Re: Re: Re(3): Filtering potentially dangerous URI schemas in <a href="...">


Perl-Sensitive Sunglasses
	PerlMonks

Re: Re: Re(3): Filtering potentially dangerous URI schemas in <a href="...">

by zigdon (Deacon)

on Oct 22, 2002 at 14:01 UTC ( [id://207079]=note: print w/replies, xml )

Need Help??

in reply to Re: Re(3): Filtering potentially dangerous URI schemas in <a href="...">
in thread Filtering potentially dangerous URI schemas in <a href="...">

By the way, just to make the point, it's very easy to crack hashed passwords. This password was hashed using DES (not MD5, which is harder), and took a mere 21 hours to crack. msg me if you really don't believe me that I got it.

But it doesn't matter how long it take to crack passwords. Since it involves NO manual effort, I could have left it running for weeks, until it eventually cracked. Saying "it's too difficult to do for the vast majority of hackers", is just plain wrong. It's very very very simple to do.

That's why you never want your hashed passwords reveiled. Aside from the fact, as dog an pony showed, that sometimes you don't need to crack the hash in order to use it. Also, do you really keep seperate passwords on each site you go to? A lot of people don't.

-- Dan

Comment on Re: Re: Re(3): Filtering potentially dangerous URI schemas in <a href="...">

Replies are listed 'Best First'.

Re: Re: Re: Re(3): Filtering potentially dangerous URI schemas in <a href="...">
by hackmare (Pilgrim) on Oct 23, 2002 at 08:04 UTC

Cool! I'm impressed with the level of effort!

Well, at the very least, after this exchange on which I have been shown wrong on every point I have made (except the need to disallow user-supplied javascript), I now have plenty of ammunition to back up my future arguments about the ease of cracking passwords based on the wrong mechanism.

Thanks for going through the trouble to be rigorous on this.

hackmare.

[reply]

In Section Perl Monks Discussion