Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 01 Oct 2014, 14:24
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Passwords safe from FEDs?
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count  
Author Message
8-bit


Joined: 03 Apr 2007
Posts: 3368
Location: Oregon

PostPosted: Fri 26 Jul 2013, 02:01    Post_subject:  Passwords safe from FEDs?
Sub_title: Feds requesting user passwords!
 

According to an article on CNet, the FBI is requesting passwords and encrypting algorithms from internet sites such as google, facebook, Yahoo, etc.

So I guess now, if they got their way and were investigating someone and found nothing of interest, they could possibly plant whatever they wanted by logging on as that user.

Now that is scary!

I would provide a link. But I cannot figure out how to do it.
The article as I said is on CNet News Politics and Law and is called "Feds tell Web firms to turn over user account passwords"

It was also stated in the article that when bcrypt is used to encode a password it makes it a lot harder to crack.
Back to top
View user's profile Send_private_message 
L18L

Joined: 19 Jun 2010
Posts: 2507
Location: Moved from Hosla to www.eussenheim.de

PostPosted: Fri 02 Aug 2013, 08:06    Post_subject: Re: Passwords safe from FEDs?
Sub_title: Feds requesting user passwords!
 

8-bit wrote:
I would provide a link. But I cannot figure out how to do it.

There are about 159,999 linking to it : https://www.google.com/search?q="Feds+tell+Web+firms+to+turn+over+user+account+passwords" Wink
Back to top
View user's profile Send_private_message 
Barkin


Joined: 12 Aug 2011
Posts: 724

PostPosted: Fri 02 Aug 2013, 12:14    Post_subject:
Sub_title: must have used a salt
 

cnet.com wrote:
One popular hash function called MD5, for instance, transforms the phrase "National Security Agency" into this string of seemingly random characters: 84bd1c27b26f7be85b2742817bb8d43b. Computer scientists believe that, if a hash function is well-designed, the original phrase cannot be derived from the output.

http://news.cnet.com/8301-13578_3-57595529-38/feds-tell-web-firms-to-turn-over-user-account-passwords/

md5(National Security Agency) is
a4e4c46a411d4f3433a880e4e2d614a5
not
"84bd1c27b26f7be85b2742817bb8d43b"
md5decrypter,co,uk .png
 Description   Reverse MD5 on a4e4c46a411d4f3433a880e4e2d614a5 via http://www.md5decrypter.co.uk/
 Filesize   15.54 KB
 Viewed   348 Time(s)

md5decrypter,co,uk .png

Back to top
View user's profile Send_private_message 
Barkin


Joined: 12 Aug 2011
Posts: 724

PostPosted: Fri 02 Aug 2013, 12:36    Post_subject:  

8-bit wrote:
It was also stated in the article that when bcrypt is used to encode a password it makes it a lot harder to crack.

In that application bcrypt has to be used iteratively , thousands of repetitions , which slows a brute-force attack, (aka key stretching ).

Edited_times_total
Back to top
View user's profile Send_private_message 
Barkin


Joined: 12 Aug 2011
Posts: 724

PostPosted: Fri 02 Aug 2013, 12:42    Post_subject:  

posted in error
Back to top
View user's profile Send_private_message 
8-bit


Joined: 03 Apr 2007
Posts: 3368
Location: Oregon

PostPosted: Sat 03 Aug 2013, 01:25    Post_subject:  

Evidently, the hash decrypting site you referenced does not allow a paste of an md5sum.
Every time I tried, the example screen would display and mess things up.
But it did bring up the thought of just how fast one could decrypt an md5 password hash!
But again, for testing the strength of a user defined password hash, it could prove valuable.
Back to top
View user's profile Send_private_message 
Barkin


Joined: 12 Aug 2011
Posts: 724

PostPosted: Sat 03 Aug 2013, 04:37    Post_subject:  

8-bit wrote:
Evidently, the hash decrypting site you referenced does not allow a paste of an md5sum.
Every time I tried, the example screen would display and mess things up.

that site does require a CAPTCHA to be completed every time you want to see if a reverse MD5 is possible, (it does allow batches of MD5 to be entered a once ).

8-bit wrote:
But it did bring up the thought of just how fast one could decrypt an md5 password hash!

If people have added a long random salt ... md5(password+salt) ... then its very unlikely that a reverse MD5 is possible.

Iteration makes a reverse MD5 even less likely ... http://www.murga-linux.com/puppy/viewtopic.php?p=664755#664755
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11109
Location: The Peoples Republic of California

PostPosted: Sun 04 Aug 2013, 17:11    Post_subject: Re: Passwords safe from FEDs?
Sub_title: Feds requesting user passwords!
 

8-bit wrote:
So I guess now, if they got their way and were
investigating someone and found nothing of interest, they could possibly
plant whatever they wanted by logging on as that user.

Now that is scary!


Yeah and . . .

Cops have always been able to plant evidence and/or outright lie.

They have also been known to not disclose some evidence which
would cast doubt on one's actual guilt.

On this password topic, how about changing passwords regularly?
Maybe before breakfast, lunch and dinner each day.

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
8-bit


Joined: 03 Apr 2007
Posts: 3368
Location: Oregon

PostPosted: Sun 04 Aug 2013, 17:41    Post_subject:  

I figure that anything I do as to frequently changing passwords will only help a little.
But also in that act of changing passwords frequently, I think one would draw more attention to themselves.

If the Feds want to mess with you, I think they would find a way.

I could give an example of possible problems with my software collection.

I have, on my PC, a great number of game disk images for the outdated Atari 8bit computers.
A lot of it is commercial software that is no longer being made or sold by those companies.
So, does having all those disk images of games make me a pirate that can be jumped on by the Feds with say being charged for each piece of software I have?

Or am I relatively safe from prosecution since the material in question is so old that the only way one could get it would be from another collector that had the original commercial software for sale?

I am using my Atari collection as an example.
It could be expanded to include any software from any company including Microsoft.

And as an example of that, I have two Microsoft CDs that are their install Cds for Microsoft Office 97 (not copies) that I have installed one on my PC.
I bought them for a few pennies out of a Goodwill AS-IS store after having tried a copy of that software that I had bought also from the Goodwill store and really liking it.

Also, I have a slow internet connection that causes Youtube movies to halt or crash and use GTK Youtube Viewer to download them for viewing.
So at any time, I may have a few movie files on my PC that possibly could be held against me.

So what I am getting at is that in my case, having the Feds log on as me for the purpose of planting evidence does not worry me too much other than if they managed to upload a new release movie to my PC for use in a case against me.
Back to top
View user's profile Send_private_message 
musher0


Joined: 04 Jan 2009
Posts: 4245
Location: Gatineau (Qc), Canada

PostPosted: Mon 05 Aug 2013, 00:02    Post_subject:  

Hi, 8-bit.

I believe your Feds or ours (RCMP) would be out for much bigger fish than
you or me. I like to think that they have way more serious crimes to investigate.

Besides, at least here in Canada, the act of buying protects you, even "hot
goods". How the goods got to the shop is of no concern to you. You bought
those old programs in good faith from a non-profit. You didn't steal
them, you didn't pirate them, you bought them. AFAIK, buying any product
from a legitimate shop is legal!

My 2¢.

musher0

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send_private_message Visit_website 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0694s ][ Queries: 12 (0.0047s) ][ GZIP on ]