Pages: [1] 2 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 1 post(s) |
Tista
|
Posted - 2007.03.27 22:14:00 -
[1]
does ccp have on record my password(s)?
|
Surfin's PlunderBunny
Minmatar
|
Posted - 2007.03.27 22:16:00 -
[2]
*insert smartass comment about asking for your password here*
"Tic Toc Tic Toc , time is ticking..." ~Liz "Whiny Carebear" Kali
|
Esurnir
Amarr Bears Inc FREGE Alliance
|
Posted - 2007.03.27 22:18:00 -
[3]
Most company put the password encrypted in the database. ----
Quote: Thou shall pew pew.
Book of Revelation 12, 51 |
Tista
|
Posted - 2007.03.27 22:19:00 -
[4]
Originally by: Esurnir Most company put the password encrypted in the database.
mhmm, please may i have some clarification from a dev/gm on this matter?
|
|
Chribba
Otherworld Enterprises Otherworld Empire
|
Posted - 2007.03.27 22:21:00 -
[5]
The password is most likely encrypted as when you try to recover your password you don't get your current password mailed to you but a "password reset" mail.
Help me help you. |
|
Tista
|
Posted - 2007.03.27 22:22:00 -
[6]
Originally by: Chribba The password is most likely encrypted as when you try to recover your password you don't get your current password mailed to you but a "password reset" mail.
ahah okay good.. heh i use 1 uni password for all things with an alternating letter at the end :) dont want people to know it because it is secret.
|
Blue Stratos
Amarr BOOM - Gotcha
|
Posted - 2007.03.27 22:28:00 -
[7]
Originally by: Tista
Originally by: Chribba The password is most likely encrypted as when you try to recover your password you don't get your current password mailed to you but a "password reset" mail.
ahah okay good.. heh i use 1 uni password for all things with an alternating letter at the end :) dont want people to know it because it is secret.
So let me get this straight
YOU use ONE password for everything u do on the net, so if ur *****ed anywhere, they cna pretty much screw your life
You are either incredibly stupid, or incredibly smart, imma opt for the first 1
Change ur passwds
Originally by: CCP Sharkbait think the problem is found. last startup now.
|
Freelanc3r
Caldari Xoth Inc Firmus Ixion
|
Posted - 2007.03.27 22:31:00 -
[8]
You see the problem comes when you register for a fanboard or similar that requires a password and they then have your password to everything on the net.
gg for just telling everyone -----------------------------------
|
Cavatrina
|
Posted - 2007.03.27 22:31:00 -
[9]
Edited by: Cavatrina on 27/03/2007 22:28:37
Originally by: Tista
Originally by: Chribba The password is most likely encrypted as when you try to recover your password you don't get your current password mailed to you but a "password reset" mail.
ahah okay good.. heh i use 1 uni password for all things with an alternating letter at the end :) dont want people to know it because it is secret.
Thats rather dumb, you need to have different passwords for everything...
"it is secret" - Would not be much of a password if it was not :p
And yes, most large companies, and most websites will encrypt your password. Any company allowing you to be able to get sent your password is foolish.
FFS CCP make the damn forum settings DB side...
My main is TomParad0x, which I had set by default but it seams to have reset again (I am guessing CCP is storing the settings in your cookies?)
|
Niccolado Starwalker
Shadow Templars
|
Posted - 2007.03.27 22:33:00 -
[10]
Edited by: Niccolado Starwalker on 27/03/2007 22:32:24
Originally by: Tista
Originally by: Chribba The password is most likely encrypted as when you try to recover your password you don't get your current password mailed to you but a "password reset" mail.
ahah okay good.. heh i use 1 uni password for all things with an alternating letter at the end :) dont want people to know it because it is secret.
I would STRONGLY advice AGAINST this!
I have heard examples about people using universal passwords. Like for EVE they use the same passwords at for example fan sites. ANd if those fansites dont encrypt the passwords - either out of lazyness, or on purpose - the password is compromised! And if its the same as for the game, your game account is compromised!
Therefore: Always always always treat your online passwords as being compromised! And never ever ever! use the same password for game and fansite! Even if the fansite have all good intentions, their security will usually never be as strong as a company, who can afford the best! Which btw. gets hacked too now and then!!
I might be paranoid, but honestly. I dont know how many times I have seen posts on these forums saying "waaaaahh, my account is hacked! My account have been compromised"
1 password = 1 site!
Originally by: Eldo Davip PORTRAITS OMFG WOOT. WE R GONIG FOR MROE BREEE!!!!11
|
|
TomParad0x
Caldari Kingfisher Industries
|
Posted - 2007.03.27 22:34:00 -
[11]
Originally by: Niccolado Starwalker
Originally by: Tista
Originally by: Chribba The password is most likely encrypted as when you try to recover your password you don't get your current password mailed to you but a "password reset" mail.
ahah okay good.. heh i use 1 uni password for all things with an alternating letter at the end :) dont want people to know it because it is secret.
I would STRONGLY advice AGAINST this!
