|
Author
|
Topic: Felger Sounds Off on Internet Insanity
|
caffeine
Member (Idle past 1043 days) Posts: 1800 From: Prague, Czech Republic Joined: 10-22-2008
|
|
Message 76 of 96 (778108)
02-16-2016 4:28 PM
|
Reply to: Message 74 by PaulK
02-16-2016 4:01 PM
|
|
Re: Secure Passwords
Unfortunately the safety of your passwords can't be guaranteed. There are too many sites with inadequate security. Having a different password for each site means that if one is compromised the others are still safe - as safe as they were before. Exactly, which is why I question the wisdom of making me use a password for an account which contains nothing I would require to be password-protected.
| This message is a reply to: | | | Message 74 by PaulK, posted 02-16-2016 4:01 PM | | PaulK has not replied |
|
NoNukes
Inactive Member
|
|
|
Message 77 of 96 (778110)
02-16-2016 4:31 PM
|
Reply to: Message 73 by caffeine
02-16-2016 3:44 PM
|
|
Re: Secure Passwords
Why am I required to password protect this? Maybe the password is not important to you. But on any site where you can post your opinions, there is also the possibility of someone pretending to be you and posting a bunch of offensive or stupid nonsense that you don't want associated with you. Even on websites where you don't use your real name, you probably have at least a small investment in your pseudonym's reputation.
Under a government which imprisons any unjustly, the true place for a just man is also in prison. Thoreau: Civil Disobedience (1846) History will have to record that the greatest tragedy of this period of social transition was not the strident clamor of the bad people, but the appalling silence of the good people. Martin Luther King If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions? Scott Adams
| This message is a reply to: | | | Message 73 by caffeine, posted 02-16-2016 3:44 PM | | caffeine has replied |
| Replies to this message: | | | Message 79 by caffeine, posted 02-16-2016 4:44 PM | | NoNukes has seen this message but not replied |
|
Tangle
Member Posts: 9503 From: UK Joined: 10-07-2011 Member Rating: 4.6
|
|
|
Message 78 of 96 (778111)
02-16-2016 4:39 PM
|
Reply to: Message 75 by NoNukes
02-16-2016 4:27 PM
|
|
Re: Secure Passwords
NoNukes writes: If you trust the security of your own computer.... The trouble is most of us have more than one device - personally I have four for different uses so the individual machine thing isn't a proper solution. I don't trust the cloud for password storage either - how could anyone? So that doesn't work either. There's just no answer yet - iris scans and figure prints seem like a possibility, but I'm buggered if I'm going to give every site I sign up for my fingure print so some sort of secure escrow type intermediary may be the way to go. But that too has the trust issue. Edited by Tangle, : No reason given.
Je suis Charlie. Je suis Ahmed. Je suis Juif. Je suis Parisien. Life, don't talk to me about life - Marvin the Paranoid Android "Science adjusts it's views based on what's observed. Faith is the denial of observation so that Belief can be preserved." - Tim Minchin, in his beat poem, Storm.
| This message is a reply to: | | | Message 75 by NoNukes, posted 02-16-2016 4:27 PM | | NoNukes has replied |
| Replies to this message: | | | Message 81 by NoNukes, posted 02-18-2016 11:03 AM | | Tangle has not replied |
|
caffeine
Member (Idle past 1043 days) Posts: 1800 From: Prague, Czech Republic Joined: 10-22-2008
|
|
|
Message 79 of 96 (778113)
02-16-2016 4:44 PM
|
Reply to: Message 77 by NoNukes
02-16-2016 4:31 PM
|
|
Re: Secure Passwords
Maybe the password is not important to you. But on any site where you can post your opinions, there is also the possibility of someone pretending to be you and posting a bunch of offensive or stupid nonsense that you don't want associated with you. Even on websites where you don't use your real name, you probably have at least a small investment in your pseudonym's reputation. I can't post anything. There's no interaction - it's not social media. My account accomplishes nothing that could not be acheived through the use of cookies, except the ability to see the same layout on different devices. I don't even have a username - I can only assume the requirement to sign up for an account is to sell my email address.
