|
Keep a count of chars and hash those.
When you input the new password, count the chars and then compare the hashes.
Example: god_123 = 1g1o1_111213 . Obviously it's a terrible idea to keep it in plain text,
thus you hash it. Once you type the new password, match hash against hash. Done.
|
|
|
|
|
The passwords don't need to be stored plaintext in order to check for similar passwords. The password checker could create several variations of your proposed password, hash them and compare to your previous password hashes. For example, if the last character is a number, all digits [0-9] could be tried at that position.
|
|
|
|
|
F-ES Sitecore wrote: your password you usually need to enter your existing password
Very good explanation. That must be it. Thanks for reminding us of that. I forgot that you have to re-enter your old one.
|
|
|
|
|
Had the same system at my last employer, and I doubted then that it was as secure as they thought. But hey ho, IT department were the experts, and did not like being challenged.
|
|
|
|
|
Richard MacCutchan wrote: and did not like being challenged Apparently they enjoyed it so much
GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X
If you think 'goto' is evil, try writing an Assembly program without JMP. -- TNCaver
When I was six, there were no ones and zeroes - only zeroes. And not all of them worked. -- Ravi Bhavnani
|
|
|
|
|
Richard MacCutchan wrote: and did not like being challenged
Most of the 'challenged' people get angry when challenged...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
|
Richard MacCutchan wrote: and did not like being challenged.
Funny, same thing here ...
|
|
|
|
|
|
Goldman Sachs employs this type of password policy. Most major corporations do. I'm sure other companies large and small do something similar.
The idea is that a lot of people keep the same portions of their password the same and just change out incremental sections whenever they have to change the password (usually every 2-3 months). In theory, this can be hacked very easily.
|
|
|
|
|
V. wrote: you cannot change it into something that is too similar to the previous one.
Have you tested it? Maybe it's just a vapor-policy.
V. wrote: How is that determined since the hashing value should change significantly if you change just one letter ?
If they are truly hashing, then they can't. If the policy actually works, then they are encrypting, not hashing.
Marc
|
|
|
|
|
|
|
Really? Rickrolling? You are going to stoop that low?
A*******.
What do you get when you cross a joke with a rhetorical question?
The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism.
Do questions with multiple question marks annoy you???
|
|
|
|
|
You did not really believe there was a hash comparator, did you ?
|
|
|
|
|
Just a thought: what constitutes a similar password?
Okay, we can look at things that are close in terms of characters but there are thousands of sequences that aren't detectable that way.
Let's say a user has the following chain of passwords:
HunkyD0ry71
Ziggy5tardust72
A1add1nSan373
It's a pretty safe bet that the next one would either be P1nUp573 or D1am0ndD0g574 (depending on whether our user regards Pin Ups as a "proper" Bowie album.
There's no way that you're ever going to trap that with software but it's very easy for a human to work out.
I guess I'm like most people in my home use in that I use Keepass and never even look at my generated passwords, let alone memorise them (idiot password policies that demand less secure passwords are a complete annoyance here but I'll save that rant for another day).
In work-places though, especially if people are working on fixed images or locked-down machines, we're forced into that altogether less secure world where users need a self-made memorable password. This is where highly human-predictable patterns like the Bowie sequence above come into play and also where published restrictions (x-y chars which must include blah, blah and blah) can make it even easier to derive current passwords from old ones. And, let's face it, however many times you tell people to never write their passwords down, you know full well that a search through any office will turn up a fair few scribbled on notebooks and post-its.
|
|
|
|
|
Who says it's hashed? There are more than 0 IT departments on this world who have no friggin' idea what they're doing.
|
|
|
|
|
It could perform such from the other way round. E.g. take the new password, generate a set of permutations by changing one or two characters in it, compute the hashes for each and check if such hash equals the original password.
Of course, this can become a lot more complicated - especially if starting to compare more than just one character being optional. Thus such calc could take a lot of time. Not to mention, it "should" be done client-side else you're sending a plaintext / encrypted password to the server - which then does these calcs. The whole idea of a one-way hash is so you never have the actual password outside your own client machine.
Alternatively, another idea which may be even better ... Pre-calculate hashes for all the "bad-list" passwords (i.e. those stuff where passwords are leaked and compared to just how many people use them). Then whenever a user enters a new password, compare its hash to the table of pre calculated hashes. Again, it may become a bit more computationally intense once you have to throw salting into the mix, unless a salt can be applied to a hash at a later stage instead of to the password before calculating the hash (again algorithm dependent). But I think this way should avoid most of the major issues, while using much less computations than the permutation idea.
|
|
|
|
|
Thats an old technology, the Soundex code. Its a type of hashing to see if two words sound alike when spoken. It was a common way to look up names that may have been misspelled when first entered into a database.
|
|
|
|
|
You are looking at it from the wrong perspective. If someone steals a password database with hashes in it and crack them, they aren't going to try hashes that are similar. They are going to try altering the known good passwords slightly. If my password was stolen in September and they manage to crack it to find that it was "pass0916" then obviously "pass1016" would be a very likely guess for someone trying to breach my account this month. That is why similarity of source matters over similarity of hash.
|
|
|
|
|
|
Does anyone have a wireless guitar system at home (to replace the cables)?
I'm looking at a Line 6 G30 or Line 6 G50 (Line 6 | Relay Guitar Wireless[^]), but I was wandering if anyone has experience with something like that. The G30 is far cheaper, but I doubt the robustness. The G50 is probably overkill, but will (hopefully) not break. Later on, I would probably like to buy additional transmitters (for the same receiver) to plug in more guitars.
- Additional question, suppose you do have 2 guitars and 2 transmitters, would the receiver be able to translate that to one amplifier at the same time? (probably not such a good idea, but you never know)
- Could you split the output with one receiver? (eg transmitter 1 goes to amp 1 and transmitter 2 goes to amp 2?
Any recommendations are welcome, thanks!
|
|
|
|
|
I have used a cheapy wireless systems, you tend to get '80s hair metal tone. All wireless stuff I have used (cheapy) the system had one tx and rx unit you just set the channels and go, so using that system if both guitars tx units used the same channel you could get the rx unit to receive both (if memory serves there was a bit of interference but it could be lived with ((it was a hair band after all)))
The splitting of signal yes you can if the unit has the inputs & outputs to let you! Use a cable though less chance of interference!
|
|
|
|
|
Try this one: image[^]
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
I think this one is a Bruce Willis movie.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|