I changed mine, left it as the random gen one and keep my self always logged in so I never have to type my pass in either.
I changed mine, left it as the random gen one and keep my self always logged in so I never have to type my pass in either.
Today is the first day of the rest of your life
Speaking of passwords, anyone know a good free brute-force program? I forgot one of my passwords on a file that I encrypted its double encrypted and I forgot the first password =/ prob no more than 6-8 digits, second pass is 20+ digits which I remember lol.
If I see you autoing with level 3/default clothes/crap name I WILL report you. Auto Correctly.
@Wizzup?: So everyone who as access to admincp also has access to all of the forums users' passwords? Seems a bit odd to me :S
No; it's not like that. They can CHANGE your password but not see or retrieve it. Unless they have access to the plugins which only I and Nielsie95 have. And Enigskai, an IRL mate and admin (because he's root on the server) had access to it. The cracker got in via one admin account (none of those) - found the HTTP auth for admincp in the PM inbox of this same admin. He then changed the password of Enigskai. (The admin was not protected from being modified - admins can change the password of other admins. Don't ask me why). Enigskai had access to the plugins which if basically PHP code. You can write a simple shell with phpBB code, and that's how he got access to the php files. Then you can read the mysql password for the user that owns the srl forums db. (And only the srl forums db). That's how he got the database. So, no. Admins don't have access to your passwords, and even still the passwords are salted and double md5'ed. (ugh, vBulletin again, but it's still somewhat protected if your password is not something like ``duck'')
How to prevent this? I'm going to make all the admin accounts non-modifyable. So you can't change a password, or even mail, signature - without asking me. And I can only hope everyone will use a more secure password and not the same one on other sites. And obviously HTTP auth passwords will not be in PM inboxes any more...
Well, I know there is johntheripper, but I don't think it will fit your purposes. Unless you have the hash of the first password - and it doesn't sound like you have. May I suggest using something like EncFS ( http://www.arg0.net/encfs ) in the future?
The best way to contact me is by email, which you can find on my website: http://wizzup.org
I also get email notifications of private messages, though.
Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
Documentation | Source | Simba Bug Tracker on Github and Villavu )
My (Blog | Website)
Send SMS messages using Simba
Please do not send me a PM asking for help; I will not be able to help you! Post in a relevant thread or make your own! And always remember to search first!
There are currently 1 users browsing this thread. (0 members and 1 guests)