1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Should you declare if passwords aren't encrypted?

Discussion in 'General Chat' started by sarahk, Sep 4, 2006.

?

Sites should declare when passwords are stored as plain text?

  1. Yes

    5 vote(s)
    62.5%

  2. No - they should declare when they are encrypted

    1 vote(s)
    12.5%

  3. No - the user doesn't need to know either way

    2 vote(s)
    25.0%
0
  1. #1
    Forums as well as quite a few directories and rating scripts require people to register and give a password.

    I've just come across a vBulletin installation that has bypassed the usual user registration to store passwords as plain text rather than md5() encrypted values. I got to thinking... surely if a password isn't going to be securely stored the site should declare it?

    But if the site owner is too ignorant to know to encrypt then they won't know to make the declaration!

    Then perhaps sites that encrypt passwords should declare it.
    And how do we verify it when people are deliberately cheating us?
     
    sarahk, Sep 4, 2006 IP
  2. Nintendo

    Nintendo ♬ King of da Wackos ♬

    Messages:
    12,890
    Likes Received:
    1,064
    Best Answers:
    0
    Trophy Points:
    430
    #2
    If I knew how to and had vBulletin set to show as plain text, I probably wouldn't want to do it. I wouldn't want hackers knowing it was plain text.

    From a users side, I probably would want it declared.

    For example, I think phpBB is not encrypted, so I use a different password when I register on that board and boards I'm not sure if it's encrypted, a password that I don't use any where else.
     
    Nintendo, Sep 4, 2006 IP
  3. sarahk

    sarahk iTamer Staff

    Messages:
    28,500
    Likes Received:
    4,460
    Best Answers:
    123
    Trophy Points:
    665
    #3
    In this particular instance the users are less likely to be tech savvy so won't be thinking about password security, but normally the use of vBulletin gives a sense of security.
     
    sarahk, Sep 4, 2006 IP
  4. sarahk

    sarahk iTamer Staff

    Messages:
    28,500
    Likes Received:
    4,460
    Best Answers:
    123
    Trophy Points:
    665
    #4
    Just got an email from the guy
     
    sarahk, Sep 4, 2006 IP
  5. Nintendo

    Nintendo ♬ King of da Wackos ♬

    Messages:
    12,890
    Likes Received:
    1,064
    Best Answers:
    0
    Trophy Points:
    430
    #5
    I couldn't even imagen moving from vBulletin to any other system!!! Nothing'll ever beat vBulletin.

    If any one doesn't have database access, they should get a new host. It does help to be able to make back-ups!!!
     
    Nintendo, Sep 4, 2006 IP
  6. The Webmaster

    The Webmaster IdeasOfOne

    Messages:
    9,516
    Likes Received:
    718
    Best Answers:
    0
    Trophy Points:
    360
    #6
    vBulletin is no doubt the best forum software out there...

    I would prefer not to signup on any site, that doent use encrypted password.
    My all sites that requires a login/user sign up stores password in encrypted form.
     
    The Webmaster, Sep 4, 2006 IP
  7. digitalpoint

    digitalpoint Overlord of no one Staff

    Messages:
    38,333
    Likes Received:
    2,613
    Best Answers:
    462
    Trophy Points:
    710
    Digital Goods:
    29
    #7
    You know what's an interesting site that has no encrypted passwords? MySpace. If you request your password to be emailed, it's emailed (not just changed like it should). Crazy for a site that size.
     
    digitalpoint, Sep 5, 2006 IP
  8. relixx

    relixx Active Member

    Messages:
    946
    Likes Received:
    54
    Best Answers:
    0
    Trophy Points:
    70
    #8

    Well, I'm not suprised. I mean, it's myspace....
     
    relixx, Sep 5, 2006 IP
  9. The Webmaster

    The Webmaster IdeasOfOne

    Messages:
    9,516
    Likes Received:
    718
    Best Answers:
    0
    Trophy Points:
    360
    #9
    MySpace is for teens...isnt it??

    They dont have time for a nerdy Pasword protection system..
     
    The Webmaster, Sep 5, 2006 IP
  10. Blogmaster

    Blogmaster Blood Type Dating Affiliate Manager

    Messages:
    25,924
    Likes Received:
    1,354
    Best Answers:
    0
    Trophy Points:
    380
    #10
    Considering that there are tons of people who are using the same password for everything, a forum owner with access to that password could potentially do some serious damage.
     
    Blogmaster, Sep 5, 2006 IP
  11. relixx

    relixx Active Member

    Messages:
    946
    Likes Received:
    54
    Best Answers:
    0
    Trophy Points:
    70
    #11
    Yeah, that's what I was thinking. They're too busy trying to get as many Friends as they can (as if that actually means anything) and trying to be cool than worry about anything of actual important (and thus uncool, esp if it requires effort or taxes their tiny excuse for brains) like having proper security in place ;)

    It must be a scammers dream: a mass gathering of retards and techno-idiots: "lolz, im typing on a website, I'm so kewl! Hey, this random email from some guy in Nig... Nige... someplace in Africa (lolz, where is that?) is promising me mega bux! It must be true! Where's my credit card..."
     
    relixx, Sep 5, 2006 IP
    The Webmaster likes this.
  12. mightyb

    mightyb Banned

    Messages:
    6,566
    Likes Received:
    405
    Best Answers:
    0
    Trophy Points:
    0
    #12
    At the end of the day even MD5s are easily B-forced. I would not do anything as long as i don't claim the passwords to be encrypted.
     
    mightyb, Sep 5, 2006 IP
  13. Blogmaster

    Blogmaster Blood Type Dating Affiliate Manager

    Messages:
    25,924
    Likes Received:
    1,354
    Best Answers:
    0
    Trophy Points:
    380
    #13
    It's almost charming to see how unprofessional MySpace is. It's a cult phenomenon however.
     
    Blogmaster, Sep 5, 2006 IP
  14. relixx

    relixx Active Member

    Messages:
    946
    Likes Received:
    54
    Best Answers:
    0
    Trophy Points:
    70
    #14
    not if you throw in a random number of salts of random length, randomly ;)
     
    relixx, Oct 23, 2006 IP