"youwantmyshityoucanthaveit" seems pretty secure. But like rdx-fx said, who here actually put their real password in there. I'm no ATG but I'm far to paranoid for that.
It's JavaScript... Don't be so paranoid.
I have a friend highly skilled with JS. You'd be surprised what you can do with it.Finray wrote:
It's JavaScript... Don't be so paranoid.
But it is not my problem if you absolutely must give your passwords to total strangers. Besides, if you are unsure the password is good, then its not. Change it and never tell it to anyone.
Last edited by GC_PaNzerFIN (2010-10-17 13:31:18)
3930K | H100i | RIVF | 16GB DDR3 | GTX 480 | AX750 | 800D | 512GB SSD | 3TB HDD | Xonar DX | W8
anywhere from 5 hours to 3 days
Also, ban Finray and remove his Tech badge. We shouldn't be doing this
mtb0minime wrote:
Also, ban Finray and remove his Tech badge. We shouldn't be doing this
It would take
About 7 septillion years
for a desktop PC to crack your password
wtf is a septillion. Also yay for college passwords.
About 7 septillion years
for a desktop PC to crack your password
wtf is a septillion. Also yay for college passwords.
My college password would take 3 days to crack lol.
Then your friend ain't too smart either.GC_PaNzerFIN wrote:
I have a friend highly skilled with JS. You'd be surprised what you can do with it.Finray wrote:
It's JavaScript... Don't be so paranoid.
But it is not my problem if you absolutely must give your passwords to total strangers. Besides, if you are unsure the password is good, then its not. Change it and never tell it to anyone.
The script he's using can't submit anything or harvest it. There is no server-sided javascript in any of the code.
The site is perfectly safe to use with your actual passwords.
It's perfectly safe.
GC_PaNzerFIN wrote:
I have a friend highly skilled with JS. You'd be surprised what you can do with it.Finray wrote:
It's JavaScript... Don't be so paranoid.
But it is not my problem if you absolutely must give your passwords to total strangers. Besides, if you are unsure the password is good, then its not. Change it and never tell it to anyone.
And if the route to the "perfectly safe" javascripted site is compromised?Zimmer wrote:
Then your friend ain't too smart either.
The script he's using can't submit anything or harvest it. There is no server-sided javascript in any of the code.
The site is perfectly safe to use with your actual passwords.
It's perfectly safe.
If there is only one route into the server, a bit of fairly mundane packet sniffing on the hop just before the "perfectly safe" server would net a bunch of passwords transmitted in the clear. Easy enough to sniff the wire without even showing a hop in a traceroute, with a Receive-Only Cable or an old hub.
"It's perfectly safe" is right up there with "Hold my beer and watch this!" in the Famous Last Words Hall of Fame.
It may be a bit of harmless educational fun, it may be a scam. Smells like Social Engineering to me, so I'll pass.
Your call what you do with your passwords.
Last edited by rdx-fx (2010-10-17 16:58:39)
"SocialEngineeringForFunAndProfit" as a password would take "About 9,571,860 nonillion years"
Funnily enough, my AIM password is the most secure and would take about 204,000 years to crack.
Guess I'll start changing everything to that one. Oh wait, I already input it.
Better test a different one.
Ok, got one that'll take 300 million years. Oh wait, I already input it.
Better test a different one...
Guess I'll start changing everything to that one. Oh wait, I already input it.
Better test a different one.
Ok, got one that'll take 300 million years. Oh wait, I already input it.
Better test a different one...
i like big butts and I cannot lie
takes about 9,571,860 brazillion years
takes about 9,571,860 brazillion years
EE (hats
Fuck Yo Couch only takes 7 thousand years....
EE (hats
I've seen too much scary stuff done with "client-side only" (wink-wink) JS to say "sure, I'll go ahead and put in my password to this random site I found on the internet because their faq says it's safe and I can see their JS is client only".
That's fucking nuts, from a security perspective.
That's fucking nuts, from a security perspective.
“Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid.”
― Albert Einstein
Doing the popular thing is not always right. Doing the right thing is not always popular
― Albert Einstein
Doing the popular thing is not always right. Doing the right thing is not always popular
252 years for my simplest.
About 1,341,374 nonillion years for my wireless network key.
(e: I used similar password format, not the actual passwords.)