| This message is a reply to: | | | Message 77 by NoNukes, posted 02-16-2016 4:31 PM | | NoNukes has seen this message but not replied |
|
Percy
Member Posts: 22473 From: New Hampshire Joined: 12-23-2000 Member Rating: 4.7
(2)
| |
| |
| |
|
|
Message 80 of 96 (778116)
02-16-2016 5:09 PM
|
Reply to: Message 74 by PaulK
02-16-2016 4:01 PM
|
|
Re: Secure Passwords
PaulK writes: What's the password security like here, Percy? I plan to improve the password security with the latest and greatest in 5.0, but right now we use the standard Unix crypt() utility program made available by PHP. There's no decryption algorithm for crypt(), but its passwords can be easily broken using programs that are widely available today. For this reason I put EvC Forum passwords through an extra little step that makes it more difficult for users of these programs. Passwords are of course stored in encrypted form. Even if the database is compromised and all the encrypted passwords stolen, hackers will still have a bit of work before them. We had a break-in a few years ago that gave me a crash course in website and database security. We're much more secure than we were, but not as secure as we're going to be. --Percy
| This message is a reply to: | | | Message 74 by PaulK, posted 02-16-2016 4:01 PM | | PaulK has not replied |
| Replies to this message: | | | Message 83 by Percy, posted 02-18-2016 12:01 PM | | Percy has seen this message but not replied |
|
NoNukes
Inactive Member
|
|
|
Message 81 of 96 (778214)
02-18-2016 11:03 AM
|
Reply to: Message 78 by Tangle
02-16-2016 4:39 PM
|
|
Re: Secure Passwords
The trouble is most of us have more than one device - personally I have four for different uses so the individual machine thing isn't a proper solution. A good number of password managers work on multiple devices. Maybe one of those is a solution for you. It is pretty easy to find articles comparing the many offerings.
Under a government which imprisons any unjustly, the true place for a just man is also in prison. Thoreau: Civil Disobedience (1846) History will have to record that the greatest tragedy of this period of social transition was not the strident clamor of the bad people, but the appalling silence of the good people. Martin Luther King If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions? Scott Adams
| This message is a reply to: | | | Message 78 by Tangle, posted 02-16-2016 4:39 PM | | Tangle has not replied |
|
ringo
Member (Idle past 430 days) Posts: 20940 From: frozen wasteland Joined: 03-23-2005
|
|
|
Message 82 of 96 (778215)
02-18-2016 11:11 AM
|
Reply to: Message 72 by Tangle
02-15-2016 6:28 PM
|
|
Re: Secure Passwords
Tangle writes: It seems that every site that wants a password thinks that you only have one - I have literally hundreds.
I have two. I've been using one of them for twelve years. It's a plain English phrase.
| This message is a reply to: | | | Message 72 by Tangle, posted 02-15-2016 6:28 PM | | Tangle has not replied |
|
Percy
Member Posts: 22473 From: New Hampshire Joined: 12-23-2000 Member Rating: 4.7
|
|
|
Message 83 of 96 (778220)
02-18-2016 12:01 PM
|
Reply to: Message 80 by Percy
02-16-2016 5:09 PM
|
|
Re: Secure Passwords
I'm going to have to retract one thing:
Percy writes: There's no decryption algorithm for crypt(), but its passwords can be easily broken using programs that are widely available today. Crypt uses DES (Data Encryption Standard). It was proven it could be broken over 20 years ago. But it apparently takes a great deal of effort and talent to write a DES-breaking program, and I could find none freely available on the Internet. I find this surprising. If anyone finds one let me know. --Percy
| This message is a reply to: | | | Message 80 by Percy, posted 02-16-2016 5:09 PM | | Percy has seen this message but not replied |
| Replies to this message: | | | Message 84 by PaulK, posted 02-18-2016 12:15 PM | | Percy has seen this message but not replied | | | Message 85 by NoNukes, posted 02-18-2016 12:49 PM | | Percy has replied |
|
PaulK
Member Posts: 17825 Joined: 01-10-2003 Member Rating: 2.2
|
|
|
Message 84 of 96 (778222)
02-18-2016 12:15 PM
|
Reply to: Message 83 by Percy
02-18-2016 12:01 PM
|
|
Re: Secure Passwords
If crypt() uses DES the weak point would be the key. If a hacker could get that they can just decrypt everything. That's one reason why hashes are preferred to encryption for passwords. Single DES is no longer considered secure because the key length is too short, so brute-forcing is a danger too. if an attacker cared to invest the effort - perhaps not for this site.
