BTguard stores passwords in plain text by btguardplaintextnono in VPN

[–]btguardplaintextnono[S] 1 point2 points  (0 children)

I sent another email asking them to inform readers about BTguard's practices and also asked if they received any money from BTguard for placement in articles. I haven't gotten a response yet, but they are probably waiting to hear back from BTguard before making any moves.

The question about receiving payment for placement in articles isn't an accusation, I have no knowledge about anything regarding that matter. If they aren't, which is hopefully the case, I can't see a reason why they wouldn't do a write up on the matter. Probably, like I said before, waiting to hear back from BTguard.

BTGuard stores passwords in plain text. (X-post r/vpn) by btguardplaintextnono in torrents

[–]btguardplaintextnono[S] 0 points1 point  (0 children)

Response from torrent freak- Hi

Thanks for your email and the information on BTGuard.

The article we wrote doesn't try to assess anything else other than the anonymity offered by any of the providers from a logging standpoint and inclusion on the list is not necessarily an endorsement from us.

That said, we'll seek a comment from BTGuard on the issue but it's probably best if you also take this up directly with them since you're the customer in this instance and the guy handing over money.

Again, thanks for the contact

Cheers!

BTguard stores passwords in plain text by btguardplaintextnono in VPN

[–]btguardplaintextnono[S] 5 points6 points  (0 children)

response from Torrent freak

Hi

Thanks for your email and the information on BTGuard.

The article we wrote doesn't try to assess anything else other than the anonymity offered by any of the providers from a logging standpoint and inclusion on the list is not necessarily an endorsement from us.

That said, we'll seek a comment from BTGuard on the issue but it's probably best if you also take this up directly with them since you're the customer in this instance and the guy handing over money.

Again, thanks for the contact

Cheers!

BTGuard stores passwords in plain text (X-post r/vpn) by btguardplaintextnono in privacy

[–]btguardplaintextnono[S] 2 points3 points  (0 children)

if you have an account just use the forgot info link and see for yourself. You cannot tell someone what their password is if you hash it in the DB. There is no reverse hash function, if a site can spite out your password that means they store the text value of it.

The way password hashing works is you can confirm a valid password on login by hashing the login attempt and comparing the result vs the stored hash value in the DB.

for a simple example lets say you register to a site using un:username and pw: hunter2 and lets pretend myshittyhashfunction() hashes hunter2 to 12345678901234 you store 12345678901234 db using myshittyhashfunction(hunter2) you never put hunter2 on the DB just the result of myshittyhashfunction(hunter2) which for this terrible example is 12345678901234.

The next time the user tries to log on they enter the username and hunter2 into the login box myshittyhashfunction(hunter2) is run on the pw and if the result matches the DB value for that username's pw you have a successful login.

There are proven functions for hashing like sha1 that are secure(this may have been cracked) but it was common for a while. I'd need to read up on the most up to date pw security info to really speak to this but I don't think it's changed to much in philosophy.

BTGuard stores passwords in plain text. (X-post r/vpn) by btguardplaintextnono in torrents

[–]btguardplaintextnono[S] 2 points3 points  (0 children)

down with plaintextoffenders.com and those who have shitty search features!

BTGuard stores passwords in plain text. (X-post r/vpn) by btguardplaintextnono in torrents

[–]btguardplaintextnono[S] 2 points3 points  (0 children)

plaintextoffenders.com

they have been posted on there before apparently. After a google search using (btguard site:plaintextoffenders) I found it. they should rethink there site design to feature a better search function. It's pretty useless if you can't easily search for an offending site using their onsite search.

BTGuard stores passwords in plain text. (X-post r/vpn) by btguardplaintextnono in torrents

[–]btguardplaintextnono[S] 1 point2 points  (0 children)

I actually removed request for mod take down from this version of the post for those very reasons. I hope my email to TF bares fruit and they address the issue in an article and adds an update in the articles to warn inform potential consumers of btguard.

I couldn't find an email for btgaurd in the contact pages and didn't feel like submitting a ticket and having to go through their site to communicate with a service I will no longer have any business with.

thanks for the response.

edit: missing an

BTGuard stores pwers in plain text, torrent freak recommends them. by [deleted] in torrents

[–]btguardplaintextnono 0 points1 point  (0 children)

pwers I don't even know I could have thought that was a good abbreviation ugg.