|
|
Goldman Sachs employs this type of password policy. Most major corporations do. I'm sure other companies large and small do something similar.
The idea is that a lot of people keep the same portions of their password the same and just change out incremental sections whenever they have to change the password (usually every 2-3 months). In theory, this can be hacked very easily.
|
|
|
|
|
V. wrote: you cannot change it into something that is too similar to the previous one.
Have you tested it? Maybe it's just a vapor-policy. 
V. wrote: How is that determined since the hashing value should change significantly if you change just one letter ?
If they are truly hashing, then they can't. If the policy actually works, then they are encrypting, not hashing.
Marc
|
|
|
|
|
|
|
Really? Rickrolling? You are going to stoop that low?
A*******.
What do you get when you cross a joke with a rhetorical question?
The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism.
Do questions with multiple question marks annoy you???
|
|
|
|
|
 You did not really believe there was a hash comparator, did you ?
|
|
|
|
|
Just a thought: what constitutes a similar password?
Okay, we can look at things that are close in terms of characters but there are thousands of sequences that aren't detectable that way.
Let's say a user has the following chain of passwords:
HunkyD0ry71
Ziggy5tardust72
A1add1nSan373
It's a pretty safe bet that the next one would either be P1nUp573 or D1am0ndD0g574 (depending on whether our user regards Pin Ups as a "proper" Bowie album.
There's no way that you're ever going to trap that with software but it's very easy for a human to work out.
I guess I'm like most people in my home use in that I use Keepass and never even look at my generated passwords, let alone memorise them (idiot password policies that demand less secure passwords are a complete annoyance here but I'll save that rant for another day).
In work-places though, especially if people are working on fixed images or locked-down machines, we're forced into that altogether less secure world where users need a self-made memorable password. This is where highly human-predictable patterns like the Bowie sequence above come into play and also where published restrictions (x-y chars which must include blah, blah and blah) can make it even easier to derive current passwords from old ones. And, let's face it, however many times you tell people to never write their passwords down, you know full well that a search through any office will turn up a fair few scribbled on notebooks and post-its.
|
|
|
|
|
Who says it's hashed? There are more than 0 IT departments on this world who have no friggin' idea what they're doing.
|
|
|
|
|
It could perform such from the other way round. E.g. take the new password, generate a set of permutations by changing one or two characters in it, compute the hashes for each and check if such hash equals the original password.
Of course, this can become a lot more complicated - especially if starting to compare more than just one character being optional. Thus such calc could take a lot of time. Not to mention, it "should" be done client-side else you're sending a plaintext / encrypted password to the server - which then does these calcs. The whole idea of a one-way hash is so you never have the actual password outside your own client machine.
Alternatively, another idea which may be even better ... Pre-calculate hashes for all the "bad-list" passwords (i.e. those stuff where passwords are leaked and compared to just how many people use them). Then whenever a user enters a new password, compare its hash to the table of pre calculated hashes. Again, it may become a bit more computationally intense once you have to throw salting into the mix, unless a salt can be applied to a hash at a later stage instead of to the password before calculating the hash (again algorithm dependent). But I think this way should avoid most of the major issues, while using much less computations than the permutation idea.
|
|
|
|
|
Thats an old technology, the Soundex code. Its a type of hashing to see if two words sound alike when spoken. It was a common way to look up names that may have been misspelled when first entered into a database.
|
|
|
|
|
You are looking at it from the wrong perspective. If someone steals a password database with hashes in it and crack them, they aren't going to try hashes that are similar. They are going to try altering the known good passwords slightly. If my password was stolen in September and they manage to crack it to find that it was "pass0916" then obviously "pass1016" would be a very likely guess for someone trying to breach my account this month. That is why similarity of source matters over similarity of hash.
|
|
|
|
|
|
Does anyone have a wireless guitar system at home (to replace the cables)?
I'm looking at a Line 6 G30 or Line 6 G50 (Line 6 | Relay Guitar Wireless[^]), but I was wandering if anyone has experience with something like that. The G30 is far cheaper, but I doubt the robustness. The G50 is probably overkill, but will (hopefully) not break. Later on, I would probably like to buy additional transmitters (for the same receiver) to plug in more guitars.
- Additional question, suppose you do have 2 guitars and 2 transmitters, would the receiver be able to translate that to one amplifier at the same time? (probably not such a good idea, but you never know)
- Could you split the output with one receiver? (eg transmitter 1 goes to amp 1 and transmitter 2 goes to amp 2?
Any recommendations are welcome, thanks!
|
|
|
|
|
I have used a cheapy wireless systems, you tend to get '80s hair metal tone. All wireless stuff I have used (cheapy) the system had one tx and rx unit you just set the channels and go, so using that system if both guitars tx units used the same channel you could get the rx unit to receive both (if memory serves there was a bit of interference but it could be lived with ((it was a hair band after all)))
The splitting of signal yes you can if the unit has the inputs & outputs to let you! Use a cable though less chance of interference! 
|
|
|
|
|
Try this one: image[^]
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
I think this one is a Bruce Willis movie.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
Here you go[^] - doesn't get any more wireless than that! 
Anything that is unrelated to elephants is irrelephant
Anonymous
-
The problem with quotes on the internet is that you can never tell if they're genuine
Winston Churchill, 1944
-
I'd just like a chance to prove that money can't make me happy.
Me, all the time
|
|
|
|
|
Typical forum answer : What is wrong with cables ?
|
|
|
|
|
Cables are the reason all the bands sucked in the 70's and 80's.
|
|
|
|
|
WTF! The best bands in the world came from the 70s!!!!!!!!! Led Zep, Floyd, Sabbath, Budgie, Purple!!!! Jeeez, cables and f*** off big valve amps, thats where music is man!
|
|
|
|
|
Did I forget to use the sarcasm font again? 
|
|
|
|
|
I guess you did! 
|
|
|
|
|
A little disease was a major killer (8)
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
Smallpox.
Little - small
Disease - pox
Major killer - it certainly was.
Andy B
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
