New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Unless you mean it makes a random password from an array, sets that to base64, and uses that as the password, which is then properly salted, et al..
Then it's just lazy.
I don't know what you're thinking @Maher, but base64 can be
decryptedundone by using the PHP function base64_decode.It's a format to encode text, not encrypt.
You're looking at SHA/crypt/etc to store passwords, and with at least a somewhat secure salt.
There should be a market for Managed VPS business by analogy with managed server services.
BASE64
WHEN CAESAR JUST ISN'T GOOD ENOUGH
Bruce Schneier called and said he won't be around for a week or so. Heavy drinking. Lost faith in humanity.
I didnt say the password is encoded in base64.
All I said was that the php script generates passwords for users using the base64 format and then encrypts them with md5 using salt
So, it's lazy. Feel free to use mine instead.
What the flipping hell are you going on about?
Seriously, go have a read here, please. You have no clue what you're talking about.
(Also, holy shit, I would never host anything with a provider that's this clueless about security and doesn't recognize it.)
This is how a base64 format looks a like .
https://gyazo.com/160a9f04c40c891edb05dd1eea59f65b
@joepie91 I figured what he was speaking about yesterday. As he just demonstrated, it's just pure laziness. Taking some arbitrary randomness and base64 encoding that (possibly stripping the padding =; didn't check). It's laziness, and possibly not that difficult to reverse- depending on the source of the "Random" seed used. But, yeah, I was assuming he meant that they stored the data as a simple base64 encoding- maybe with a simple xor or otherwise stuck in there for the hell of it.
Just admit you got hacked man! No one does a mass passwd reset for just the hell of it. Only if they got hacked or fear of something was stolen. The op's excuse is pretty lame.