For something like that, as long as it's not a shared pw...
Thu Nov 07, 2019 3:57am
it's probably fine (like you said.)
So, if someone was to figure out the salt for your passwords, would they be able to decrypt all passwords in your database?
Even with using an encryption library for the passwords, probably shouldn't be using any shared or important passwords here either.
If I ever get back to working on NeChat, I'll update it so passwords and ALL text conversations are at least encrypted at some strength using BCrypt so anyone with DB access can't actually read anything being done.
I didn't have any other option at the time. It's a clever and secureish way of doing things, but time has passed it by. Data goes to the server (a hole, I know) and gets hashed (using an old hash function), then stored in the database. I salted the hash, but I didn't know you should use different... more
For something like that, as long as it's not a shared pw...- Erik_,Thu Nov 07 2019 3:57am
up and have it figured out in maybe an hour's worth of computing time. (Now, back 10 years ago it was a couple years worth.)
I like to tell people there's three passwords that should be unique: Your bank, your Facebook, and your e-mail. Everything else, it's hard to do much irreversible damage. ... more
how secure I need it to be. Ex: level 1 top security would be unique hard passwords for work and banks and such. Then level 2 for middle ground and then easier level 3 passwords for stupid throw away stuff.
Even then though with having to reset passwords after x amount of time being more common,... more
I can't remember every password and my password manager isn't always accessible.
And if it's on the phone, it's not convenient for the computer. Too bad user accounts are so effective at preventing spam.