View Full Version : Password Stealing
RacersEdge
07-20-2005, 06:14 PM
I posted this in Computers too...
I had a message board (ESPN to be exact) password stolen a couple years ago, and I was just curious how the process works. Some kind of script you write or what? (No, not looking to steal anyone's myself).
do you think you had a keylogger on your computer?
Maybe someone guessed it
RacersEdge
07-20-2005, 06:27 PM
[ QUOTE ]
do you think you had a keylogger on your computer?
[/ QUOTE ]
No.
[ QUOTE ]
Maybe someone guessed it
[/ QUOTE ]
Hard to believe, but possible I guess.
I was thinking there was some kind of script you could run on the login page that goes through a bunch of permutations of letters and numbers. I don't know.
stabn
07-20-2005, 06:31 PM
[ QUOTE ]
[ QUOTE ]
do you think you had a keylogger on your computer?
[/ QUOTE ]
No.
[ QUOTE ]
Maybe someone guessed it
[/ QUOTE ]
Hard to believe, but possible I guess.
I was thinking there was some kind of script you could run on the login page that goes through a bunch of permutations of letters and numbers. I don't know.
[/ QUOTE ]
You probably used that password on another site.
swede123
07-20-2005, 06:33 PM
I'm sure there are scripts like that. But why anyone would waste their time using one for a silly message board is beyond me. Do you ever use public computers (library, internet cafe etc) when browsing forums? Maybe that's how it happened.
Swede
RacersEdge
07-20-2005, 06:35 PM
[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
do you think you had a keylogger on your computer?
[/ QUOTE ]
No.
[ QUOTE ]
Maybe someone guessed it
[/ QUOTE ]
Hard to believe, but possible I guess.
I was thinking there was some kind of script you could run on the login page that goes through a bunch of permutations of letters and numbers. I don't know.
[/ QUOTE ]
You probably used that password on another site.
[/ QUOTE ]
Maybe. How does that make it easy to steal??
touchfaith
07-20-2005, 06:35 PM
Brute-force (I'm not kidding).
"And that's all I have to say about that..."
Other then to say always whenever possible, use some sort of punctuation in your passwords, perferably in the first, or first few, characters.
stabn
07-20-2005, 06:55 PM
[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
do you think you had a keylogger on your computer?
[/ QUOTE ]
No.
[ QUOTE ]
Maybe someone guessed it
[/ QUOTE ]
Hard to believe, but possible I guess.
I was thinking there was some kind of script you could run on the login page that goes through a bunch of permutations of letters and numbers. I don't know.
[/ QUOTE ]
You probably used that password on another site.
[/ QUOTE ]
Maybe. How does that make it easy to steal??
[/ QUOTE ]
It depends on how much you trust the admins of all the sites you used that password at.
Dazarath
07-21-2005, 03:11 AM
Writing a brute force password guessing script is not the hard part. The problem is the amount of time it would take. There's some 100 (just a guess) characters that you could use in your password. Even if you told me that your password has 8 characters, that's 100^8 = 10^16 = 10,000,000,000,000,000 different combinations. Even if you somehow managed to try a million per second, it'd still take you ten billion seconds, which is over 300 years. If they're trying to guess a password to an online site, it won't even be close to 1 million guesses per second.
ChipWrecked
07-21-2005, 03:16 AM
Yep. My company requires an 8-character p'word, must contain a number, a capital letter, and a special character.
touchfaith
07-21-2005, 03:27 AM
[ QUOTE ]
Writing a brute force password guessing script is not the hard part. The problem is the amount of time it would take. There's some 100 (just a guess) characters that you could use in your password. Even if you told me that your password has 8 characters, that's 100^8 = 10^16 = 10,000,000,000,000,000 different combinations. Even if you somehow managed to try a million per second, it'd still take you ten billion seconds, which is over 300 years. If they're trying to guess a password to an online site, it won't even be close to 1 million guesses per second.
[/ QUOTE ]
8 hours or so for an NT password with no special characters, 24-72 hrs with, depending on length.
jakethebake
07-21-2005, 08:55 AM
[ QUOTE ]
Yep. My company requires an 8-character p'word, must contain a number, a capital letter, and a special character.
[/ QUOTE ]
Ours is 8 characters and must contain one capital letter, one lower case letter, two number, a special character and we have to change it ever months and not use any of our last five passwords. The result of course is that everyone writes them down...very secure. /images/graemlins/tongue.gif
ChipWrecked
07-21-2005, 09:12 AM
I work graveyard shift at the Network Operations Center (NOC). We take help desk calls during that time. Our password policy is pretty new, so this is a typical call:
Client: It's not taking my password.
Me: (what we said earlier)
Client: wtf?
vBulletin® v3.8.11, Copyright ©2000-2024, vBulletin Solutions Inc.