Thursday, June 18, 2009

Si, si, Senora, but does the quick pulse of love beat when you see my shiny blue roller disco jacket?

Justamumof3 writes, Chiquitita apparently ignores

Hi Beowolf,

You don't know me, so let me introduce myself. G******** ****, age 45, computer programmer by profession since the days of punched cards, now retired on ill health, too much time on my hands!

(redacted walk through the resume) ....and I am concerned about the backup information that has been stolen. There are only a limited number of ways that a password can be encrypted (there are a few industry standard ways of doing i!), and it is possible to unencrypt it. (redacted ancient history regarding computers in the olden days, opposable thumbs, Gutenberg, writing with feathers, hoopskirts... this one's the Beachy of technology) ...but I could write a program to do it in a couple of days, and that program may then need to run for a week, or three weeks, to try every encryption key possible, but it would get there. (In my day it would have needed a Kray supercomputer, now a pc will do it). I don't know how the password was compromised, and I don't know how good a programmer nbrado is, how much of the history of IT he knows, and whether he would know encryption techniques and realise he could easily unencrypt - I know, because I am old, and started in the days when we still encrypted our own passwords on the systems we wrote!

I therefore don't know whether it is worth telling everyone to change their password, or could you force it with some setting on the forum? Is there a "change password every week" setting you could invoke as a temporary measure? (Even by accident, when trying to improve security, no need to panic obviously, not done deliberately?)
I am afraid that a few more "impersonations" could ruin a forum I enjoy posting in, but I am also aware that telling people that their security has been compromised is also not good for the forum.

Anyway, over to you, I would not post this in the forum as I don't feel spreading panic is the way to go, your life is hard enough as it is - and you know nbrado and know whether he has the ability to unencrypt.

1 comment:

  1. Nbrado did not take this database dumbo.

    Why are they so thick?

    This is a recent pm. There is no security.

    You are not being told the truth.

    ReplyDelete