Gassing Station » Computers, Gadgets & Stuff
PistonHeads » Gassing Station » The Pie & Piston » Computers, Gadgets & Stuff
Encrypted password database
My ProfileMy PreferencesMy Mates
SearchMy Stuff
What's New3122472

Encrypted password database

Reply
OP Posts Only
OP Posts Only
Reply
OP Posts Only
Author
Discussion

funkstar1

Original Poster:

26 posts

14 months

[report]
[news]
Tuesday 28th May 2024
quotequote all
Who here thinks the Pistonheads forum uses an encrypted password database or do you think the people higher up can see them? scratchchin

e-honda

9,473 posts

161 months

[report]
[news]
Tuesday 28th May 2024
quotequote all
They will be hashed
it's not the 90s any more

eliot

11,882 posts

269 months

[report]
[news]
Tuesday 28th May 2024
quotequote all
e-honda said:
They will be hashed
it's not the 90s any more
The software was written in the 90’s though

xeny

4,966 posts

93 months

[report]
[news]
Wednesday 29th May 2024
quotequote all
funkstar1 said:
Who here thinks the Pistonheads forum uses an encrypted password database or do you think the people higher up can see them? scratchchin
If you're that cautious, keepass keeps everything locally.

Alex Z

1,769 posts

91 months

[report]
[news]
Wednesday 29th May 2024
quotequote all
As long as you are using a unique password for this forum as is good practice there’s limited risk, and the system administrators aren’t going to need your credentials to read your PMs or post as you.

eeLee

921 posts

95 months

[report]
[news]
Wednesday 29th May 2024
quotequote all
so the passwords will be stored in a table in a database.
the database won't be encrypted.
the passwords are not encrypted, they should be hashed and salted. The hashing should be done using a decent hashing function, salt should be on a per-user basis.

and yes, you should be using a different password per site. If you can do it, a different login per site too.

eliot

11,882 posts

269 months

[report]
[news]
Wednesday 29th May 2024
quotequote all
xeny said:
funkstar1 said:
Who here thinks the Pistonheads forum uses an encrypted password database or do you think the people higher up can see them? scratchchin
If you're that cautious, keepass keeps everything locally.
That's not the question the o/p asked.

Funk

26,795 posts

224 months

[report]
[news]
Wednesday 29th May 2024
quotequote all
eeLee said:
so the passwords will be stored in a table in a database.
the database won't be encrypted.
the passwords are not encrypted, they should be hashed and salted. The hashing should be done using a decent hashing function, salt should be on a per-user basis.

and yes, you should be using a different password per site. If you can do it, a different login per site too.
This is what I do. Unique email, unique password and a username that wouldn't return a meaningful hit if googled.. The worst damage that could be done is someone st-posts as me for a while (I know, I know...how would you tell etc... biggrin).

Mr Penguin

3,456 posts

54 months

[report]
[news]
Wednesday 29th May 2024
quotequote all
e-honda said:
They will be hashed
it's not the 90s any more
You'd be surprised how many big companies still keep passwords in plain text files.

One very big one who really should know better: https://www.theguardian.com/technology/2019/mar/21...

xeny

4,966 posts

93 months

[report]
[news]
Wednesday 29th May 2024
quotequote all
eliot said:
That's not the question the o/p asked.
Acknowledged - coffee levels too low.

e-honda

9,473 posts

161 months

[report]
[news]
Wednesday 29th May 2024
quotequote all
Mr Penguin said:
You'd be surprised how many big companies still keep passwords in plain text files.

One very big one who really should know better: https://www.theguardian.com/technology/2019/mar/21...
Accidentally capturing inflight passwords in logs is not the same thing as keeping passwords in plain text files.
Reply
OP Posts Only
OP Posts Only
Reply
OP Posts Only

Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff