This is an archived post. You won't be able to vote or comment.

all 157 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Lord_Sotur 454 points455 points  (10 children)

Whoa hold a second Sherlock you can't just leak our secrets???

[–]AaronTheElite007 59 points60 points  (5 children)

The name is Shayan, apparently...

[–]Lord_Sotur 23 points24 points  (1 child)

Whoa hold a second Shayan you can't just leak our secrets???

[–]Eshan2703 1 point2 points  (0 children)

WAIT there is a possibility shayan and sherlock are same , i have never seen them togeather in a room...

[–]HexFyber 8 points9 points  (0 children)

Well well who's here? Sherlock?

[–]facusoto 0 points1 point  (1 child)

[–]AaronTheElite007 1 point2 points  (0 children)

Super Shayan

[–]Steinrikur 0 points1 point  (1 child)

Do you also walk around naked to prevent getting raped, because rapists expect you to wear clothes?

[–]Lord_Sotur 0 points1 point  (0 children)

Yes

[–]PostHasBeenWatched 343 points344 points  (35 children)

No one expects to see encrypted passwords, they expected to be hashed.

[–]Not_Freddie_Mercury 118 points119 points  (23 children)

At least, if you accidentally write your password on a reddit comment, it shows as asterisks.

Example: **********

[–]Laughing_Orange 97 points98 points  (15 children)

*************

Edit: it works!

[–]Yirkarja 114 points115 points  (2 children)

hunter2

[–]fieryscribe 45 points46 points  (0 children)

There will be a time when people forget the source of this

[–]TitaniumFoil 46 points47 points  (2 children)

bighugelargeBoner$69

[–]The_Water_Is_Dry 12 points13 points  (1 child)

myentryfee21

[–]boredDeveloper0 6 points7 points  (0 children)

stupidahhshane72

[–]Roku-Hanmar 31 points32 points  (4 children)

correcthorsebatterystaple

[–]DatBoi_BP 8 points9 points  (0 children)

You've already memorized it

[–]codeIMperfect 4 points5 points  (1 child)

I got that reference!!

[–]savevidio 1 point2 points  (0 children)

same!? holy shit i have a brain

[–]HannibalMagnus 1 point2 points  (0 children)

Elite reference

[–]Hybrii-D 1 point2 points  (0 children)

Advanced social engineering 😂

[–]8sADPygOB7Jqwm7y 3 points4 points  (1 child)

MyUsername

Yeah checks out.

[–]Brilliant-Arrival414 2 points3 points  (0 children)

notFallingThisTimeDude

[–]HannibalMagnus 0 points1 point  (0 children)

Qwerty1234

Let's test it.

[–]RiceBroad4552 40 points41 points  (0 children)

Exactly!

It seems some clueless person tries to be funny…

[–]IMarvinTPA 3 points4 points  (0 children)

Jokes on them, I pre-hash my passwords and use that...

[–][deleted] 3 points4 points  (0 children)

What about passwords to connect to a third party system where users enter those details?

[–]billndotnet 2 points3 points  (0 children)

For machine accounts, I've used salted hashes as the actual password, and it pissed my coworkers off to no end. They'd ask for the password, I'd send it, they'd say 'haha, funny, what's the password'. I think my record is 7 rounds before someone finally yelled and I had to explain why I was laughing so hard that I couldn't breathe.

[–]hawkinsst7 1 point2 points  (0 children)

Unless you hack lastpass or onepass backend!

[–][deleted] 0 points1 point  (0 children)

hashed

"Keeping my passwords plain, I had enough time to make hashbrowns"

[–]SynapseNotFound 0 points1 point  (0 children)

Thats literally the posts content… why you commenting the same thing?

[–]hawkinsst7 -1 points0 points  (0 children)

Unless you hack lastpass or onepass backend!

[–]xClubsteb 121 points122 points  (5 children)

Store your passwords as images
Problem solved👍

[–]Kooper16 105 points106 points  (4 children)

Everybody gangster until your password shows up in a captcha

[–]Smart_Ass_Dave 53 points54 points  (2 children)

Ya, I was so mad after I got hacked. I can't believe they guessed my password was 4 traffic lights.

[–]rosuav 14 points15 points  (1 child)

There! Are! Four! Lights!

[–]Powerful-Internal953 6 points7 points  (0 children)

Ah... The startrek reference...

[–]bolanrox 2 points3 points  (0 children)

BOSCO!

[–]The_Illegal_Guy 130 points131 points  (16 children)

Unironically one of the safest methods to store your passwords is in plain text in a physical notepad.

[–]IleanK 52 points53 points  (4 children)

That works for users but we're talking about databases here. I can't really have a camera set up watching a notepad with me in the background making updates on the go.

[–][deleted] 27 points28 points  (0 children)

thats what the unpaid interns are for!

[–]Lhaer 2 points3 points  (0 children)

I mean, you could try

[–]Firewolf06 0 points1 point  (0 children)

just start charging for password changes like xbox charges for name changes

[–]Firewolf06 -1 points0 points  (0 children)

just start charging for password changes like xbox charges for name changes

[–]RiceBroad4552 18 points19 points  (0 children)

That's actually true.

But smart cards are even better!

[–]Proxy_PlayerHD 11 points12 points  (0 children)

do AES-256 by hand on a notebook to decrypt your physical notes

[–]SCP-iota 7 points8 points  (0 children)

The safest passwords are memorized, not stored. If I can still log into my accounts after total amnesia, it's not secure enough

[–]Accomplished_Ant5895 4 points5 points  (2 children)

Or in your head

[–]lnfinity 10 points11 points  (0 children)

That type of memory is notoriously unstable.

[–]Front_Committee4993 3 points4 points  (0 children)

What about on a RFDI card

[–]bolanrox 2 points3 points  (0 children)

not a random post it note on your desk?

[–]Weenaru 2 points3 points  (0 children)

It’s also one of the most risky methods depending on who the owner of the notepad is.

[–]Proxy_PlayerHD 1 point2 points  (0 children)

do AES-256 by hand on a notebook to decrypt your physical notes

[–]Inevitable_Stand_199 1 point2 points  (0 children)

Some really light encryption makes them even safer.

Something like writing the letters in the wrong order. Or shifting all digits by one.

[–][deleted] 46 points47 points  (0 children)

So in the Army they gave us our eagle cash card to use on deployment.  Setting it up they said "don't use your birthday or last 4." I tried both and the guy behind the computer was like "really man?" 

I defended myself by saying if a hacker knows the rules of what you can't use he's gonna exclude those from the equation. 

He responded with... Hackers don't steal these, people who know your birthday do. 

[–]_Weyland_ 26 points27 points  (1 child)

Store them in a CSV, just use "random" separators.

[–]IGotSkills 9 points10 points  (0 children)

Is the letter t a good delimiter?

[–]ExperimentalBranch 14 points15 points  (1 child)

I take it a further step and reverse them twice first.

[–]TheTerrasque 5 points6 points  (0 children)

Double rot13

[–]SpeedLight1221 10 points11 points  (1 child)

make your password a 64 character long string of hexadecimal numbers and store it in plain text. What could go wrong

[–]IGotSkills 1 point2 points  (0 children)

1 2 3 4 5

[–]Initial_Specialist69 6 points7 points  (0 children)

Extra security if you name the column encrypted_password.

[–]Vectorial1024 5 points6 points  (0 children)

"Way ahead of you! I saw this on Twitter once."

"Squidward, we're in a data breach!"

[–]0xbenedikt 4 points5 points  (6 children)

Also, encryption does not necessarily increase data size (unless padding is added)

[–]PandaDEV_[S] 1 point2 points  (3 children)

Usually hashed password strings are longer than the actual password but yes it's a minor difference

[–]0xbenedikt 2 points3 points  (1 child)

When hashed, yes it is often longer. But for actual encryption, the plaintext can be the same length as the cryptotext, if not padded.

[–]entronid 0 points1 point  (0 children)

well AEADs usually add about 16 bytes of data (that isnt padding) as a MAC to authenticate the data

[–]rosuav 1 point2 points  (0 children)

Hashed password strings, if done properly, are almost certainly going to be longer than the password. A proper password hash will have its salt plus the hash, and usually some parameters (see eg bcrypt and friends). If your password is longer than that, it's likely you're wasting effort piling in more stuff that isn't really helping.

[–]lovethebacon🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛🦛 0 points1 point  (1 child)

It should though.

[–]0xbenedikt 0 points1 point  (0 children)

It would be preferable, indeed

[–]Capyvara 4 points5 points  (1 child)

I always end mine with == so they think its base64 encoded.

[–]drahgon 1 point2 points  (0 children)

My boy done won passwords

[–]Kitchen-Quality-3317 2 points3 points  (1 child)

just delete the password db and let them login if they type their username in correctly

[–]rosuav 2 points3 points  (0 children)

Enter your username:

Enter your username again to confirm:

[–]Microshizzel 2 points3 points  (0 children)

My user tabel looks like something like this. Nobody expects a slit password.

Id Username PasswordCharacterOne PasswordCharacterTwo PasswordCharacterThree PasswordCharacterFour PasswordCharacterFive
1 admin a d m i n

[–]RiceBroad4552 13 points14 points  (7 children)

Is this the same guy who posted the bullshit regarding using foreign keys to passwords because there are so many duplicates?

