Thread: Password Checker

  1. #16
    Banned master5001's Avatar
    Join Date
    Aug 2001
    Location
    Visalia, CA, USA
    Posts
    3,685
    Tbh, given the simplicity of what he is doing... md2 would probably be sufficient.

  2. #17
    Registered User C_ntua's Avatar
    Join Date
    Jun 2008
    Posts
    1,853
    Quote Originally Posted by master5001 View Post
    > Security holes over the network are always shortcomings of the programmer, be it in design or implementation of the software.
    Since you brought it up, can you guys name some common mistakes someone would do in terms of security?

  3. #18
    Banned master5001's Avatar
    Join Date
    Aug 2001
    Location
    Visalia, CA, USA
    Posts
    3,685
    Actually, it may not seem apparent in terms of security, but the retarded code in my signature is a great example of where many flaws start. When it comes to sending information over a network many times information can be leaked in the form of uncleared memory buffers. The more complex a program becomes, the more room there becomes to make mistakes that can leak information in one way or another.

    And for the record, I was quoting CornedBee.

  4. #19
    Registered User C_ntua's Avatar
    Join Date
    Jun 2008
    Posts
    1,853
    I know, but I was bored to scroll up and quote the original message.
    Can you give me a short example how can a buffer overflow help somebody steal a password? I have read some examples how buffer overflow can cause someone to hack a computer system, but those examples required the user to know very well where the overflowed information where stored, thus have access to the machine. But through a network?

  5. #20
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    I see three buffer overflows, by the way. gets() overflows line. sprintf() overflows output. printf() fetches arguments that aren't there if line contains any format specifiers.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  6. #21
    Banned master5001's Avatar
    Join Date
    Aug 2001
    Location
    Visalia, CA, USA
    Posts
    3,685
    Good eye. She even noted the all important last point. Little things like these are all seemingly retardedly obvious in my example, however these come up all the time in real code and go virtually undetected. Imagine if you ship a program that has the last error that CornedBee identified within your code and you didn't even notice it! Imagine if someone realized that fact and maged to loftily use a %s or something to make it possible to cause a DOS attack. So even though my code is amusing, the unhilarious part of it is that these are all very common problems.

  7. #22
    Banned master5001's Avatar
    Join Date
    Aug 2001
    Location
    Visalia, CA, USA
    Posts
    3,685
    Quote Originally Posted by C_ntua View Post
    But through a network?
    It is not as common of an issue with buffer overflows, however it is not uncommon for programmers to have one buffer being used for sending data across a network. Becoming overly lazy about guarding what information is in that buffer is an easy temptation. One could use the same buffer that they are always using in the send() function to also be gathering personal information for parsing as well. It is not unheard of to have "extra crap" at the end of a buffer retrieved with recv() when people are careless about buffer content. Plus zeroing out a buffer with each use is a slow process. Laziness and carelessness are really the two big foes in network programming.

  8. #23
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Quote Originally Posted by master5001 View Post
    Beautiful. That is my thinking about this subject too. Though even one way hashes that are sent over a network still suffer potential cracking by someone with direct access to the program executing the algorithm. Granted it takes some disassembling genious. But where there is a will... there is a way.
    Knowing the algorithm is only a small portion of the cracking of hashed passwords. Since you can't reverse back to the actual password, you will have to either guess (which is easy for weak passwords, but not so easy for good passwords), or brute force it - which is really long work even on a modern processo.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. A tenet connection from a C program..
    By ahmd2080 in forum Linux Programming
    Replies: 2
    Last Post: 07-04-2009, 03:42 AM
  2. Problem reading a password from a file.
    By medeshago in forum C Programming
    Replies: 15
    Last Post: 12-21-2008, 07:20 AM
  3. [Q]Hide Password
    By Yuri in forum C++ Programming
    Replies: 14
    Last Post: 03-02-2006, 03:42 AM
  4. written command line password generator
    By lepricaun in forum C Programming
    Replies: 15
    Last Post: 08-17-2004, 08:42 PM
  5. password
    By hammers6 in forum C Programming
    Replies: 1
    Last Post: 10-10-2001, 12:14 AM