Attached: lol.jpg (594x373, 31K)
BASED VIRGIN
Henry Thompson
Other urls found in this thread:
twitter.com
twitter.com
Adam Fisher
>what stops people from being criminal
>the law
Based
Christopher Lewis
I once signed up for a site that stored my password in plaintext. I forgot the password, so it offered to email it to me. I was like wut. But then the madman actually did it.
John Mitchell
fake or deleted
Nicholas Foster
kek
Zachary Evans
>why bother protecting passwords? hacking is illegal anyways
wew
Juan Thompson
Jayden Butler
based
Wyatt Nelson
>why bother banning guns? murder is illegal anyways
Isaiah Cook
Anyone have the screencap of that "tinder for smash Bros players" Reddit post where someone asked how to reset his password and the developer just replied to him his password in plain text?
Angel Torres
>tfw it's real
I thought only small companies still did that shit, Jesus christ.
Logan Adams
this but unironically, it's fairly trivial to access firearms illegal in the vast majority of countries
Jeremiah Edwards
what the absolute fuck hahaha
that has to be a joke
Dylan Johnson
Eli Parker
Hey we dont know if the support person sending them their password was just w math genius and was able to break aes. Come on now
Jordan Martinez
Boy do I sure love receiving daily emails in my spam folder with my old password in the subject line claiming they have webcam videos of taking care of myself and demanding buttcoins all because I made an account on last.fm fifteen years ago when I was a teenager who thought it was really important to let other people know what music I was listening to at the moment.
Justin Sanchez
Parker Rodriguez
Full context
Benjamin Martin
Confirmed clown world.
These companies take irresponsibility to a new level.
Nicholas Wilson
Was it really their password or the phone pin used to authenticate when you call up the company?
Noah Roberts
>illigal to open your mail
>legal to inspect your digital "mail" packets
21st century is bullshit.
Nolan Bailey
Virgin Media could really just do something along the lines of sending a verification code to the recipient via post which they can use to reset the password. But no that's too much work...
Jason White
>and the developer just replied to him his password in plain text
like in a private message?
Logan Mitchell
can someone explain to me why I care that a company has my password? Like of course they know it how else can they verify it's me LOL
Anthony Sullivan
Bait
Sebastian Young
They don't have your password, they have a hash of your password hopefully. Even couldn't figure out what your password is if they aren't crooks who just stole your data.
Sebastian Roberts
This boomer logic is why faxes are still a thing.
Please ban this shit.
Robert Kelly
I'll bite. Passwords are supposed to be stored in hashes, preferably in HMAC, meaning even if hashes leak, without master password you cannot even _approach_ brute force. If you have the password, all you can do is brute-force.
Caleb Bennett
>twitter nigger dramas
Nolan Scott
If a password is stored in a manner that they are able to retrieve it, then an attacker who has compromised their databases is able to retrieve it as well. The proper solution for storing passwords is to use a one way hashing function with a randomly generated "salt" to guarantee that no two people with the same password will necessarily have the same hash.
So to clarify, we have a globally used hashing function H. For each user in the database, we store a hash h, and salt s. When a user sends a password p, we compute H(p+s), and validate that user if the result is equal to h. A proper function H should be designed that it will take an extraordinarily long time to compute p from h and s. An example of such a function is Scrypt (pronounced "ess-crypt"), which is designed to use as much memory as possible while computing the hash such that parallelization (i.e. cracking with a GPU) is less practical.
David Lee
>preferably in HMAC
HMAC is not suitable for password authentication. Try Scrypt or Bcrypt.
Camden Young
>bcrypt
this user gets it
Connor Brown
argon2, please
Nicholas Edwards
use Scrypt if possible
Matthew Edwards
While I would not say Bcrypt is a *bad* choice, Scrypt was designed specifically to deal with some of its faults. If you want to stop an attacker with a butt ton of compute cores, Scrypt has your back.
Also an acceptable choice, though it is a bit new, and may not be preferred by certain companies that want something more mature.
Hudson Morales
underrated
Joseph Ramirez
LMAO, this thread is laughs