<invalid character>: "@Bemet_Or - oh she is, don't blame the messenger.…" - CounterSocial

Dec 14, 2018, 19:56

<invalid character> @[email protected]

WTAF?

you can add extra characters to your password and it's still accepted?

a) no, that's not how passwords are supposed to work
b) no, you're storing the passwords
(not just wrong, but you're storing them in the first place)
c) you're not hashing them?
d) YOU ARE A F**KING BANK!

d558e1f1907aebe6.png?1544817274

0

Dec 14, 2018, 20:14

B'emet Or @[email protected]

@0x56 so at that bank, passwords are like phone numbers... once you get the first few right, it doesn't matter how many you punch in afterwards.. its already open.

0

Dec 14, 2018, 20:15

<invalid character> @[email protected]

@Bemet_Or - pretty much.

0

Dec 14, 2018, 20:17

B'emet Or @[email protected]

@0x56 hmmmm weird.
that shouldn't be how it works for PW's I agree.

Claire sounds like she's just following orders on what to say, cuz to me that is a flaw.

0

<invalid character> @[email protected]

@Bemet_Or - oh she is, don't blame the messenger... But a password should _never_ be stored, it should be hashed (1 way encryption)

so "abc" would be hashed to something like
"ab98f80e7f3a9b"

but "abcd" would be hashed to something like
"9f02c756a37e1"

there's no correlation to compare partial passwords against.

The reason for this is if the database is compromised, there's no way of getting those passwords out.

Dec 14, 2018, 20:22 · 0· 0· 3

Sign in to participate in the conversation