Welcome, Guest. Please login or register.

Author Topic: Change your passwords  (Read 17118 times)

Description:

0 Members and 1 Guest are viewing this topic.

Offline Buzzfuzz

  • Sr. Member
  • ****
  • Join Date: Apr 2010
  • Posts: 377
    • Show only replies by Buzzfuzz
Re: Change your passwords
« Reply #29 from previous page: January 14, 2012, 06:27:31 PM »
VB doesn't anyway, they are salted MD5, unless your not up to date with patches that have security issues.
 
Quote from: Zac67;675781
I hope a.org doesn't store the password hashes unsalted? Reasonably salted hashes are next to impossible to crack (reverse).
Wishlist: A3500, A2500UX
 

Offline Zac67

  • Hero Member
  • *****
  • Join Date: Nov 2004
  • Posts: 2890
    • Show only replies by Zac67
Re: Change your passwords
« Reply #30 on: January 14, 2012, 06:41:45 PM »
 

Offline save2600

  • Hero Member
  • *****
  • Join Date: Jul 2006
  • Posts: 3261
  • Country: us
    • Show only replies by save2600
Re: Change your passwords
« Reply #31 on: January 14, 2012, 07:23:47 PM »
Quote from: save2600;675708
The Atari SF354 is the greatest, most useful and most reliable drive on the planet!

I also love the fact it requires it's own external power supply. So kewl!


Looks like someone hacked into my account and posted this drivel. As if *I* would ever say such a thing.  :laughing:





(admins... just kidding - no one hacked into my account. took a proactive stance and changed my password from ataristblowschunks just in case - LOL!)
« Last Edit: January 14, 2012, 07:26:29 PM by save2600 »
 

Offline Piru

  • \' union select name,pwd--
  • Hero Member
  • *****
  • Join Date: Aug 2002
  • Posts: 6946
    • Show only replies by Piru
    • http://www.iki.fi/sintonen/
Re: Change your passwords
« Reply #32 on: January 14, 2012, 08:16:18 PM »
Quote from: Zac67;675781
Reasonably salted hashes are next to impossible to crack (reverse).
Unfortunately this is no longer true. Salting is an affective defense against rainbow tables, but there are new tricks in the bag: a single graphics card can try several billion vBulletin salted passwords per second and you can have several cards in a single machine.

In general salting is almost pointless if the attacker can obtain the salts (and typically they do, they're in the same table as the password hashes). Salts of course do raise the amount of work required for cracking but the GPU grunt has leveled the field again.

The solution is to use multi-round hashing of the password + salt.
« Last Edit: January 14, 2012, 08:38:24 PM by Piru »
 

Offline KarlosTopic starter

  • Sockologist
  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Nov 2002
  • Posts: 16867
  • Country: gb
  • Thanked: 4 times
    • Show only replies by Karlos
Re: Change your passwords
« Reply #33 on: January 14, 2012, 09:27:33 PM »
Quote from: Piru;675798
Unfortunately this is no longer true. Salting is an affective defense against rainbow tables, but there are new tricks in the bag: a single graphics card can try several billion vBulletin salted passwords per second and you can have several cards in a single machine.

In general salting is almost pointless if the attacker can obtain the salts (and typically they do, they're in the same table as the password hashes). Salts of course do raise the amount of work required for cracking but the GPU grunt has leveled the field again.

The solution is to use multi-round hashing of the password + salt.

I've written such a system previously, using a minimal 12 byte (all non-zero values allowed) random salt. The salt is merged into the password and the result hashed repeatedly with one of a number of supported hash functions (bcrypt is nice and slow as a proper alternative that does this stuff already). The salt and variable (up to 65535) iteration count is then encoded into the resulting hash rather than being stored separately. Depending on the settings applied, hashing takes up to 2 seconds on my PC.