About 1,341,374 nonillion years for my wireless network key.
(e: I used similar password format, not the actual passwords.)
It would take
About 564 billion years
for a desktop PC to crack your password
About 564 billion years
for a desktop PC to crack your password
whatwhatinthebutt takes 138 million lolz
Code:
[quote=ig]wat[/quote]
Last edited by Camm (2010-10-18 08:17:22)
for a fatty you're a serious intellectual lightweight.
You don't seem to understand that there is no "route". That page is static and all that you see there is being rendered by your browser. Absolutely nothing on that page is server side. So however much you like your lovely little theory, it's totally and utterly pointless for this. You aren't submitting anything, nothing is getting parsed by the server, the server isn't taking note of your keystrokes. And no, you cannot "hide" a file into the JS or HTML and hope that nobody sees it whilst it sends data to the server. The fact is that that page could be rendered on your computer, my computer, a server and it wouldn't be able to do anything. There is no server side ANYTHING.rdx-fx wrote:
GC_PaNzerFIN wrote:
I have a friend highly skilled with JS. You'd be surprised what you can do with it.Finray wrote:
It's JavaScript... Don't be so paranoid.
But it is not my problem if you absolutely must give your passwords to total strangers. Besides, if you are unsure the password is good, then its not. Change it and never tell it to anyone.And if the route to the "perfectly safe" javascripted site is compromised?Zimmer wrote:
Then your friend ain't too smart either.
The script he's using can't submit anything or harvest it. There is no server-sided javascript in any of the code.
The site is perfectly safe to use with your actual passwords.
It's perfectly safe.
If there is only one route into the server, a bit of fairly mundane packet sniffing on the hop just before the "perfectly safe" server would net a bunch of passwords transmitted in the clear. Easy enough to sniff the wire without even showing a hop in a traceroute, with a Receive-Only Cable or an old hub.
"It's perfectly safe" is right up there with "Hold my beer and watch this!" in the Famous Last Words Hall of Fame.
It may be a bit of harmless educational fun, it may be a scam. Smells like Social Engineering to me, so I'll pass.
Your call what you do with your passwords.
Lovely little theory though, too bad it's total bollocks for the site at hand.
It doesn't just magically appear in your browser, claiming there is nothing on server side implicates that would be the case.
As much as you don't want to believe it, but JS is far from 100% vulnerability free magic land, client side included.
First you willingly type your password on totally stranger site, then you claim you cannot exploit client side JS.... That is ridicule, in which world you lived again?
As much as you don't want to believe it, but JS is far from 100% vulnerability free magic land, client side included.
First you willingly type your password on totally stranger site, then you claim you cannot exploit client side JS.... That is ridicule, in which world you lived again?
3930K | H100i | RIVF | 16GB DDR3 | GTX 480 | AX750 | 800D | 512GB SSD | 3TB HDD | Xonar DX | W8
One that knows more about JS than you do.GC_PaNzerFIN wrote:
It doesn't just magically appear in your browser, claiming there is nothing on server side implicates that would be the case.
As much as you don't want to believe it, but JS is far from 100% vulnerability free magic land, client side included.
First you willingly type your password on totally stranger site, then you claim you cannot exploit client side JS.... That is ridicule, in which world you lived again?
Sorry, but it's not about believing. JS doesn't suddenly spring legs and start communicating with the server. However much your paranoid world thinks it can.
i'm with Panzer on this one.
by all means, you type your passwords where you will, just don't be disappointed if i don't.
by all means, you type your passwords where you will, just don't be disappointed if i don't.
ok mr. java-can-do-no-wrong, if you trust this site so much, what is your password?Zimmer wrote:
JS doesn't suddenly spring legs and start communicating with the server. However much your paranoid world thinks it can.
Javascript*burnzz wrote:
ok mr. java-can-do-no-wrong, if you trust this site so much, what is your password?Zimmer wrote:
JS doesn't suddenly spring legs and start communicating with the server. However much your paranoid world thinks it can.
I never said it can do no wrong, but I checked it and there's no linking to an external file that can read your parse what is being typed or a text file they're getting put into. Of course you can set up Javascript to do just that, but in this case it's harmless.
My password on that site?
"About 42 trillion years".
I'll come back to you when they hack all my gmail accounts and Paypal accounts.