Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
You're using a two-character salt, different for every user, which is viewable as part of the hash. I'm suggesting pretty much the same thing, except the user name is the unique part of the salt and the process is more obfuscated. What am I missing here? Did you think I wasn't going to MD5 or SHA-1 the result? Heh.

Incidently, I fail to see how any security method is going to save you if the person with root gets pissed off. He can social engineer people; he can redirect himself a copy of their user names and passwords on login; he can scan data streams and memory; etc. All he needs is a few logins to make your entire database unsafe, unless you know exactly which ones he has. Face it, you're screwed. The only thing you can prevent is him knowing everyone's password in one easy step, but why would that matter when he has root? He controls everything.

EDIT: I suppose if you know who logged in when and also when it was he inserted the redirect, you could identify which users he had the login info for and reset just their passwords. To prevent this, he'd also have to edit the logs before every site backup, which I admit would add a level of complexity to things. Still, anyone with half a brain would most likely have no trouble doing this.


In reply to Re: Passwords, hashes, and salt by TedPride
in thread Passwords, hashes, and salt by Mr_Person

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others contemplating the Monastery: (5)
    As of 2019-05-26 13:59 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?
      Do you enjoy 3D movies?



      Results (153 votes). Check out past polls.

      Notices?
      • (Sep 10, 2018 at 22:53 UTC) Welcome new users!