| This message is a reply to: | | | Message 83 by Percy, posted 02-18-2016 12:01 PM | | Percy has seen this message but not replied |
|
NoNukes
Inactive Member
|
|
|
Message 85 of 96 (778225)
02-18-2016 12:49 PM
|
Reply to: Message 83 by Percy
02-18-2016 12:01 PM
|
|
Re: Secure Passwords
and I could find none freely available on the Internet Might be due to lack of current interest. My understanding is that linux stopped using DES with crypt decades ago due to its cryptographic weakness. On FreeBSD, crypt can use DES, but can also be configured to use stronger encryption. Most of the commercial unix variants just aren't popular anymore. Perhaps you have the option of upgrading from DES.
Under a government which imprisons any unjustly, the true place for a just man is also in prison. Thoreau: Civil Disobedience (1846) History will have to record that the greatest tragedy of this period of social transition was not the strident clamor of the bad people, but the appalling silence of the good people. Martin Luther King If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions? Scott Adams
| This message is a reply to: | | | Message 83 by Percy, posted 02-18-2016 12:01 PM | | Percy has replied |
| Replies to this message: | | | Message 86 by Percy, posted 02-18-2016 2:02 PM | | NoNukes has replied |
|
Percy
Member Posts: 22473 From: New Hampshire Joined: 12-23-2000 Member Rating: 4.7
|
|
|
Message 86 of 96 (778236)
02-18-2016 2:02 PM
|
Reply to: Message 85 by NoNukes
02-18-2016 12:49 PM
|
|
Re: Secure Passwords
NoNukes writes: and I could find none freely available on the Internet
Might be due to lack of current interest. Then DES is secure again!  Seriously, although some quarters mention the easy availability of such programs, when I actually tried to find one what I found was how incredible an effort it was back in the late 1990's to create demonstration programs, the first one including the use of hardware. From the Electronic Frontier Foundation's Cracking DES webpage:
quote:
The whole project was budgeted at about US $210,000. Of this, $80,000 was used to design, integrate, and test the EFF DES Cracker. The other $130,000 was for materials including chips, boards and all other components on the boards, card cages, power supplies, cooling, and a PC. The software for controlling the EFF DES Cracker was written separately as a volunteer project that took 4-5 weeks. The entire project was completed within about eighteen months, with much of that time being used for preliminary research. The core team contained fewer than ten people, none of whom worked full-time on the project. The final cost came in at well under $250,000.
Perhaps you have the option of upgrading from DES. Oh, indubitably. As I mentioned in Message 80, security improvements are coming in 5.0. --Percy
| This message is a reply to: | | | Message 85 by NoNukes, posted 02-18-2016 12:49 PM | | NoNukes has replied |
| Replies to this message: | | | Message 87 by NoNukes, posted 02-19-2016 8:38 AM | | Percy has replied |
|
NoNukes
Inactive Member
|
|
|
Message 87 of 96 (778318)
02-19-2016 8:38 AM
|
Reply to: Message 86 by Percy
02-18-2016 2:02 PM
|
|
Re: Secure Passwords
Seriously, although some quarters mention the easy availability of such programs, when I actually tried to find one what I found was how incredible an effort it was back in the late 1990's to create demonstration programs, the first one including the use of hardware. You are safe primarily because there is no value to be found in cracking the password system here. I also note that the numbers for the cost and time to crack DES are based on experiments that are nearly 20 years old. Wikipedia gives some idea of how rapidly the state of the art advances. See EFF DES cracker - Wikipedia at Technology Edited by NoNukes, : No reason given.
