:07 AM ---But would you have known this if he didn't tell you?
--- End quote ---
He admitted to not having any encryption at all, and at this point it's still not provable.