On Friday, May 24, 2002, at 03:33 , Egor Brandt wrote:
> but I wanna know everybody's password... I can't do without decrypting > them, can I, or are they gonna tell me when I simply ask? Depending upon the authentication 'service' there are a variety of ways you can hack them. Few of them use more than a 128bit encryption algorithm to begin with.... so why do you need to "know everybody's password"???? Most of the professional SysAdd's I know would prefer NOT to know them - nor to cache them - and would prefer merely to reset them when they can authenticate that the user is the person that they say they are. Part of the annoyance of the 'webGames' out there is that they want me to offer up a passwd to play on their site - and this means that in the lower risk categories re-using very old passwd generating algorithms. The really dopey part is that they are willing to send me back my 'passwd' - in plain text, by email.... yeah like as if that is gonna pass an Orange Book... A part of the problem we have with 'identity theft' issues is that YES most people ARE that stoopid, and will hand over the information without thinking about it, never mind that under american law your SSN can only be used for Tax Identification Purposes - and if the person asking, can not validate that there is a 'tax' related issue.... ciao drieux --- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