I have heard examples about people using universal passwords. Like for EVE they use the same passwords at for example fan sites. ANd if those fansites dont encrypt the passwords - either out of lazyness, or on purpose - the password is compromised! And if its the same as for the game, your game account is compromised!
Therefore: Always always always treat your online passwords as being compromised! And never ever ever! use the same password for game and fansite! Even if the fansite have all good intentions, their security will usually never be as strong as a company, who can afford the best!
I might be paranoid, but honestly. I dont know how many times I have seen posts on these forums saying "waaaaahh, my account is hacked! My account have been compromised"
1 password = 1 site!
I agree, there was a kid at my old school who made this mistake... His password for everything was his student ID, which you could easily observe him typing whenever he went to login to the computer ( I told him he should change it and he did, no harm done)
|
Frug
Zenithal Harvest
|
Posted - 2007.03.27 22:37:00 -
[12]
Quote: i use 1 uni password for all things with an alternating letter at the end :) dont want people to know it because it is secret.
Well now everyone knows that all they need is one of your passwords and to guess the last letter. Thanks!
- - - - - - - - - - Do not use dotted lines - - - - - - - - - - - - - - - - - - or automatic signatures - - - - - - - - "Your weapons deactivate as the eve servers begin to explode." |
Tolomea
Gallente 5th Front enterprises New Eve Order
|
Posted - 2007.03.27 23:13:00 -
[13]
Having 1 password per site/service is kinda stupid, I don't know about the rest of you but I must have over 100 accounts on various different, websites, forums, games, computers, and various services like bug tracking and source control.
However having 1 passwrod for all is also stupid.
A better approach is to have a half dozen passwords arranged in a sort of level system. For example, passwords for each of the following groups Access to this site lets you take my money Access to this site lets you spend my money My reputation can be adversely affected by what I say here I may come back here one day I Just don't care about this place
|
Anatolius
Amarr PIE Inc.
|
Posted - 2007.03.28 00:02:00 -
[14]
Originally by: Frug
Quote: i use 1 uni password for all things with an alternating letter at the end :) dont want people to know it because it is secret.
Well now everyone knows that all they need is one of your passwords and to guess the last letter. Thanks!
Yes, and that pesky username thing.
"If God be for us, whom can be against us?" |
sableye
principle of motion Interstellar Alcohol Conglomerate
|
Posted - 2007.03.28 00:07:00 -
[15]
Originally by: Tista does ccp have on record my password(s)?
of course they do, working at many companies in my limited time everything you ever do with them is recorded somwhere.
Join The Fight With Promo Today |
Dark Shikari
Caldari Imperium Technologies Firmus Ixion
|
Posted - 2007.03.28 00:19:00 -
[16]
The password hash is stored on the site.
Of course, using one password for everything means everyone who has a PHPBB board that you registered for now knows your password for EVE
--23 Member--
EVE-Trance Radio--The EVE Textboard |
sesanti
Minmatar Universal Exports Namtz'aar k'in
|
Posted - 2007.03.28 00:22:00 -
[17]
I am sure they keep it encrypted, but not even them can unencrypt it (at least not without a brute-force attack). What happens when you login, is that the characters you type are applied exactly THE SAME encryption procedure as your password. Then they compare if both results match. If that happens, bingo, you login.
At least that's how they should do it, or some variation of it. Any site who can give their passwords back to their users does not have a very good security, IMHO.
_______________________________________________ The ShadowMaster -
<I am a guy... don't mind the portrait> |
Tista
|
Posted - 2007.03.28 00:29:00 -
[18]
Originally by: Dark Shikari The password hash is stored on the site.
Of course, using one password for everything means everyone who has a PHPBB board that you registered for now knows your password for EVE
i change my pw for things like that
|
Genesis Kiiths
Amarr Khanid Peace Corps
|
Posted - 2007.03.28 02:29:00 -
[19]
passwords are stored in things like md5 encryption, which do not reverse (means once you encrypt the string, you cant de-md5 it to get the original). So most likely they cant see your password
|
Gaogan
Gallente Solar Storm
|
Posted - 2007.03.28 03:13:00 -
[20]
Originally by: Genesis Kiiths passwords are stored in things like md5 encryption, which do not reverse (means once you encrypt the string, you cant de-md5 it to get the original). So most likely they cant see your password
Actually you can, it just takes time. And I strongly doubt that they are hashed anyhow. In any event, it makes little difference.
Change your passwords.
|
|
Genesis Kiiths
Amarr Khanid Peace Corps
|
Posted - 2007.03.28 03:24:00 -
[21]
i think hashing passwords in database is normal practice these days, but yeah, they can be hacked off eventually.. but we shouldn't think there is a reason why CCP stuff would want to do that xD
|
Tkar vonBiggendorf
Gallente
|
Posted - 2007.03.28 03:27:00 -
[22]
Originally by: Gaogan
Originally by: Genesis Kiiths passwords are stored in things like md5 encryption, which do not reverse (means once you encrypt the string, you cant de-md5 it to get the original). So most likely they cant see your password
Actually you can, it just takes time. And I strongly doubt that they are hashed anyhow. In any event, it makes little difference.
