Gassing StationThe Pie & PistonComputers, Gadgets & Stuff
Encrypted password database
PistonHeads » Gassing Station » The Pie & Piston » Computers, Gadgets & Stuff
Encrypted password database
My ProfileMy PreferencesMy Mates
SearchMy Stuff
What's New3122472
Reply
OP Posts Only
OP Posts Only
Reply
OP Posts Only
Author
Discussion

funkstar1

Original Poster:

26 posts

19 months

[report]
[news]
Tuesday 28th May 2024
quotequote all
Who here thinks the Pistonheads forum uses an encrypted password database or do you think the people higher up can see them? scratchchin

e-honda

9,548 posts

166 months

[report]
[news]
Tuesday 28th May 2024
quotequote all
They will be hashed
it's not the 90s any more

eliot

11,984 posts

274 months

[report]
[news]
Tuesday 28th May 2024
quotequote all
e-honda said:
They will be hashed
it's not the 90s any more
The software was written in the 90’s though

xeny

5,383 posts

98 months

[report]
[news]
Wednesday 29th May 2024
quotequote all
funkstar1 said:
Who here thinks the Pistonheads forum uses an encrypted password database or do you think the people higher up can see them? scratchchin
If you're that cautious, keepass keeps everything locally.

Alex Z

1,930 posts

96 months

[report]
[news]
Wednesday 29th May 2024
quotequote all
As long as you are using a unique password for this forum as is good practice there’s limited risk, and the system administrators aren’t going to need your credentials to read your PMs or post as you.

eeLee

973 posts

100 months

[report]
[news]
Wednesday 29th May 2024
quotequote all
so the passwords will be stored in a table in a database.
the database won't be encrypted.
the passwords are not encrypted, they should be hashed and salted. The hashing should be done using a decent hashing function, salt should be on a per-user basis.

and yes, you should be using a different password per site. If you can do it, a different login per site too.

eliot

11,984 posts

274 months

[report]
[news]
Wednesday 29th May 2024
quotequote all
xeny said:
funkstar1 said:
Who here thinks the Pistonheads forum uses an encrypted password database or do you think the people higher up can see them? scratchchin
If you're that cautious, keepass keeps everything locally.
That's not the question the o/p asked.

Funk

27,210 posts

229 months

[report]
[news]
Wednesday 29th May 2024
quotequote all
eeLee said:
so the passwords will be stored in a table in a database.
the database won't be encrypted.
the passwords are not encrypted, they should be hashed and salted. The hashing should be done using a decent hashing function, salt should be on a per-user basis.

and yes, you should be using a different password per site. If you can do it, a different login per site too.
This is what I do. Unique email, unique password and a username that wouldn't return a meaningful hit if googled.. The worst damage that could be done is someone st-posts as me for a while (I know, I know...how would you tell etc... biggrin).

Mr Penguin

3,814 posts

59 months

[report]
[news]
Wednesday 29th May 2024
quotequote all
e-honda said:
They will be hashed
it's not the 90s any more
You'd be surprised how many big companies still keep passwords in plain text files.

One very big one who really should know better: https://www.theguardian.com/technology/2019/mar/21...

xeny

5,383 posts

98 months

[report]
[news]
Wednesday 29th May 2024
quotequote all
eliot said:
That's not the question the o/p asked.
Acknowledged - coffee levels too low.

e-honda

9,548 posts

166 months

[report]
[news]
Wednesday 29th May 2024
quotequote all
Mr Penguin said:
You'd be surprised how many big companies still keep passwords in plain text files.

One very big one who really should know better: https://www.theguardian.com/technology/2019/mar/21...
Accidentally capturing inflight passwords in logs is not the same thing as keeping passwords in plain text files.
Reply
OP Posts Only
OP Posts Only
Reply
OP Posts Only

Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff