View Single Post
Old July 10th, 2012, 08:32 PM   #43 (permalink)
TVictory
Member
 
TVictory's Avatar
 
Join Date: Aug 2010
Posts: 161
 
Device(s):
Carrier: Not Provided

Thanks: 52
Thanked 256 Times in 71 Posts
Default

Quote:
Originally Posted by FeedbakBWR View Post
Would the username/passwords not be encrypted in the database?

They are one way hashed. They are not clear text passwords, like the only way i could see what a users password was is if i got there one way hashed password and then tried every combination of characters i could think of run it through the same hasing algorithm and if the two match then i know your password. Its actually quite secure if you can throttle how fast you can try combinations of characters like we do with only allowing 5 attempts and then waiting 15 minutes, but if they have just the hash they can try many combinations very fast with a program. If you password is very random then it probably won't be found.

For instance lets say you had a password of just lower case letters and it was 8 letters long. that would be 23^8 == 78310985281 different possible passwords, that in the hackers "worse case" have to be tried and hashed, not impossible, but not trivial either. If you had upper case letters as well as lower case then 46^8 == 20047612231936 so even harder. This assumes that your password is just random letters, if you have some word or combination of words you can find in the dictionary, or a birthday, or something else common, then they could try these first and make the attack easier.
TVictory is offline  
Reply With Quote
The Following 6 Users Say Thank You to TVictory For This Useful Post:
El Presidente (July 11th, 2012), FeedbakBWR (July 10th, 2012), Granite1 (July 11th, 2012), scary alien (July 10th, 2012), Trooper (July 12th, 2012), Unforgiven (July 10th, 2012)