naughty
Sexy Member
- Joined
- May 21, 2004
- Posts
- 11,232
- Media
- 0
- Likes
- 39
- Points
- 258
- Location
- Workin' up a good pot of mad!
- Sexuality
- 100% Straight, 0% Gay
- Gender
- Female
I assume it encrypts then stores the password as plain text then decrypts to authenticate, that's the easier, more normal path?
My my, just about everything is sitting somewhere on the Internet, just waiting to be found.
SHA1search
can do hashes and reverse hashes in sha1 and md5 hashing algorithms, two of the popular ones. It shows that the example I posted, 098f6bcd4621d373cade4e832627b4f6, is the hash of test in md5.
No, in a normal application, the plaintext password is never stored. When a user creates a password, it is encrypted (typically with an industry standard algorithm like SHA1 or MD5) and that value is what gets stored.
When the user logs on and types in their password, the application uses the same algorithm to hash the text they enter and compares the result of that operation to the stored value for that user. Due to the mathematical complexity of the standard hash algorithms, the likelihood of two different character strings (passwords) creating the same hash value is infinitesimal...to the point of being negligible.
The nature of hash algorithms is also such that the forward operation (encrypting plaintext) is quite simple and requires little processing power. The reverse operation, however, is incredibly difficult, meaning it would require an enormous amount of time and processing power to retrieve the original text from any given hash
So how to explain this? Simple...weak passwords. These "search" applications use pre-compiled hash tables to find the original value. Basically, it's a big-ass dictionary of words along with their SHA1 and/or MD5 hash values. If the hash value you enter is in the table, then it just looks up the word that created that hash. This is why you should create strong passwords to protect sensitive accounts...like this one:
Em=ZaEaGr|oOatLI
That is correct, that site is a dictionary; hence its name, SHA1search (a misnomer, as it also performs md5 lookups), rather than SHA1dehash.So how to explain this? Simple...weak passwords. These "search" applications use pre-compiled hash tables to find the original value. Basically, it's a big-ass dictionary of words along with their SHA1 and/or MD5 hash values.
Can you see who is PM'ing whom?
So the little buggers have been making them private? Figures. I've been noticing more threads "disappearing" lately.I remember the mods saying that threads can never be deleted, merely made invisible to everyone but them.
So the little buggers have been making them private? Figures. I've been noticing more threads "disappearing" lately.
A question I have is whether deleted PMs are truly deleted. I remember the mods saying that threads can never be deleted, merely made invisible to everyone but them. Does the same apply to PMs? When we press the "delete this message" button, does it delete the message entirely from the site's database, or is it still there, just no longer in our account and viewable by us?
Ah, thanks for your insight Mindseye.:smile:In the stock version of vBulletin, when a user "deletes" a PM, the space in the database is marked as unused. So the message isn't physically wiped instantly, but is subject to be overwritten at any time when someone else sends a PM. I don't know whether Rob has altered that part of the vBulletin code.
I am too. I've only noticed the disappearance of a couple of threads that I know I've posted in, as well as the disappearance - not even banning, but outright eradication - of the members starting those particular threads. And that's not enough to establish a trend.so I'm curious what sort of stuff is disappearing.
I am too. I've only noticed the disappearance of a couple of threads that I know I've posted in, as well as the disappearance - not even banning, but outright eradication - of the members starting those particular threads. And that's not enough to establish a trend.
But there's no doubt that this secret censorship is happening, and it should be no surprise that I don't approve of this sort of gross moderator abuse. That's assuming that one or more moderators are the culprits. The perpetrators may be at higher level than that; I don't see any way for us peons to tell.
Futile. We the peons have been told on more than a few occasions - in tones both condescending and arrogant - that these questions will not be answered. And certainly none of my questions along these lines have ever been answered. A matter of "policy", I suppose. I still call it abuse.see which ones turn up missing (no thread specified page) and then ask why.
Futile. We the peons have been told on more than a few occasions that these questions will not be answered. And certainly none of my questions along these lines have ever been answered. A matter of "policy", I suppose. I still call it abuse.
Congratulations, you managed to get an almost-answer to a direct question. They've never done me the courtesy. The official explanation with which they fobbed you off is still bollocks. Offending user, delete the user. Very simple. The reason for deleting the thread has yet to be explained.It's annoying when a thread I know existed gets "deleted". It happened to me about a week ago. I started a thread to find out if anyone knew about it. Turns out the O.P. was underage and the moderators "deleted" the entire thread. The thread I started is: http://www.lpsg.org/the-help-desk/54614-user-ultimacock-missing-messages.html ... the explanation is in post 5.