Welcome, Guest. Please login or register.
Amiga Kit Amiga Store Hollywood MAL AMIStore App Store A600 Memory

AuthorTopic: Change your passwords  (Read 9496 times)

0 Members and 1 Guest are viewing this topic.

Offline Zac67

Re: Change your passwords
« Reply #30 on: January 14, 2012, 06:41:45 PM »
 

Offline save2600

Re: Change your passwords
« Reply #31 on: January 14, 2012, 07:23:47 PM »
Quote from: save2600;675708
The Atari SF354 is the greatest, most useful and most reliable drive on the planet!

I also love the fact it requires it's own external power supply. So kewl!


Looks like someone hacked into my account and posted this drivel. As if *I* would ever say such a thing.  :laughing:





(admins... just kidding - no one hacked into my account. took a proactive stance and changed my password from ataristblowschunks just in case - LOL!)
« Last Edit: January 14, 2012, 07:26:29 PM by save2600 »
 

Offline Piru

  • \' union select name,pwd--
  • Hero Member
  • *****
  • Join Date: Aug 2002
  • Posts: 6946
  • Total likes: 0
    • http://www.iki.fi/sintonen/
Re: Change your passwords
« Reply #32 on: January 14, 2012, 08:16:18 PM »
Quote from: Zac67;675781
Reasonably salted hashes are next to impossible to crack (reverse).
Unfortunately this is no longer true. Salting is an affective defense against rainbow tables, but there are new tricks in the bag: a single graphics card can try several billion vBulletin salted passwords per second and you can have several cards in a single machine.

In general salting is almost pointless if the attacker can obtain the salts (and typically they do, they're in the same table as the password hashes). Salts of course do raise the amount of work required for cracking but the GPU grunt has leveled the field again.

The solution is to use multi-round hashing of the password + salt.
« Last Edit: January 14, 2012, 08:38:24 PM by Piru »
 

Offline Karlos

Re: Change your passwords
« Reply #33 on: January 14, 2012, 09:27:33 PM »
Quote from: Piru;675798
Unfortunately this is no longer true. Salting is an affective defense against rainbow tables, but there are new tricks in the bag: a single graphics card can try several billion vBulletin salted passwords per second and you can have several cards in a single machine.

In general salting is almost pointless if the attacker can obtain the salts (and typically they do, they're in the same table as the password hashes). Salts of course do raise the amount of work required for cracking but the GPU grunt has leveled the field again.

The solution is to use multi-round hashing of the password + salt.

I've written such a system previously, using a minimal 12 byte (all non-zero values allowed) random salt. The salt is merged into the password and the result hashed repeatedly with one of a number of supported hash functions (bcrypt is nice and slow as a proper alternative that does this stuff already). The salt and variable (up to 65535) iteration count is then encoded into the resulting hash rather than being stored separately. Depending on the settings applied, hashing takes up to 2 seconds on my PC.

It might be an option for this place if the worst comes to the worst, but I'd be reluctant to deploy it unless it was reimplemented in C and deployed as a compiled php extension such that the code is kept away from casual inspection.
« Last Edit: January 14, 2012, 09:41:29 PM by Karlos »
int p; // A
 

Offline tomazkid

Re: Change your passwords
« Reply #34 on: January 14, 2012, 10:29:42 PM »
Quote from: Piru;675798
Unfortunately this is no longer true. Salting is an affective defense against rainbow tables, but there are new tricks in the bag: a single graphics card can try several billion vBulletin salted passwords per second and you can have several cards in a single machine.

In general salting is almost pointless if the attacker can obtain the salts (and typically they do, they're in the same table as the password hashes). Salts of course do raise the amount of work required for cracking but the GPU grunt has leveled the field again.

The solution is to use multi-round hashing of the password + salt.


Bah, what happened to the traditional Amiga "Security Through Obscurity" approach?
Is it obsoleted now? :D

/more serious mode
Yes, regarding the GPU as you wrote, seems the current trend with GPU used for processing might even make passwords as identification obsolete.
 

Offline actung_bab

Re: Change your passwords
« Reply #35 on: January 14, 2012, 10:33:09 PM »
Yes my best friend has atrai st nice machine got some cool features too
Acthung baby
http://telnet://midnight-blue.dyndns.org
Cnet 4.60 PRO bbs software
Amiga 1200 020 14 mhz mbz 1200 z pcmcia network card 4 meg ram 2 Gb scandisk cf
Amiga 2000 020
Amiga 4000 030 25 mhz broken
Amiga x 4 1200
x 6 Sony Ps 3 Orginal 60 gb 4  port usb 160 gb hd (os 4.1 ready :-)
what can i say i like thse machines
x 3 XBOX 360 1x xbox 360 slim
url=http://avatars.jurko.net][/url]
 

Offline cecilia

  • Amiga Snob
  • Hero Member
  • *****
  • Join Date: Mar 2002
  • Posts: 4875
  • Country: 00
  • Total likes: 1
    • http://cecilia.sawneybean.com/
Re: Change your passwords
« Reply #36 on: January 15, 2012, 01:52:49 PM »
Pass the Salt!
the no CARB diet- no Cheney, Ashcroft, Rumsfeld or Bush.
IFX CD Tutorial
 

Offline Karlos

Re: Change your passwords
« Reply #37 on: January 15, 2012, 02:05:16 PM »
Quote from: cecilia;675887
Pass the Salt!


ITYM "salt the pass" :)
int p; // A
 

Offline swift240

Re: Change your passwords
« Reply #38 on: January 15, 2012, 04:00:21 PM »
Done it............
Amiga 1200, 82gb HD, 4 way IDE\'97, DVD Multi-Recorder, OS3.9, BB1,BB2, Apollo Turbo MkII 030/40, 32meg Fastram, 4Gb CF card PCMCIA slot, IDE CF card adaptor 4Gb CF card, HP 810C, Alba HDTV, Converted PC PSU. C128, C64, C16, Plus4, 1701, 1570, 1541MkII, ARP6.0,KCS Power Cart, FreezeFrame MK3B, Freeze Machine, Simons Basic,  PSP, PS1, PS2, PS3 HDMI and 1TB HD+ 80gb USB HD, PS3 TV add on, Sound Surround speakers for PS2,PS3,PC, and Amiga Amazing sound on the Amiga.
 

Offline cecilia

  • Amiga Snob
  • Hero Member
  • *****
  • Join Date: Mar 2002
  • Posts: 4875
  • Country: 00
  • Total likes: 1
    • http://cecilia.sawneybean.com/
Re: Change your passwords
« Reply #39 on: January 15, 2012, 09:45:30 PM »
Quote from: Karlos;675891
ITYM "salt the pass" :)
:roflmao:
the no CARB diet- no Cheney, Ashcroft, Rumsfeld or Bush.
IFX CD Tutorial