Jump to content
Paint.NET 5.1 is now available! ×

Recommended Posts

Posted

What's with the Fort Knox password requirements for this site? It had been so long since I needed to visit the forum that I had forgot my password, so I had it reset. Then, I logged back in to change it to something I could remember. That is when I noticed this:

Password must be between 8 and 30 characters long, must contain letters in mixed case and must contain numbers.

Now I see why I had forgotten my password! That is ridiculous. Maybe if this page were linked to my bank accounts or stock portfolio, but not for asking questions about Paint.NET!

Besides, whatever the password is that gets entered, it appears to be encrypted with an algorithm like SHA1 or MD5, and only that result is stored in the database. This means a password can be just about anything a person wants, and the encryption routine will generate a string that is more than adequate.

Is there a serious reason for this, or did it just come with the forum package and no one has bothered making a change to it?

~Joe

Avoid Sears Home Improvement (click to read why)

Posted
Besides, whatever the password is that gets entered, it appears to be encrypted with an algorithm like SHA1 or MD5, and only that result is stored in the database. This means a password can be just about anything a person wants, and the encryption routine will generate a string that is more than adequate.

Even though encryption takes place, people can still type in your password. Encryption only protects the password from being stolen from the database and used directly. If I were to retreive your password from the database - Let's say the password is "dog" - I'd get "e49512524f47b4138d850c9d9d85972927281da0". However, hackers only need to try to crack the sha-1 with a Rainbow Table, and it'll be hacked. Considering "dog" is only three letters, it'll take less then an hour to crack.

I cannot say why this has been implemented, but I didn't experience it. I guess it's to stimulate people to get more difficult passwords, that are harder to guess, considering about half of the MySpace passwords are a normal word of 7 letters with a 1 behind it.

Posted

I don't want people using passwords that are easily compromised by a dictionary attack.

Most people are happy with passwords like "pony" or "password".

It almost completely eliminates repudiation problems; not to mention, what if a mod had a weak password ...

The Paint.NET Blog: https://blog.getpaint.net/

Donations are always appreciated! https://www.getpaint.net/donate.html

forumSig_bmwE60.jpg

Posted

I would rather have a bit more complex password and ensure that all the post that are made are mine and my info is safe than trusting my account under weak security,in the end your getting the better end of the deal with a password system like this one,plus if you stay logged in on your computer,it shouldn't be that big of a deal to you

Posted

You think that's bad? My school used to have the following password requirements:

-must be no fewer than 8 characters

-must be no greater than 12 characters

-must start with a letter

-must be mixed case

-must include a number within the first three characters

-must include a number within the last five characters

-must include at least two numbers

-must include at least one letter

-may not include special characters

-may not include letters repeated immediately adjacent (i.e. "oo," "ee")

-may not include any two adjacent numbers

-may include no complete words in English

-may include no complete words in Spanish

-may include no complete words in French

-may include no complete words in German

-may include no complete words spelled backward in English

-may include no complete words spelled backward in Spanish

-may include no complete words spelled backward in French

-may include no complete words spelled backward in German

-may include no complete words, spelled forward or backward in any of the above languages with common letter-for-number replacement (i.e. 1 for i, 4 for A, 0 for o, 6 for G)

You think I'm joking? I'm absolutely not. These were the actual requirements. And I think I may have forgotten some.

Since, they've gotten a lot more lenient. Now it just has to be over 30 characters.

So, yeah. Be glad that you only have three or four restrictions.

 

The Doctor: There was a goblin, or a trickster, or a warrior... A nameless, terrible thing, soaked in the blood of a billion galaxies. The most feared being in all the cosmos. And nothing could stop it, or hold it, or reason with it. One day it would just drop out of the sky and tear down your world.
Amy: But how did it end up in there?
The Doctor: You know fairy tales. A good wizard tricked it.
River Song: I hate good wizards in fairy tales; they always turn out to be him.

Posted

Yeah, they figured that out eventually.

 

The Doctor: There was a goblin, or a trickster, or a warrior... A nameless, terrible thing, soaked in the blood of a billion galaxies. The most feared being in all the cosmos. And nothing could stop it, or hold it, or reason with it. One day it would just drop out of the sky and tear down your world.
Amy: But how did it end up in there?
The Doctor: You know fairy tales. A good wizard tricked it.
River Song: I hate good wizards in fairy tales; they always turn out to be him.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...