EVE Search - Make us able to use STRONG passwords!

All Channels

EVE General Discussion

Make us able to use STRONG passwords!

» Click here to find additional results for this topic using Google

Monitor this thread via RSS [?]

Author	Thread Statistics \| Show CCP posts - 0 post(s)
Tarminic Forsaken Resistance The Last Stand	Posted - 2008.04.16 15:40:00 - [1] Given the amount of time a brute-force method would need to break a 12-character long alphanumeric password, I don't think we have much to worry about. ---------------- Tarminic - 34 Million SP in Forum Warfare Play EVE: Downtime Madness v0.81 (Updated 4/8)
Tarminic Forsaken Resistance The Last Stand	Posted - 2008.04.16 15:45:00 - [2] Plus, I'd be willing to bet that if someone started trying to log in at a rate of 1 try per second, each with seemingly random passwords, a server admin would notice. ---------------- Tarminic - 34 Million SP in Forum Warfare Play EVE: Downtime Madness v0.81 (Updated 4/8)
Tarminic Forsaken Resistance The Last Stand	Posted - 2008.04.16 15:55:00 - [3] Originally by: torswin However, using as i said Rainbow tables you can basicly get almost every password which isn't strong with a matter of minutes. There are a Linux distro (Live CD) which is tuned at getting Windows XP-passwords and usernames (local stored only). I wont give the name here, as it might encourage people using it to receive username and passwords which they aren't supposed to have. Rainbow tables is basicly a combination of brute force and having a large word list. You need access to an encrypted password file in order to use Rainbow Tables. In addition, a rainbow table is only effective if you know HOW the password is hashed and if/how a seed is used. As such, they aren't useful if you're trying to *** a password through a remote user interface, meaning your best chances are by intercepting the password on the network or obtaining it through a brute force or decompiling the client, finding out how it encrypts passwords before sending them to the server, and then using a packet sniffer to catch a user's password as it's being sent across the network. Neither of those problems would be solved by allowing extra characters in passwords. ---------------- Tarminic - 34 Million SP in Forum Warfare Play EVE: Downtime Madness v0.81 (Updated 4/8)**
Tarminic Forsaken Resistance The Last Stand	Posted - 2008.04.16 16:08:00 - [4] Originally by: torswin Edited by: torswin on 16/04/2008 16:04:51 I know that, but I must honestly say I am shocked how little people care about this. However I must admit that most people I know of uses passwords like <theirhowntown><2 random nr> or <nameofcoolbandin1337-speak> so after a bit of tought it's not really that shocking anyway But is there any reasons to not support strong passwords? Well, I imagine that they might have to re-work some of the password table to support the extra symbols, though I don't know what their data structure is like. But honestly, is it worth the extra effort if the only instance it would help is one in which the hackers already have access to the file structure or database? Wouldn't they go straight for the billing information instead of stealing your login password? ---------------- Tarminic - 34 Million SP in Forum Warfare Play EVE: Downtime Madness v0.81 (Updated 4/8)

COPYRIGHT NOTICE
EVE Online, the EVE logo, EVE and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to EVE-Search.com to use EVE Online and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, EVE-Search.com. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.