1st Impression

Got an idea on how things should be done? A problem with something on the site? Voice your opinion!

1st Impression

Post by keyboardpal1 on Thu Nov 14, 2013 5:40 pm
([msg=78160]see 1st Impression[/msg])

New user to the site, and already so much irony. This is the first quote I see is "The big lie of computer security is that security improves by imposing complex passwords on users. In real life, people write down anything they can't remember. Security is increased by designing for the way humans actually behave. -Jakob Nielsen"

Interesting this site would have such ridiculously complex password restrictions.

That said, thanks to the site for providing such a learning playground.
I've done 0 hacking in my life, so was glad I at least got through the first 2 levels without needing help. We'll see how the 3rd one goes.
keyboardpal1
New User
New User
 
Posts: 1
Joined: Thu Nov 14, 2013 5:35 pm
Blog: View Blog (0)


Re: 1st Impression

Post by hellow533 on Thu Nov 14, 2013 6:06 pm
([msg=78161]see Re: 1st Impression[/msg])

Set your primary computer to remember the pass, I don't have time for that shit myself. Welcome to Hackthissite. Just be sure to look in to any questions you may have on google first, then check articles. If someone else can find an answer to your question on google they'll bitch and moan about you bothering to ask it.
“Teach me how to hack!”
"What, like, with an axe?"
User avatar
hellow533
Contributor
Contributor
 
Posts: 506
Joined: Thu Jan 29, 2009 3:27 pm
Blog: View Blog (0)


Re: 1st Impressionist

Post by WallShadow on Thu Nov 14, 2013 9:41 pm
([msg=78164]see Re: 1st Impressionist[/msg])

I for one agree that the password requirements are a bit too complex. why should i need anything but "correcthorsebatterystaple"? this is a site full of hackers, if they don't realize what is and what isn't a strong password, what are they doing here anyways?
User avatar
WallShadow
Contributor
Contributor
 
Posts: 594
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: 1st Impression

Post by Goatboy on Thu Nov 14, 2013 11:04 pm
([msg=78165]see Re: 1st Impression[/msg])

hellow533 wrote:If someone else can find an answer to your question on google they'll bitch and moan about you bothering to ask it.

No, they'll bitch about you *not* doing the research yourself. There is a difference.

WallShadow wrote:why should i need anything but "correcthorsebatterystaple"?

+1 for you.

Honestly, the password argument is a bit weird. Yes, a computer can guess "password" just as quickly as "fha67mam" (assuming lower-case only, blah blah) but if we don't have password requirements at all then a lot more people will use the former than the latter. It's not about making the password more secure, but rather making the attack harder. Think about it.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2788
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: 1st Impression

Post by hellow533 on Thu Nov 14, 2013 11:49 pm
([msg=78167]see Re: 1st Impression[/msg])

Goatboy wrote:
hellow533 wrote:If someone else can find an answer to your question on google they'll bitch and moan about you bothering to ask it.

No, they'll bitch about you *not* doing the research yourself. There is a difference.

WallShadow wrote:why should i need anything but "correcthorsebatterystaple"?

+1 for you.

Honestly, the password argument is a bit weird. Yes, a computer can guess "password" just as quickly as "fha67mam" (assuming lower-case only, blah blah) but if we don't have password requirements at all then a lot more people will use the former than the latter. It's not about making the password more secure, but rather making the attack harder. Think about it.

Depending on how it's encrypted, something like ThisPassWord1 is going to take MUCH longer than something like thispassword1!. I noticed case variants are what make an attack take longer.

On the same note, I think HTS requires Capitallower@2 or something along those lines. Honestly though, if they can pull encrypted passwords from X database, there's already a problem. Whether it's the responsibility of the user to ensure their password is encrypted well enough not to quickly break is debatable. Either way, it's not up to me, and I could care less either way. Something like ThisPassword@2 is just as easy to remember as thispassword. If you're trying to learn how to program, something large in the field of computers (unfortunately), you're going to have to be able to remember a simple password. Otherwise you won't be able to remember commands lines.
“Teach me how to hack!”
"What, like, with an axe?"
User avatar
hellow533
Contributor
Contributor
 
Posts: 506
Joined: Thu Jan 29, 2009 3:27 pm
Blog: View Blog (0)


Re: 1st Impression

Post by tgoe on Fri Nov 15, 2013 1:57 am
([msg=78171]see Re: 1st Impression[/msg])

Depending on how it's encrypted, something like ThisPassWord1 is going to take MUCH longer than something like thispassword1!. I noticed case variants are what make an attack take longer.