It might be an option for this place if the worst comes to the worst, but I'd be reluctant to deploy it unless it was reimplemented in C and deployed as a compiled php extension such that the code is kept away from casual inspection.
« Last Edit: January 14, 2012, 09:41:29 PM by Karlos »
int p; // A
 

Offline tomazkid

  • Full Member
  • ***
  • Join Date: Sep 2004
  • Posts: 123
    • Show only replies by tomazkid
Re: Change your passwords
« Reply #34 on: January 14, 2012, 10:29:42 PM »
Quote from: Piru;675798
Unfortunately this is no longer true. Salting is an affective defense against rainbow tables, but there are new tricks in the bag: a single graphics card can try several billion vBulletin salted passwords per second and you can have several cards in a single machine.

In general salting is almost pointless if the attacker can obtain the salts (and typically they do, they're in the same table as the password hashes). Salts of course do raise the amount of work required for cracking but the GPU grunt has leveled the field again.

The solution is to use multi-round hashing of the password + salt.


Bah, what happened to the traditional Amiga "Security Through Obscurity" approach?
Is it obsoleted now? :D

/more serious mode
Yes, regarding the GPU as you wrote, seems the current trend with GPU used for processing might even make passwords as identification obsolete.
 

Offline actung_bab

  • Hero Member
  • *****
  • Join Date: Oct 2006
  • Posts: 650
    • Show only replies by actung_bab
Re: Change your passwords
« Reply #35 on: January 14, 2012, 10:33:09 PM »
Yes my best friend has atrai st nice machine got some cool features too
Acthung baby
http://telnet://midnight-blue.dyndns.org
Cnet 4.60 PRO bbs software
Amiga 1200 020 14 mhz mbz 1200 z pcmcia network card 4 meg ram 2 Gb scandisk cf
Amiga 2000 020
Amiga 4000 030 25 mhz broken
Amiga x 4 1200
x 6 Sony Ps 3 Orginal 60 gb 4  port usb 160 gb hd (os 4.1 ready :-)
what can i say i like thse machines
x 3 XBOX 360 1x xbox 360 slim
url=http://avatars.jurko.net][/
 

Offline cecilia

  • Amiga Snob
  • Hero Member
  • *****
  • Join Date: Mar 2002
  • Posts: 4875
  • Country: 00
    • Show only replies by cecilia
    • http://cecilia.sawneybean.com/
Re: Change your passwords
« Reply #36 on: January 15, 2012, 01:52:49 PM »
Pass the Salt!
the no CARB diet- no Cheney, Ashcroft, Rumsfeld or Bush.
IFX CD Tutorial
 

Offline KarlosTopic starter

  • Sockologist
  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Nov 2002
  • Posts: 16867
  • Country: gb
  • Thanked: 4 times
    • Show only replies by Karlos
Re: Change your passwords
« Reply #37 on: January 15, 2012, 02:05:16 PM »
Quote from: cecilia;675887
Pass the Salt!


ITYM "salt the pass" :)
int p; // A
 

Offline swift240

  • Hero Member
  • *****
  • Join Date: Mar 2004
  • Posts: 1079
    • Show only replies by swift240
Re: Change your passwords
« Reply #38 on: January 15, 2012, 04:00:21 PM »
Done it............
Amiga 1200, 82gb HD, 4 way IDE\'97, DVD Multi-Recorder, OS3.9, BB1,BB2, Apollo Turbo MkII 030/40, 32meg Fastram, 4Gb CF card PCMCIA slot, IDE CF card adaptor 4Gb CF card, HP 810C, Alba HDTV, Converted PC PSU. C128, C64, C16, Plus4, 1701, 1570, 1541MkII, ARP6.0,KCS Power Cart, FreezeFrame MK3B, Freeze Machine, Simons Basic,  PSP, PS1, PS2, PS3 HDMI and 1TB HD+ 80gb USB HD, PS3 TV add on, Sound Surround speakers for PS2,PS3,PC, and Amiga Amazing so
 

Offline cecilia

  • Amiga Snob
  • Hero Member
  • *****
  • Join Date: Mar 2002
  • Posts: 4875
  • Country: 00
    • Show only replies by cecilia
    • http://cecilia.sawneybean.com/
Re: Change your passwords
« Reply #39 on: January 15, 2012, 09:45:30 PM »
Quote from: Karlos;675891
ITYM "salt the pass" :)
:roflmao:
the no CARB diet- no Cheney, Ashcroft, Rumsfeld or Bush.
IFX CD Tutorial