|
Brady Kelly wrote: The correct term for a generic concrete type.
#SupportHeForShe If your actions inspire others to dream more, learn more, do more and become more, you are a leader.-John Q. Adams
You must accept 1 of 2 basic premises: Either we are alone in the universe or we are not alone. Either way, the implications are staggering!-Wernher von Braun
Only 2 things are infinite, the universe and human stupidity, and I'm not sure about the former.-Albert Einstein
|
|
|
|
|
OK, maybe I was wrong with using "correct", as "concrete" does describe such a type, but IMO, "double" is also a pretty concrete type. A quick look at Jon Skeet's C# In Depth tells me they are called "constructed types[^]".
No object is so beautiful that, under certain conditions, it will not look ugly. - Oscar Wilde
|
|
|
|
|
You are correct, double and other primitives are concrete types. Concrete types are also used to describe subclasses of abstract types where all abstract particles are supplied. That's where I was coming from.
But, hey, I'm good with "constructed type".
#SupportHeForShe If your actions inspire others to dream more, learn more, do more and become more, you are a leader.-John Q. Adams
You must accept 1 of 2 basic premises: Either we are alone in the universe or we are not alone. Either way, the implications are staggering!-Wernher von Braun
Only 2 things are infinite, the universe and human stupidity, and I'm not sure about the former.-Albert Einstein
|
|
|
|
|
Either way, thanks for steering my reading in the direction of getting down and dirty with compiler et al terminology.
No object is so beautiful that, under certain conditions, it will not look ugly. - Oscar Wilde
|
|
|
|
|
John Simmons / outlaw programmer wrote: So, if you get two LastWrite change events, only the first one is added to the queue
Isn't it possible for a file to be modified more than once? In that case, wouldn't you get more than one "LastWrite changed" event?
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack.
--Winston Churchill
|
|
|
|
|
I have been fretting over the question of hacked userids/passwords. As I understand it, the stolen password is not actually the password but a hashed version of it which the hacker then decodes by brute force and ignorance to arrive at the actual password. But what if that wasn't the actual password. What if the system I was using performed some sort of transformation before it hashed the password for storage.
For example, when I log on to my account, I type in pass123 as my password, but unbeknown to me, the system translates that to 321ssap, hashes it and stores it.
The hacker tries to log onto my userid and types in 321ssap as my password which is what he thinks it is. This gets translated to 123pass and hashed for checking. But that hash value is not the same as the one that is stored. Therefore an "Incorrect password" error message is generated.
Am I missing something here?
|
|
|
|
|
xiecsuk wrote: As I understand it, the stolen password is not actually the password but a hashed version of it In most cases, lately reported over media, it was plain text...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
No one would be that would they, not now... [sarcasm icon not needed]
veni bibi saltavi
|
|
|
|
|
|
|
Seriously, my (mandatory) car insurance company sent me the current password in plain text when I clicked on "forgot my password" (turned out I didn't forget my password, they simply changed the accepted character set for the passwords between my logins so my password wasn't valid but I couldn't log in to change it. Had to spend 3 days on the phone and threaten them with Hell, Damnation and going to another company). That means either my password was stored in clear text or it was sotred in such a way that it was recoverable. That is BAD.
Geek code v 3.12
GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- r++>+++ y+++*
Weapons extension: ma- k++ F+2 X
// No comment
|
|
|
|
|
Relax - it was no trouble to retrieve your password...It was stored as plain text to avoid any future problem
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
also to speed things up we have now stored it on 500000 servers location in dubious countries around the world
You cant outrun the world, but there is no harm in getting a head start
Real stupidity beats artificial intelligence every time.
|
|
|
|
|
No, no - they store your password and check it as a nice secure SHA-2 hash value.
And in case you need to recover it (as you did) they store the plain text version in the same table!
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
no that was the old way, now its just stored as "password" so their is no need to decrypt it (saves the NSA 5000 man hours a month )
You cant outrun the world, but there is no harm in getting a head start
Real stupidity beats artificial intelligence every time.
|
|
|
|
|
I had a profile on a site that continually (daily) sent me "we want you back" emails. I ignored them, but last week I noticed that they included my username and password -- in case I had forgotten.
|
|
|
|
|
|
"Page 1 of 289"
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
you're on the front page? well done
You cant outrun the world, but there is no harm in getting a head start
Real stupidity beats artificial intelligence every time.
|
|
|
|
|
Wrong.
The hacker would need to know what hash is being employed to perform an attack and would, most probably have had their own user set up as a known value to check their attack. So maybe they'd see past the subterfuge.
Or maybe someone else is wrong.
veni bibi saltavi
|
|
|
|
|
Also easier to prevent by including some salt, as already discussed quite some times. Companies ain't gonna spend money if it is not required, and people cannot enter the database, so why not store it as plain text?
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
The password is (shuold be) never sent in any form to the server, normally the authentication is a challenge based one.
In phase of registration there is a secure connection where you actually send your password to the server.
Then the login is done by challenge: the server creates a chunk of random data Ri, sends them to the client and at the same time encrypts them using the hash of the password it has stored, creating the encrypted challenge Ci.
The client receives Ri and encrypts using the hash of the provided password, then sends the encrypted chunk Cj to the server.
The server then compares Ci and Cj - if they're equal then the loign is successful.
The main reason because the password should never be sent in any form is to protect from Man In The Middle attacks: if an attacker can sniff your login packet then it may send it again on later times, sending the encrypted password directly to the server with a custom made login packet.
Geek code v 3.12
GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- r++>+++ y+++*
Weapons extension: ma- k++ F+2 X
// No comment
|
|
|
|
|
I am mathematican.And my english isn't good. So sorry if I fail to make oneself understood.
I have studied cryptology for a little while. I can say that: Hash code's inverse functions's solutions calculates forever.
|
|
|
|
|
|
Yes but a brute force dictionary attack confronting to a DB of hashed passwords does not. It is a common bruteforce:
hash("aaaa") = $1. Does $1 exist in the DB?
hash("aaab") = $2. Does $2 exist in the DB?
....
long, as brute force attacks are, but it works. Unless there is some salt in the hashed password.
Geek code v 3.12
GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- r++>+++ y+++*
Weapons extension: ma- k++ F+2 X
// No comment
|
|
|
|