Gassing Station » Computers, Gadgets & Stuff
PistonHeads » Gassing Station » The Pie & Piston » Computers, Gadgets & Stuff
Encrypted password database
My ProfileMy PreferencesMy Mates
SearchMy Stuff
What's New3122472

Encrypted password database

Reply
OP Posts Only
OP Posts Only
Reply
OP Posts Only
Author
Discussion

funkstar1

Original Poster:

26 posts

6 months

[report]
[news]
Tuesday 28th May
quotequote all
Who here thinks the Pistonheads forum uses an encrypted password database or do you think the people higher up can see them? scratchchin

e-honda

9,291 posts

153 months

[report]
[news]
Tuesday 28th May
quotequote all
They will be hashed
it's not the 90s any more

eliot

11,727 posts

261 months

[report]
[news]
Tuesday 28th May
quotequote all
e-honda said:
They will be hashed
it's not the 90s any more
The software was written in the 90’s though

xeny

4,671 posts

85 months

[report]
[news]
Wednesday 29th May
quotequote all
funkstar1 said:
Who here thinks the Pistonheads forum uses an encrypted password database or do you think the people higher up can see them? scratchchin
If you're that cautious, keepass keeps everything locally.

Alex Z

1,513 posts

83 months

[report]
[news]
Wednesday 29th May
quotequote all
As long as you are using a unique password for this forum as is good practice there’s limited risk, and the system administrators aren’t going to need your credentials to read your PMs or post as you.

eeLee

856 posts

87 months

[report]
[news]
Wednesday 29th May
quotequote all
so the passwords will be stored in a table in a database.
the database won't be encrypted.
the passwords are not encrypted, they should be hashed and salted. The hashing should be done using a decent hashing function, salt should be on a per-user basis.

and yes, you should be using a different password per site. If you can do it, a different login per site too.

eliot

11,727 posts

261 months

[report]
[news]
Wednesday 29th May
quotequote all
xeny said:
funkstar1 said:
Who here thinks the Pistonheads forum uses an encrypted password database or do you think the people higher up can see them? scratchchin
If you're that cautious, keepass keeps everything locally.
That's not the question the o/p asked.

Funk

26,573 posts

216 months

[report]
[news]
Wednesday 29th May
quotequote all
eeLee said:
so the passwords will be stored in a table in a database.
the database won't be encrypted.
the passwords are not encrypted, they should be hashed and salted. The hashing should be done using a decent hashing function, salt should be on a per-user basis.

and yes, you should be using a different password per site. If you can do it, a different login per site too.
This is what I do. Unique email, unique password and a username that wouldn't return a meaningful hit if googled.. The worst damage that could be done is someone st-posts as me for a while (I know, I know...how would you tell etc... biggrin).

Mr Penguin

2,712 posts

46 months

[report]
[news]
Wednesday 29th May
quotequote all
e-honda said:
They will be hashed
it's not the 90s any more
You'd be surprised how many big companies still keep passwords in plain text files.

One very big one who really should know better: https://www.theguardian.com/technology/2019/mar/21...

xeny

4,671 posts

85 months

[report]
[news]
Wednesday 29th May
quotequote all
eliot said:
That's not the question the o/p asked.
Acknowledged - coffee levels too low.

e-honda

9,291 posts

153 months

[report]
[news]
Wednesday 29th May
quotequote all
Mr Penguin said:
You'd be surprised how many big companies still keep passwords in plain text files.

One very big one who really should know better: https://www.theguardian.com/technology/2019/mar/21...
Accidentally capturing inflight passwords in logs is not the same thing as keeping passwords in plain text files.
Reply
OP Posts Only
OP Posts Only
Reply
OP Posts Only

Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff