• Welcome! The TrekBBS is the number one place to chat about Star Trek with like-minded fans.
    If you are not already a member then please register an account and join in the discussion!

How safe is my password?

Robert Maxwell said:
JarodRussell said:
LOL, what the fuck. Did you guys really type in your password on some weird website? Are you nuts or what? Your password is now 100% not safe.
Click to expand...

The site would have to have some way to personally identify you in order for the passwords to be useful.
Click to expand...

One scenario: emails to company accounts about a site like this, and some idiot users follow it and blindly type in their passwords. A scammer can then try to hack the accounts since he now knows "100% save" passwords.

If you follow the link from here, the site knows that it had visitors from trekbbs.com. If trekbbs was of any worth, they could try to hack its user accounts since it's highly probable that people typed in their account passwords.

And if anything, it can serve to create better password crackers by feeding them with all those unusual combinations that they would never be able to crack otherwise.
 
haxe.jpg
 
JarodRussell said:
Robert Maxwell said:
JarodRussell said:
LOL, what the fuck. Did you guys really type in your password on some weird website? Are you nuts or what? Your password is now 100% not safe.
Click to expand...

The site would have to have some way to personally identify you in order for the passwords to be useful.
Click to expand...

One scenario: emails to company accounts about a site like this, and some idiot users follow it and blindly type in their passwords. A scammer can then try to hack the accounts since he now knows "100% save" passwords.

If you follow the link from here, the site knows that it had visitors from trekbbs.com. If trekbbs was of any worth, they could try to hack its user accounts since it's highly probable that people typed in their account passwords.

And if anything, it can serve to create better password crackers by feeding them with all those unusual combinations that they would never be able to crack otherwise.
Click to expand...

There is no stored information, and the actual interface is client side. No browser data is submitted. It would be more likely that your toaster is reporting your password.
 
My first important password: 2 hrs
My original password here: 2 hrs
My current facebook password: 163 Days
My current important password: 237 yrs
My current password here: 700 Million Years
My wifi network password: 39 Billion Years

At least my passwords have gotten stronger over time. There's something disturbing about the fact that my university password could be cracked in 2 hours.
 
Apparently it's just based on the length of your password and (possibly) how many different types of characters it contains (not clear how that figures in). It doesn't even try a dictionary attack because that would require sending your password over the internet.
 
Sarek of Vulcan said:
JarodRussell said:
Robert Maxwell said:
The site would have to have some way to personally identify you in order for the passwords to be useful.
Click to expand...

One scenario: emails to company accounts about a site like this, and some idiot users follow it and blindly type in their passwords. A scammer can then try to hack the accounts since he now knows "100% save" passwords.

If you follow the link from here, the site knows that it had visitors from trekbbs.com. If trekbbs was of any worth, they could try to hack its user accounts since it's highly probable that people typed in their account passwords.

And if anything, it can serve to create better password crackers by feeding them with all those unusual combinations that they would never be able to crack otherwise.
Click to expand...

There is no stored information, and the actual interface is client side. No browser data is submitted. It would be more likely that your toaster is reporting your password.
Click to expand...

Yeah, I was going to point that out next. I even looked at the code and it does not ever send the form contents up to the server, so there is no security risk here.
 
Lindley said:
It doesn't even try a dictionary attack because that would require sending your password over the internet.
Click to expand...

Which you do by typing it in the text field.

I'm just advocating some common sense here. This site may be harmless, but others aren't. And you'd find idiots who'd even type in their email addresses and other account data when they find such a site.
 
JarodRussell said:
Lindley said:
It doesn't even try a dictionary attack because that would require sending your password over the internet.
Click to expand...

Which you do by typing it in the text field.
Click to expand...

Several people have told you otherwise; if you read the site, they suggest disconnecting your computer from the internet if you want. I tried it. Still worked. The computation is completely client-side, the only thing you get from the internet is a JavaScript app.

I'm just advocating some common sense here. This site may be harmless, but others aren't. And you'd find idiots who'd even type in their email addresses and other account data when they find such a site.
Click to expand...

That much is true. You definitely want to investigate these things carefully before blindly entering sensitive information into *any* website. Including one that looks familiar, because it's possible to spoof the look of well-know sites.
 