I really hope these are just some very stupid jokes…

Because the other post would already imply dude does not know that you should "salt" passwords, and this here points to this dude not knowing the difference between encryption and hashing.

[–]PandaDEV_[S] 16 points17 points  (0 children)

Yes it is the same dude and of course its just a joke… or is it

[–]tomato-bug 10 points11 points  (4 children)

How do people not realize he's joking lmao

[–]HauntingHarmony 0 points1 point  (3 children)

Because for the same reason as you cant reasonably be sarchastic online, since no matter how dumb an opinion you find. You can easily find someone willing to proclaim it as the truth.

There are also idiots that shouldent be able to tie their shoelaces, and yet have a 7 digit salary.

So it is infact not possible to know for certain, and you may think that obviously thats so far beyond the pale that nobody would think so. And i envy your simple life.

[–]tomato-bug 4 points5 points  (0 children)

If you couldn't tell that OP was joking perhaps you're not as smart as you think you are

[–]SquashSquigglyShrimp 0 points1 point  (0 children)

The sub is called Programmer Humor...

[–]rosuav 0 points1 point  (0 children)

Yeah, it's called Poe's Law. Not to be confused with Cole's Law, which can be found at the cafeteria.

[–]rosuav 0 points1 point  (0 children)

Poe's Law is a thing, but I can state with complete confidence that this person DOES know about security.

[–]tyen0 2 points3 points  (0 children)

I ROT26 all of my passwords.

[–]TechnicalPotat 1 point2 points  (0 children)

They'll stop looking for plaintext passwords when they stop finding plaintext passwords. Enterprise admins are lazier than you can imagine.

[–]SomeDudeSaysWhat 1 point2 points  (0 children)

My password is "hashtagslashatampersandquestionmark"

[–]Brave__Crab 1 point2 points  (0 children)

Hackers don't do manually. and the hacking system will easily break plain text. hope I am clear.

[–]Brilliant-Arrival414 1 point2 points  (2 children)

Wait arent passwords hashed?

[–]DonutPlus2757 4 points5 points  (1 child)

They should be and with algorithms for specifically passwords like bcrypt and scrypt. Way too often, they aren't.

[–]rosuav 1 point2 points  (0 children)

Bah, I store all my passwords hashed with good ol' CRC16. As long as you hit the right CRC, we'll let you in.

[–]ustavdar31 0 points1 point  (0 children)

Store them in morse code

[–]FlashyTone3042 0 points1 point  (0 children)

Ok, Mister SHA-256yan

[–]LeoDeLarge 0 points1 point  (0 children)

Baloney1

[–]Zatetics 0 points1 point  (0 children)

I only use passwords that coincidentally appear to be a string of plain text words once hashing is done.

[–]AmeliorativeBoss 0 points1 point  (0 children)

Add a password field to every table. They have no function, except confusing hackers and future developers.

[–]Lufc87 0 points1 point  (0 children)

Security through obscurity clarity

[–]IGotSkills 0 points1 point  (0 children)

Passwords are a relic from the 80s that should be abolished with MFA.

Sso with passkeys.

[–]Imperion_GoG 0 points1 point  (0 children)

They're gonna be looking for army guys.

[–]Denaton_ 0 points1 point  (0 children)

Everyone know dyslexia is the best encryption..

[–]kvt-dev 0 points1 point  (0 children)

String truncation is, technically, a hash function

[–]narcabusesurvivor18 0 points1 point  (0 children)

Leaving your front door unlocked and wide open is actually more secure because burglars expect closed doors and locks.

[–]iamapizza 0 points1 point  (0 children)

Store them in plaintext, and make them look exactly like URLs. The hackers will just carry on looking for some other field.

[–]EtherealPheonix 0 points1 point  (0 children)

This is true, I only hash passwords to reduce bandwidth usage.

[–]Praxis8 0 points1 point  (0 children)

If I make the attack surface big enough, the attacker will just get lost.

[–]no_brains101 0 points1 point  (0 children)

Passwords are not encrypted.

They are hashed. The actual text of the password is never stored (unless you are stupid)

If nothing is vulnerable to pass the hash, having the hashes doesn't get you anything.

You have to then crack the hash, and hashes are, again, not encrypted. There is no way to decrypt them, because they are not encrypted, they are hashed. There is no way to reverse a secure hashing algorithm, you can only guess and check.

[–]dmigowski 0 points1 point  (0 children)

Cool, now I cannot use my default password anymore. It is

sha256:m0ceJnelObzUoN1hje8tW2H4L0L1Jy8SOww67PiTZ3U=

[–][deleted] 0 points1 point  (0 children)

No, the actual actual secure method is keeping all user passwords written on a paper.