|
CoinLenders and CoinChat hashes passwords.
CoinLenders also salt passwords.
CoinLenders also hashes your password in your browser with Javascript.
I cannot access your password (unlike what gweedo is claiming) on CoinLenders. I can only access the hash which is useless if it has been salted with a strong hash.
Gweedo is spreading FUD that I don't do this. He is posting a misleading screenshot out of context. I DO hash passwords. I don't salt them for CoinChat, but they are hashed.
As I am tired of saying the same thing again and again, this is now my stock response.
|
|
|
|
|
It's out of context because I do hash passwords. I said that in that thread. However, you don't include that portion, which makes people think I don't hash passwords (when I do).
|
|
|
|
|
CoinLenders and CoinChat hashes passwords.
CoinLenders also salt passwords.
CoinLenders also hashes your password in your browser with Javascript.
I cannot access your password (unlike what gweedo is claiming) on CoinLenders. I can only access the hash which is useless if it has been salted with a strong hash.
Gweedo is spreading FUD that I don't do this. He is posting a misleading screenshot out of context. I DO hash passwords. I don't salt them for CoinChat, but they are hashed.
As I am tired of saying the same thing again and again, this is now my stock response.
|
|
|
|
|
CoinLenders and CoinChat hashes passwords.
CoinLenders also salt passwords.
CoinLenders also hashes your password in your browser with Javascript.
I cannot access your password (unlike what gweedo is claiming) on CoinLenders. I can only access the hash which is useless if it has been salted with a strong hash.
Gweedo is spreading FUD that I don't do this. He is posting a misleading screenshot out of context. I DO hash passwords. I don't salt them for CoinChat, but they are hashed.
As I am tired of saying the same thing again and again, this is now my stock response.
|
|
|
|
|
That's for coinchat, not CoinLenders. I posted proof that CoinLenders does hash and salt.
In fact check the client JS, it's hashed right in your browser.
Just more FUD from gweedo as usual.
|
|
|
|
|
Besides, if you ARE using the same password for more than one site / don't use a password manager / etc, you need to fix that.
|
|
|
|
When did images become FUD and untrustworthy? I am not abusing any trust system, apparently he is very sensitive with this. He has extorted me to abuse the trust, he thinks he can hack me, and he just calling me untrustworthy which is slander.
This is a warning! Don't use these sites, TF can access your password at anytime! And take over your other accounts. Which is untrue. Your image shows that I don't salt passwords for CoinChat. I hash passwords with SHA256. So I cannot access your password at any time. That's an outright lie. For other sites I always salt at least. No His ratings are red because you are in " DefaultTrust" That's my point? My ratings show up my default, his doesn't. |
|
|
|
|
That's for coinchat, not CoinLenders. I posted proof that CoinLenders does hash and salt.
In fact check the client JS, it's hashed right in your browser.
Just more FUD from gweedo as usual.
|
|
|
|
Why are you guys abusing trust system for no reason?
He's posting FUD (such as claiming that I don't hash or salt), when that's plainly untrue (your password is hashed in your browser for CoinLenders) which is untrustworthy. That's not very different from false scammer accusations, which would get you a negative trust rating. Go claim John K is a scammer (when it is untrue) and see what your trust score looks like later for example. Or claim that a web hosting company scammed you when you haven't purchased anything. Intentionally misleading statements are untrustworthy. |
|
|
|
By hard proof, gweedo means that he wants the full source code and database of CoinLenders. I wonder what legitimate reasons he has for wanting the database?  I've already found vulnerabilities in them. It's simple, provide me with a written & signed contract authorizing penetration testing on your site. The negative trust rating shows up for everyone by default, your negative trust rating shows up for no one except you. I suggest making a new throwaway and seeing what your profile looks like. |
|
|
|
|
VIP can't make red icons. Only moderators and admins are supposed to. Move to a new topic if you want to talk about that.
Just so people know, I've already shown I hash and salt your passwords for CoinLenders (it's actually hashed twice, once at your client and once on the server). gweedo is just spreading FUD.
Also, keep in mind that CoinLenders and Inputs.io are one of the very few Bitcoin sites that handles more than 10k BTC and hasn't been hacked. A lot others have been - some of them I found vulnerabilities in them myself (and reported of course).
|
|
|
|
So your going to believe him if one of his sites doesn't have for sure, I am 100% none of his sites do. Just a programming hence, I use the same template for all my sites, and 99% of programmers do. So yeah. If you believe him then good for you, but I am not.
Yeah good luck using a Node.js template for PHP  FUD like this is why you have a negative trust rating. I've already shown the source code function for CL. |
|
|
|
Yeah, I can see why you want to protect your reputation even through you code vulnerable sites.  While wanting the full source code and database of coinlenders as proof. Also, my challenge for you to do the red icon still stands (create a new thread, this is about coinlenders). |
|
|
|
Please provide me with a written & signed contract to pentest your site and I will post the vulnerabilities. I don't think anyone will hire you as a programmer anymore after that through. The icon for this message, which is reserved for moderators and administrators, is just a testament to my web dev & security skills (try doing the same and failing  ) |
|
|
|
You're the one who spread FUD about me, I'm just doing the same except I'm not making things up unlike you |
|
|
|
It was just odd to see that as I haven't (though I am limited on my PHP knowledge) ever seen it like that before, lol. So is gweedo @gweedo, do you want me to bring up the critique of your coding skills someone did in the newbie section and pointed out like 8 flaws? Also, I found a vulnerability on your website in about 2 minutes. Just saying. |
|
|
|
== and != means they are equal === and !== means they are identical For ==, if something isn't identical, PHP will try and make them equal by converting in types. For example, by converting the string '00000' into the number zero, and '000000000' into the number zero, which matches. For your specific example (5+9 != 6+3), PHP will first work out the values of the left hand and right hand side (9) and then compare if 9 is equal in value to 9. Also, @gweedo if you still think I suck at web development theymos can attain to the fact that I reported a vulnerability that gives me powers reserved by moderators earlier today |
|
|
|
Well this starting to look like pirateat40. If your doing nothing wrong then you should certainly be able to keep your cool and prove me wrong, one function doesn't do that sorry.
What do you think a function showing I am hashing passwords prove with salting? Anyway, he's just here because he wants to spread FUD about me - but there's tools to defend about that, because spreading FUD is untrustworthy. |
|
|
|
Little off-topic but shouldn't it be
if($password1 != $password2) { //stuff here}
??
Still a newbie at PHP but I learn as I go, :p.
Nah. PHP is a weakly typed language. According to PHP: NULL == false false == 0 So what's the problem? echo '000000' == '000'; -- 1 (true) Which means that if someone types the password 00000000 and 000, == (!=) would say they are equal, but === (!==) would not. |
|
|
|
|
I never thought you were whiskers75.
|
|
|
|
|
Show Posts