Change your passwords.
Actually, you can't. MD5 and SHA1 and the like are one-way secure hash algorithms. There is no mathematical reverse path. It can be brute-force attacked, by trying every possible combination into the same algorithm until you get the same garbage out the other side, but this can take a long time. Unless your password is a simple dictionary word or very short, then it doesn't take long at all.
Use a good password. Don't use the same one for fan sites. Don't use the same one for your online banking. Never give your password to anyone for any reason. Nobody else needs it, not even if they really are an employee of CCP or your bank.
|
Korad Konstentyn
Shadowdancers Digital Press
|
Posted - 2007.03.28 03:49:00 -
[23]
Originally by: Tkar vonBiggendorf
Actually, you can't. MD5 and SHA1 and the like are one-way secure hash algorithms. There is no mathematical reverse path. It can be brute-force attacked, by trying every possible combination into the same algorithm until you get the same garbage out the other side, but this can take a long time. Unless your password is a simple dictionary word or very short, then it doesn't take long at all.
Sorry dude, but you're a little out of date, MD5 has been considered broken for a while, SHA-1 is considered broken as of late last year
now, they arent considered useless at this point, but the absolute security they were once thought to provide (bar pure brute forcing) is no longer the case.
http://en.wikipedia.org/wiki/Rainbow_tables (is a good start on this).
Not disagreeing, but you're not 100% correct any more.
|
Genesis Kiiths
Amarr Khanid Peace Corps
|
Posted - 2007.03.28 03:56:00 -
[24]
A rainbow table is ineffective against one-way hashes that include salts. For example, consider a password hash that is generated using the following function (where "." is the concatenation operator):
hash = MD5 (password . salt)
|
Xs 142
|
Posted - 2007.03.28 04:04:00 -
[25]
Simply put:
No, they don't have any need for it anyways.
Originally by: Oveur Eternally yours, The other dumbass
|
Master Spoonman
Momentum. Dusk and Dawn
|
Posted - 2007.03.28 04:27:00 -
[26]
If you have trouble remembering passwords, I suppose this would be a good method for you. Have one password and just add on an extra digit at the end. No one should be able to figure out another password of yours, even if they know one account from one other website you subscribe to.
Of course, this point is moot if you decide to post on public forums your password-creation scheme, then your accounts become a free-for-all.
I'd suggest changing your password and thinking up a new way to remember your passwords.
***
*Special thanks to Zurtur to making this signature for me* |
Szprinkoth Sponsz
Chaos Reborn
|
Posted - 2007.03.28 04:43:00 -
[27]
TBH, when it comes to EVE, its better to randomly generate a string of characters and use as a password, write it down on a postit and keep it in your desk drawer. If someone has physical access to your computer its not safe in any way anyhow.
After typing it enough times, you'll eventually memorize it, too.
|
Tkar vonBiggendorf
Gallente
|
Posted - 2007.03.28 04:47:00 -
[28]
Also from wikipedia (http://en.wikipedia.org/wiki/SHA-1):
In academic cryptography, any attack that has less computational complexity than a brute force search is considered a break. This does not, however, necessarily mean that the attack can be practically exploited. It has been speculated that finding a collision for SHA-1 is within reach of massive distributed Internet search.
And then there's this part:
Reversing password "encryption" (e.g. to obtain a password to try against a user's account elsewhere) is not made possible by the attacks. Constructing a password that works for a given account requires a preimage attack, and access to the hash of the original password (typically in the shadow file) which may or may not be trivial.
|
Encad Briht
Minmatar United Univers
|
Posted - 2007.03.28 05:13:00 -
[29]
The thing that made MD5 broken was , afaik, that they managed to generate two identical hashes with diffrent source data, not the reversebility of the code (which is still impossible) --------------------------------------- Member of UU : Diplomatic Corps |
Regat Kozovv
Caldari Deep Core Mining Inc.
|
Posted - 2007.03.28 05:19:00 -
[30]
Originally by: Korad Konstentyn [ now, they arent considered useless at this point, but the absolute security they were once thought to provide (bar pure brute forcing) is no longer the case.
I felt as though I should add to this lest people start thinking that their passwords are suddenly going to become compramised.
Major advances have been made against SHA-1. Attacks can now be made that bring the number of key tests well below brute-force levels. But the number still remains astronomically high, and the resources needed to ***** such a hash would require the funds of a large organization or government, and considerable time on their hands. (months.) provided you change your password regurarly, the possibilities of someone *****ing your password, let alone investing the time and money to do so, is remote.
But as Korad said, the end of SHA-1 is in sight, and NIST has started a new competition for SHA-2 similar in the method that they ran for AES.
There's a great article on the state of affairs here.
|
|
|
|
|
Pages: [1] 2 :: one page |
First page | Previous page | Next page | Last page |