> One of the things that did surprise me a little in V1 was the effort some folks went to in order to crack the passwords. I was surprised primarily because the vast majority of those passwords were already available in the clear via the 2 combo lists I mentioned earlier anyway, so why bother? Just download the (easily discoverable) lists! The penny that later dropped was that it presented a challenge - and people like challenges!
I always remove those when downloading torrents because I'm paranoid they're obvious markings of torrent traffic, more-so than DHT connections.
You might observe when trimming the tracker list off the URL that sometimes you can't find a peer, that's because you've never used the same client to contact what effectively amounts to a subnetwork that has no overlap with any previous subnetwork you leeched from in the past.
Especially if you're always fetching the same content (e.g. Game of Thrones episodes) it'll probably just work, but you may find it breaks when you suddenly decide to grab e.g. an old copy of OS/2 or similar, representing a set of BitTorrent users with entirely different interests.
How would you as a peer connect to any other peers without some kind of seed?
What IPs do you connect to?
The hashes are about not storing or giving out the passwords freely, more as a way to verify if your password is in there.
Last person standing gets a prize.
Its generally incomprehensible to me why some people don't want to use password tresors -- its so much easier after all - but his argument was flawed.
My 16 char fully randomized passwords will not be cracked, so I win, along with everyone else using a password manager?
And more specifically:
Sorry for that mix up.
Even something ridiculously weak like a SHA-1 hash isn't going to be cracked if the password is 16 characters long and completely random.
- the passwords aren't stored in plaintext or any other compromised hashing mechanism
- you autogenerated your password
- your password manager does not get compromised
saying "it actually does" is a bit of absolutist stretch...
I may be an outlier, but I certainly remember 10+ 20-25 character random full-printable-ASCII passwords, some of which don't let a password manager handle them, others which I don't want to have in a manager. And then there's my password manager master password, which is close to 70 characters long.
And I have shitty memory—I wouldn't be able to remember what happened more than a few days ago if my life depended on it.
Nitpick: Zero does not have a magnitude, so "a margin of error" is not remotely well-defined here.
Most of the passwords probably won't get added to the HIBP password list either, since only plaintext passwords ever end up on that list, and MyFitnessPal claims that most of the passwords in their database were hashed with Bcrypt. (So probably difficult to crack.)
Yup. These days I get a ton of break-in attempts for random accounts. My Epic Games account is disabled weekly due to failed login attempts from random actors.
Use a password manager and 2fa folks!
Everyone has this (source: some thread on Reddit with a bunch of "me too" answers). It's a bug with their system and I don't think they know about it/care/(?)
Confident about that? It's certainly not the only service I get break in attempts on, fwiw
It looks like you can still sign in even if your account is "locked" which further adds to the theory that it is a bug.
Here are a few threads with a bunch of "me too"s.