Making an account on something today when I came across a novel to me password restriction
-
Making an account on something today when I came across a novel to me password restriction
-
R relay@relay.infosec.exchange shared this topic
-
@benjojo@benjojo.co.uk Please explain to the Python developer (me).
-
@benjojo@benjojo.co.uk Please explain to the Python developer (me).
@flesh @benjojo The $ is a unix crypt hash symbol, which indicates the string that follows is an encrypted password string. If the password were to be stored in say plain text, the program to check the password might infer some things about the password that are untrue if it starts with a $ and always error out since it's comparing what it thinks is a hash to a plaintext of the password, and they don't match. One might reasonably assume from this that this restriction is in place because they do indeed save the passwords as plain text...
-
@flesh @benjojo The $ is a unix crypt hash symbol, which indicates the string that follows is an encrypted password string. If the password were to be stored in say plain text, the program to check the password might infer some things about the password that are untrue if it starts with a $ and always error out since it's comparing what it thinks is a hash to a plaintext of the password, and they don't match. One might reasonably assume from this that this restriction is in place because they do indeed save the passwords as plain text...
@GLaDTheresCake @flesh @benjojo
Ooh, interesting.My thoughts were PHP injection.
Either way, there is no reasonable explanation that doesn't include the words "horribly insecure".
-
R relay@relay.an.exchange shared this topic
-
@GLaDTheresCake @flesh @benjojo
Ooh, interesting.My thoughts were PHP injection.
Either way, there is no reasonable explanation that doesn't include the words "horribly insecure".
@leeloo @GLaDTheresCake @flesh @benjojo
"Either way, there is no reasonable explanation that doesn't include the words "horribly insecure"."
There is one, alluded by someone up the thread: trolling. It is possible that the system is secure, but an admin with a (twisted) sense of humor decided to do some mild nerd-sniping.
Not very likely, just reasonable.
