[goodkarma]

When we sign up with a user id on any forum, we need a p/w and typically, you get that p/w approved or not within seconds.

How does that work and do the owners of most sites have access to our passwords?

I ask becasue my mother uses the same password for everything and I worry someone can snoop and use it.

[goodkarma]

Ladies also, beware of letting a geek look at your computer before you are savvy enough not to know how passwords can be stored like when using 'Fire Fox.

[PDLM]

Quote:

Originally Posted by goodkarma

Ladies also, beware of letting a geek look at your computer before you are savvy enough not to know how passwords can be stored like when using 'Fire Fox.

I nominate this for "Sexist Post of the Week"

[Sunfire]

Usually passwords are stored as hashes. For example, if I was to choose my password as 'geoexpat' and the hash function was md5, when I enter 'geoexpat', the md5sum calculator outputs 'b85133301db8ec2d3eb9314f737821b3'. That is a hash sum.

You can't reverse the process and somehow get the password out of the hash sum, but every time you enter your password, a hash sum is calculated out of what you type in, and if it matches the stored one, your password is considered correct.

So in short, unless the passwords are stored as plain text (which you usually have no way of knowing, but it most likely isn't the case), the system administrator can't just see what password each user has. He would have to have what's called a dictionary, which is a list of calculated hash sums for every possible password. That's obviously a lot of trouble just to see your dear mother's password

[goodkarma]

Thanks for the serious response.

Very interesting.

[KnowItAll]

We use a md5sum(md5sum($password)+$salt) .... go figure.

[Sunfire]

Ah yes, sorry. Forgot about the salt

[goodkarma]

Aww gee, I love it when you talk all tech like

[Monde]

Mostly it is stored as a hash character set or in a front end application as *'s.

90% of the time if you forget your password the admin cannot give it to you but can reset it for you.

[hk.com]

Quote:

Originally Posted by Sunfire

Ah yes, sorry. Forgot about the salt

To put people last few people who are awake to sleep, you could discuss how cryptographically HASH's are one way functions that mathematically can not reversed. Do this preferably in a lengthy and tedious manner.