LocksmithCommunity.com :: > > PUBLIC FORUMS > > PUBLIC NEWS (Read Only) >

All Posts
Forum Index > > PUBLIC NEWS (Read Only)

#1: IL password concerns Author: Stubbs , Location: Canada

Posted: Sat Mar 10, 2007 09:26 PM
----
I would like to address a comment that I read from a concerned IL member;

Quote::

My user name and password from here worked at the other site.

I believe there was another that I read somewhere that was a little more in depth about the passwords here and on IL. Let me explain how our passwords work.

When you sign up, you give our system a password that you would like to use. When you do so, your password, which is simply a string of characters, gets encrypted with MD5 encryption (Message Digest Algorithm 5 - a 128 bit encryption method) and stored in our database. What does this mean? Your password gets turned into a large string of characters which represents your password.

For example, if I entered the password t14_6eb89Q, it would be turned into an MD5 hash of a8134bc66d0864b37bf55b40b7384691. This hash is ONE WAY ENCRYPTION and cannot be decrypted. Sure, there are sites out there that claim to have MD5 decryption scripts... but they are database based... meaning someone has typed words in and placed the word and corresponding MD5 hash into a database... unless you have typed that particular string into the MD5 encryption of that site, it will not be decrypted... that's how they get the database, from you!

So, how do we verify your password? Easy. When you log in, you type in your password, the site converts it to an MD5 hash and compares it to your MD5 hash already stored in our database. Your password is never revealed to us in plain text.

So, what happens when you retrieve a lost password? Well, you can't retrieve a lost password... we don't know it! Remember? Smile

A new password is automatically generated by our system, sent to you and then MD5 hashed. This means that we cannot retrieve your password here and use it to access IL.

Think about it... that works both ways. If it was possible for me to retrieve passwords and go to IL, it would be possible for IL to retrieve passwords and come here, posing as someone else. If I thought that could happen, all of our passwords would have been changed here.

#2: IL password concerns Author: Stubbs , Location: Canada

Posted: Mon May 07, 2007 11:50 AM
----
I am bumping this post as it has been brought to my attention that there are some still whining over on IL that we are using their passwords -- I would like to emphasize (again) the fact that passwords stored in our (or IL's) system CANNOT be retrieved.

I would like to remind you of the "password swapping" that has been going on at IL for over a year -- passwords have been exchanged by the same 4 or 5 people that appear to be running the site as of late -- do a search on IL -- there are posts there to support what I say.

If you think that passwords can be retrieved, first you are misinformed (please read my first post above) and second, that works both ways -- think about it -- if it were possible, it would be pretty easy for the "new administration at IL" to retrieve your password to make it look like LC was doing it.

When "the mob" has no legitimate or legal arguments, I guess they have to start reaching...

If any IL member wishes to confirm anything that I have written here, please feel free to contact the lead developer of the Dragonfly Content Management System (http://dragonflycms.org). You don't have to take MY word for it -- there are a ton of Dragonflycms related sites that you could post on to ask this question.

Forum Index > > PUBLIC NEWS (Read Only) Page 1 of 1