Under a government which imprisons any unjustly, the true place for a just man is also in prison. Thoreau: Civil Disobedience (1846) History will have to record that the greatest tragedy of this period of social transition was not the strident clamor of the bad people, but the appalling silence of the good people. Martin Luther King If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions? Scott Adams
| This message is a reply to: | | | Message 86 by Percy, posted 02-18-2016 2:02 PM | | Percy has replied |
| Replies to this message: | | | Message 88 by Percy, posted 02-19-2016 10:55 AM | | NoNukes has replied |
|
Percy
Member Posts: 22473 From: New Hampshire Joined: 12-23-2000 Member Rating: 4.7
|
|
|
Message 88 of 96 (778334)
02-19-2016 10:55 AM
|
Reply to: Message 87 by NoNukes
02-19-2016 8:38 AM
|
|
Re: Secure Passwords
NoNukes writes: You are safe primarily because there is no value to be found in cracking the password system here. People often use the same name and password at sites like this one as they do at other sites, like banks and stores and so forth, so the approach some hackers take is to attack the least secure sites in the hope they'll gain login information that can be used at other sites. The bank and medical websites I use have started detecting when you're using a new device or computer and put you through an additional level of security. When the hackers broke in here back in 2010 they found an old text file from around 2003 that was tucked away in an innocuous subdirectory where I had evidently been doing some debugging, and then I never deleted it afterward. Before I caught up with them they had hacked the EvC Forum Skype account, where I was using the same name and password. --Percy
| This message is a reply to: | | | Message 87 by NoNukes, posted 02-19-2016 8:38 AM | | NoNukes has replied |
| Replies to this message: | | | Message 89 by NoNukes, posted 02-19-2016 12:04 PM | | Percy has seen this message but not replied |
|
NoNukes
Inactive Member
|
|
|
Message 89 of 96 (778344)
02-19-2016 12:04 PM
|
Reply to: Message 88 by Percy
02-19-2016 10:55 AM
|
|
Re: Secure Passwords
People often use the same name and password at sites like this one as they do at other sites, like banks and stores and so forth That is an unfortunate but understandable practice. In such a case, your passwords are only as strong as the security at the weakest site.
The bank and medical websites I use have started detecting when you're using a new device or computer and put you through an additional level of security. One of my web based email accounts seems to detect when I log in from a different IP address. That means I get turned away if I try to log in from my telephone. I guess that's enhanced security, but I had to drop them because it just wasn't practical. Edited by NoNukes, : No reason given.
Under a government which imprisons any unjustly, the true place for a just man is also in prison. Thoreau: Civil Disobedience (1846) History will have to record that the greatest tragedy of this period of social transition was not the strident clamor of the bad people, but the appalling silence of the good people. Martin Luther King If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions? Scott Adams
| This message is a reply to: | | | Message 88 by Percy, posted 02-19-2016 10:55 AM | | Percy has seen this message but not replied |
|
Percy
Member Posts: 22473 From: New Hampshire Joined: 12-23-2000 Member Rating: 4.7
|
(2)
| |
| |
| |
|
|
Message 90 of 96 (779082)
02-29-2016 5:54 PM
|
|
|
This Just Belongs in This Thread
Call to IRS refund assistance line during their regular business hours:
- Please enter 1 for English, para continuar en...
*1*
- For information about your refund, please press 1. If your refund check has been lost or stolen, please press 2. If...
*2*
- You will need the return's social security number, the filing status, and the exact dollar refund amount. Please enter the social security number now:
xxx-xx-xxxx
- Please enter the number of the correct filing status. Single, press 1. Married filing...
*1*
- Please enter the exact dollar refund amount. Do not enter cents. Follow the amount with the pound sign.
nnnn#
- We are sorry, due to extremely high call volume, all our representatives are busy now. Regular business hours are from 8 AM to 7 PM. Please call back during regular business hours. Thank you for calling the IRS refund assistance line.
*click*
--Percy
|
™ Version 4.2