Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 29 Jul 2014, 00:57
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Passwords safe from FEDs?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [10 Posts]  
Author Message
8-bit


Joined: 03 Apr 2007
Posts: 3357
Location: Oregon

PostPosted: Fri 26 Jul 2013, 02:01    Post subject:  Passwords safe from FEDs?
Subject description: Feds requesting user passwords!
 

According to an article on CNet, the FBI is requesting passwords and encrypting algorithms from internet sites such as google, facebook, Yahoo, etc.

So I guess now, if they got their way and were investigating someone and found nothing of interest, they could possibly plant whatever they wanted by logging on as that user.

Now that is scary!

I would provide a link. But I cannot figure out how to do it.
The article as I said is on CNet News Politics and Law and is called "Feds tell Web firms to turn over user account passwords"

It was also stated in the article that when bcrypt is used to encode a password it makes it a lot harder to crack.
Back to top
View user's profile Send private message 
L18L

Joined: 19 Jun 2010
Posts: 2505
Location: Burghaslach, Germany somewhere also known as "Hosla"

PostPosted: Fri 02 Aug 2013, 08:06    Post subject: Re: Passwords safe from FEDs?
Subject description: Feds requesting user passwords!
 

8-bit wrote:
I would provide a link. But I cannot figure out how to do it.

There are about 159,999 linking to it : https://www.google.com/search?q="Feds+tell+Web+firms+to+turn+over+user+account+passwords" Wink
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 677

PostPosted: Fri 02 Aug 2013, 12:14    Post subject:
Subject description: must have used a salt
 

cnet.com wrote:
One popular hash function called MD5, for instance, transforms the phrase "National Security Agency" into this string of seemingly random characters: 84bd1c27b26f7be85b2742817bb8d43b. Computer scientists believe that, if a hash function is well-designed, the original phrase cannot be derived from the output.

http://news.cnet.com/8301-13578_3-57595529-38/feds-tell-web-firms-to-turn-over-user-account-passwords/

md5(National Security Agency) is
a4e4c46a411d4f3433a880e4e2d614a5
not
"84bd1c27b26f7be85b2742817bb8d43b"
md5decrypter,co,uk .png
 Description   Reverse MD5 on a4e4c46a411d4f3433a880e4e2d614a5 via http://www.md5decrypter.co.uk/
 Filesize   15.54 KB
 Viewed   340 Time(s)

md5decrypter,co,uk .png

Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 677

PostPosted: Fri 02 Aug 2013, 12:36    Post subject:  

8-bit wrote:
It was also stated in the article that when bcrypt is used to encode a password it makes it a lot harder to crack.

In that application bcrypt has to be used iteratively , thousands of repetitions , which slows a brute-force attack, (aka key stretching ).

Last edited by Barkin on Fri 02 Aug 2013, 12:44; edited 2 times in total
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 677

PostPosted: Fri 02 Aug 2013, 12:42    Post subject:  

posted in error
Back to top
View user's profile Send private message 
8-bit


Joined: 03 Apr 2007
Posts: 3357
Location: Oregon

PostPosted: Sat 03 Aug 2013, 01:25    Post subject:  

Evidently, the hash decrypting site you referenced does not allow a paste of an md5sum.
Every time I tried, the example screen would display and mess things up.
But it did bring up the thought of just how fast one could decrypt an md5 password hash!
But again, for testing the strength of a user defined password hash, it could prove valuable.
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 677

PostPosted: Sat 03 Aug 2013, 04:37    Post subject:  

8-bit wrote:
Evidently, the hash decrypting site you referenced does not allow a paste of an md5sum.
Every time I tried, the example screen would display and mess things up.

that site does require a CAPTCHA to be completed every time you want to see if a reverse MD5 is possible, (it does allow batches of MD5 to be entered a once ).

8-bit wrote:
But it did bring up the thought of just how fast one could decrypt an md5 password hash!

If people have added a long random salt ... md5(password+salt) ... then its very unlikely that a reverse MD5 is possible.

Iteration makes a reverse MD5 even less likely ... http://www.murga-linux.com/puppy/viewtopic.php?p=664755#664755
Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11080
Location: The Peoples Republic of California

PostPosted: Sun 04 Aug 2013, 17:11    Post subject: Re: Passwords safe from FEDs?
Subject description: Feds requesting user passwords!
 

8-bit wrote:
So I guess now, if they got their way and were
investigating someone and found nothing of interest, they could possibly
plant whatever they wanted by logging on as that user.

Now that is scary!


Yeah and . . .

Cops have always been able to plant evidence and/or outright lie.

They have also been known to not disclose some evidence which
would cast doubt on one's actual guilt.

On this password topic, how about changing passwords regularly?
Maybe before breakfast, lunch and dinner each day.

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send private message 
8-bit


Joined: 03 Apr 2007
Posts: 3357
Location: Oregon

PostPosted: Sun 04 Aug 2013, 17:41    Post subject:  

I figure that anything I do as to frequently changing passwords will only help a little.
But also in that act of changing passwords frequently, I think one would draw more attention to themselves.

If the Feds want to mess with you, I think they would find a way.

I could give an example of possible problems with my software collection.

I have, on my PC, a great number of game disk images for the outdated Atari 8bit computers.
A lot of it is commercial software that is no longer being made or sold by those companies.
So, does having all those disk images of games make me a pirate that can be jumped on by the Feds with say being charged for each piece of software I have?

Or am I relatively safe from prosecution since the material in question is so old that the only way one could get it would be from another collector that had the original commercial software for sale?

I am using my Atari collection as an example.
It could be expanded to include any software from any company including Microsoft.

And as an example of that, I have two Microsoft CDs that are their install Cds for Microsoft Office 97 (not copies) that I have installed one on my PC.
I bought them for a few pennies out of a Goodwill AS-IS store after having tried a copy of that software that I had bought also from the Goodwill store and really liking it.

Also, I have a slow internet connection that causes Youtube movies to halt or crash and use GTK Youtube Viewer to download them for viewing.
So at any time, I may have a few movie files on my PC that possibly could be held against me.

So what I am getting at is that in my case, having the Feds log on as me for the purpose of planting evidence does not worry me too much other than if they managed to upload a new release movie to my PC for use in a case against me.
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 4229
Location: Gatineau (Qc), Canada

PostPosted: Mon 05 Aug 2013, 00:02    Post subject:  

Hi, 8-bit.

I believe your Feds or ours (RCMP) would be out for much bigger fish than
you or me. I like to think that they have way more serious crimes to investigate.

Besides, at least here in Canada, the act of buying protects you, even "hot
goods". How the goods got to the shop is of no concern to you. You bought
those old programs in good faith from a non-profit. You didn't steal
them, you didn't pirate them, you bought them. AFAIK, buying any product
from a legitimate shop is legal!

My 2¢.

musher0

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send private message Visit poster's website 
Display posts from previous:   Sort by:   
Page 1 of 1 [10 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0681s ][ Queries: 12 (0.0042s) ][ GZIP on ]