Lindley said:
JarodRussell said:
Lindley said:
It doesn't even try a dictionary attack because that would require sending your password over the internet.
Click to expand...

Which you do by typing it in the text field.
Click to expand...

Don't be dense. Several people have told you otherwise; if you read the site, they suggest disconnecting your computer from the internet if you want. I tried it. Still worked. The computation is completely client-side, the only thing you get from the internet is a JavaScript app.
Click to expand...

I know that. The question is: did you really check that before you started typing your password?
 
JarodRussell said:
Lindley said:
JarodRussell said:
Which you do by typing it in the text field.
Click to expand...

Several people have told you otherwise; if you read the site, they suggest disconnecting your computer from the internet if you want. I tried it. Still worked. The computation is completely client-side, the only thing you get from the internet is a JavaScript app.

I'm just advocating some common sense here. This site may be harmless, but others aren't. And you'd find idiots who'd even type in their email addresses and other account data when they find such a site.
Click to expand...

That much is true. You definitely want to investigate these things carefully before blindly entering sensitive information into *any* website. Including one that looks familiar, because it's possible to spoof the look of well-know sites.
Click to expand...

I know that. The question is: did you really check that before you started typing your password?
Click to expand...

Well, I did, but you are correct that your average Internet user is too trusting and ignorant to bother--and wouldn't know how to check, anyway. That's why browsers have started to come with phishing filters and the like.
 
Personally I just clicked on the prominent "Is this safe?" button and did as it suggested.
 
I just entered a different password with the same character and length qualities as one that I usually do.

Of course, the site is a bit useless since most systems are protected against brute force attacks anyways.
 
This is the Javascript source for the guts of the algorithm:

---
// Calculations per second. Ten million is roughly the number a decent PC could manage uninhibited
var calculationsPerSecond = 10000000;

// Keep track of how many character sets are used
var possibleCharacters = 0;

// Lowercase
if (password.match(/[a-z]/)) { possibleCharacters += 26; }

// Uppercase
if (password.match(/[A-Z]/)) { possibleCharacters += 26; }

// Numbers
if (password.match(/\d+/)) { possibleCharacters += 10; }

// Symbols
if (password.match(/[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) ) {possibleCharacters += 13};

// Work out the number of possible combinations: possible characters to the power of the password length
var possibleCombinations = Math.pow(possibleCharacters, password.length);

// Divide the number of possible combinations by the calculations a PC can do per second
var computerTimeInSecs = possibleCombinations / calculationsPerSecond;
---

Not terribly sophisticated.

There are also a few lookup tables for commonly used passwords of different lengths, for example:

arrayOfPasswords[8] = ['firebird','password','12345678','steelers','mountain','computer','baseball',
'xxxxxxxx','football','qwertyui','jennifer','danielle','sunshine','starwars',
'whatever','nicholas','swimming','trustno1','midnight','princess','startrek',
'mercedes','superman','bigdaddy','maverick','einstein','dolphins','hardcore',
'redwings','cocacola','michelle','victoria','corvette','butthead','marlboro',
'srinivas','internet','redskins','11111111','access14','rush2112','scorpion',
'iloveyou','samantha','mistress'];
 
You must log in or register to reply here.

Similar threads

Admiral Jean-Luc Picard
Why did Disney kill "Big Hero 6?"
2
Replies
24
Views
2K
JD
JD
Kilana2
  • Poll
Poll Your favorite transporter accident storyline
Replies
14
Views
743
mb22
M
Moviefan2k4
Honoring My Mom: 8/6/59 - 3/24/15
Replies
5
Views
271
Moviefan2k4
Moviefan2k4
Admiral Archer
Star Trek Picard Season 3 End Credits - Legacy Ships at Earth Spacedock?
7 8 9
Replies
176
Views
13K
Ray Hardgrit
Ray Hardgrit
Christopher
Spoilers WATSON: New Sherlock Holmes-based series on CBS
2 3
Replies
40
Views
5K
The Wormhole
The Wormhole
If you are not already a member then please register an account and join in the discussion!

Sign up / Register


Back
Top