On the same note, I think HTS requires Capitallower@2 or something along those lines. Honestly though, if they can pull encrypted passwords from X database, there's already a problem. Whether it's the responsibility of the user to ensure their password is encrypted well enough not to quickly break is debatable. Either way, it's not up to me, and I could care less either way. Something like ThisPassword@2 is just as easy to remember as thispassword. If you're trying to learn how to program, something large in the field of computers (unfortunately), you're going to have to be able to remember a simple password. Otherwise you won't be able to remember commands lines.


Image
User avatar
tgoe
Contributor
Contributor
 
Posts: 633
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: 1st Impression

Post by hellow533 on Fri Nov 15, 2013 2:39 am
([msg=78173]see Re: 1st Impression[/msg])

Must admit, haven't seen that reaction image in a looonng time.
“Teach me how to hack!”
"What, like, with an axe?"
User avatar
hellow533
Contributor
Contributor
 
Posts: 506
Joined: Thu Jan 29, 2009 3:27 pm
Blog: View Blog (0)


Re: 1st Impression

Post by Goatboy on Fri Nov 15, 2013 4:55 pm
([msg=78185]see Re: 1st Impression[/msg])

hellow533 wrote:Depending on how it's encrypted, something like ThisPassWord1 is going to take MUCH longer than something like thispassword1!. I noticed case variants are what make an attack take longer.

Yes and no. If you put both passes into a cracker and you select lower-case only, neither will be broken. If you select lower + numbers only, then only one will be cracked. If you select alphanumeric lower and uppercase, then either one could be cracked faster depending on the order the cracker uses. Sequential starting with lowercase will prolly hit "password1" faster sure, but if it's in parallel like a good cracker should be, then it's anyone's guess.

hellow533 wrote:Whether it's the responsibility of the user to ensure their password is encrypted well enough not to quickly break is debatable

wat.

So you're saying it's my responsibility as a user to make sure the site properly salts the pass?
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2788
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: 1st Impression

Post by hellow533 on Sat Nov 16, 2013 2:17 am
([msg=78188]see Re: 1st Impression[/msg])

Goatboy wrote:
hellow533 wrote:Whether it's the responsibility of the user to ensure their password is encrypted well enough not to quickly break is debatable

wat.

So you're saying it's my responsibility as a user to make sure the site properly salts the pass?

No, it's your responsibility as a user to pass the salt.
“Teach me how to hack!”
"What, like, with an axe?"
User avatar
hellow533
Contributor
Contributor
 
Posts: 506
Joined: Thu Jan 29, 2009 3:27 pm
Blog: View Blog (0)


Re: 1st Impression

Post by -Ninjex- on Sat Nov 16, 2013 9:01 am
([msg=78194]see Re: 1st Impression[/msg])

Goatboy wrote:
hellow533 wrote:Whether it's the responsibility of the user to ensure their password is encrypted well enough not to quickly break is debatable

wat.

So you're saying it's my responsibility as a user to make sure the site properly salts the pass?


You must remember he hates programming, a part of me wants to laugh, but I'm too intrigued by the seriousness of the post.

-- Sun Nov 17, 2013 2:38 am --

hellow533 wrote:Depending on how it's encrypted


If it's being stored in a database, it should be hashed; not encrypted. That would be the first mistake.

hellow533 wrote:I noticed case variants are what make an attack take longer.


It's less of case variants, and more of having a combination of possibilities. If you add 1 additional option (upper, lower, alpha, digits, unicode, etc) then you are going to dramatically icrease the chance of possible password combinations.

For example, having the restrictions lower & upper a-z, and 0-9 verses the combination of lower a-z, 0-9, and special characters, the latter 'could' make the attack longer, as you have more characters to choose from than you do with upper a-z chars.

Now, the user will also play a part in how secure their password is, but by setting restrictions correctly as a web developer, you are ensuring the users have a strong password in case of a breach because nothing is perfect and shit happens.

-- Sun Nov 17, 2013 2:43 am --

hellow533 wrote:Set your primary computer to remember the pass, I don't have time for that shit myself.


Take a couple seconds to ensure more security. I highly discourage this.

-- Sun Nov 17, 2013 2:46 am --

WallShadow wrote:I for one agree that the password requirements are a bit too complex. why should i need anything but "correcthorsebatterystaple"? this is a site full of hackers, if they don't realize what is and what isn't a strong password, what are they doing here anyways?


You must remember there are users here that are 'not' hackers, but come to learn how to become one. The password restriction was never a problem for me, but the fuqin captcha system they have, that's a beast of nature.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1184
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Next

Return to Comments & Suggestions

Who is online

Users browsing this forum: No registered users and 0 guests