Because we love you SSL/HTTPS is now enabled

Alpha1

Alpha1

Do the Shake and 'VAC
Staff member
vacBacker
Feedback
94 (99%)
Credits
5,351CR
For all forum logins.

On top of this all passwords are hashed and encrypted by default in the database (was from day1, but thought i'd mention it).

We love you guys,

The UKVAC Team

smiley1.gif
 
T

trm

Who loves you, and who do you love?
Feedback
2 (100%)
Credits
2,876CR
BristolMartin said:
Salted?
Click to expand...

Kind-of
smiley2.gif
. What WW call salted and technically so, but there are other things the developers did that partially negate the salting.

No one is going to be able to feed these through any common rainbow table; brute-force hashing would eventually get you somewhere before the heat death of the planet, but it wouldn't be my first avenue of attack.

But nobody is going to be using a frequently-used password on a site run by a bunch of randoms, right? Good!
 
BristolMartin

BristolMartin

Active member
vacBacker
Feedback
0 (50%)
Credits
382CR
Its actually a difficult decision as an Architect. I dont force strong passwords on any app or site I write or govern because it tempts / forces muggles to put in their strong internet banking passwords, so I normally just say over 6 with no ANOS. Im fairly confident in today's world with a full DB breach they should be safe. Tomorrow is another matter.
 
T

trm

Who loves you, and who do you love?
Feedback
2 (100%)
Credits
2,876CR
Nerd attack (sorry)

Entropy calculations for the unseeded passwords above show:

Code: 
Password - Shannon entropy - Shannon entropy/length	 - entropy over ASCII*

"cabbage" - 0.31942 - 2.23593 - 34.35 bits

"password1" - 0.32752 - 2.9477 - 48.53 bits

my password - 0.30283 - 2.72548 - 54.59 bits

*I assume it's using the basic ASCII range, not the full range possible on a us-uk keyboard.
 
You must log in or register to reply here.
Top