- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
One Password to rule them all, One Password to find them, One Password to bring them all and in the darkness bind them
Admin
Admin
No. Any Enigma machine, in any possible state, always produced a permutation of the 26 letters consisting of thirteen 2-cycles, that is there were always thirteen pairs of letters that would get exchanged.
Admin
I think that frustrating users that are trying to consume resources yet block ad revenue is brilliant!
Admin
http://en.wikipedia.org/wiki/LM_hash
[akismet]Wikipedia is a spam site[/akismet]
Admin
Admin
Admin
Admin
The server only need to know salt and public key.
Login is a bit CPU heavy for the client. That is just an additional advantage, because it would slow down brute force attacks on the password.
If it turns out to be too CPU intensive to generate an RSA key pair from a password the way I described above, the salt could be picked such that the PRNG outputs a prime in first go.
Be warned, it takes a skilled cryptographer to figure out, if the above approach has subtle security problems. Don't implement it, unless there is a formalized description which has been peer-reviewed.
Admin
Admin
Sure it counts as nothing in the story every suggested we were specifically talking about LM hashes and neither did my post. Come one now its only 14 chars, and you don't have to deal with the 1-13 length possibilities. Should be easy. So show us!
Admin
Sure, some entities know how to protect passwords. Even my own grandchildren can do it. My point is, sometimes you gotta deal with me, and 14 characters don't even buy you a shitem id.
Admin
Admin
I bought Buffalo airstation last year; and for some stupid reason decided to switch from the preinstalled OpenWrt to the "Buffalo-owned" firmware. And I ran into a similar problem:
Only the help text will tell you that the password is restricted to 8 characters:
But when doing exactly that, you are not able to log in. The stupid firmware stores only the first 8 characters - and only if you do the same, login will work.
( and just to ask the obvious question: the reason to switch FROM openwrt was the fact, that the Buffalo-firmware comes with a built-in torrent client. To be precise: a torrent client, that will only start downloading about 1 in 15 torrents you ask it to download )
Admin
It's an ISP. If the connection is PPP with CHAP, they have no choice - CHAP requires plain-text passwords at the RADIUS server.
Welcome to the internet - where everything is a bodge, based on technology from the 80's.
Admin
It's been quite a while since I looked at any of this, but (if I recall correctly) the appropriately named PAP goes a step further and has one side spam the password in plain text continuously until someone replies. How people come up with these I have no idea.
Admin
Here, I'll copy paste that hash and you'll see your password: hunter2
I'll now go grab my robe and wizard hat.
Admin
My bank needed a login password and so I gave them a seven character password. The error message said that the password must be at least eight characters. So I added "FY" to the end of it, and the error message said that the password must be no longer than eight characters. Why couldn't they just say the first time that the password has to be exactly eight characters? Anyway, that's why my password ends in "F". You can guess what the "Y" stands for.
Admin
i've read several stories about the Enigma, and one point stuck in my head: it had a secondary code set, consisting of 26 plugs and 26 outlets...which the Germans NEVER USED! they simply plugged A>A, B>B, and so on! someone who escaped from Poland told Allied intelligence about this...