Bitcoin Forum
December 14, 2024, 06:26:44 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Is it OK to for a website owner to bruteforce password hashes?  (Read 731 times)
Apache (OP)
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
October 11, 2013, 09:52:13 PM
 #1

I'd like to communities opinion on this. This is a hypothetical situation..... Wink

Do you guys think its OK (legally or morally) for a website owner to bruteforce the password hashes of a number of users of their website, and then use the resulting passwords to access their accounts on other websites and email addresses?

Do you think it makes a difference if its part of an investigation into possible scamming?

Do you think it makes the website owner less trustworthy?

What if the website owner is being trusted with millions of dollars worth of BTC?

Do you think its worse if the owner gave the hashes to someone else and paid them bruteforce it?

What if you had proof that a website owner did this, would you prove it to the community?
Nixsy
Full Member
***
Offline Offline

Activity: 151
Merit: 100



View Profile WWW
October 11, 2013, 09:55:31 PM
 #2

Completely immoral, Horribly wrong and possibly illegal. If you are a web master/ site owner you should not have to ask these questions.

BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1138

All paid signature campaigns should be banned.


View Profile WWW
October 11, 2013, 09:55:48 PM
 #3

Why all the crap?  Spit it out.  Present your proof.  Get on with it.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
pedrog
Legendary
*
Offline Offline

Activity: 2786
Merit: 1031



View Profile
October 11, 2013, 10:20:28 PM
 #4


oser41eric
Hero Member
*****
Offline Offline

Activity: 501
Merit: 500


View Profile
October 11, 2013, 10:24:49 PM
 #5

Do you guys think its OK (legally or morally) for a website owner to bruteforce the password hashes of a number of users of their website, and then use the resulting passwords to access their accounts on other websites and email addresses?
 

It is not OK, it is dumb to bruteforce the password hashes of a number of users of their website, because before the password was hashed, the password was known to the website owner  Tongue
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1138

All paid signature campaigns should be banned.


View Profile WWW
October 11, 2013, 10:57:44 PM
 #6

Do you guys think its OK (legally or morally) for a website owner to bruteforce the password hashes of a number of users of their website, and then use the resulting passwords to access their accounts on other websites and email addresses?
 

It is not OK, it is dumb to bruteforce the password hashes of a number of users of their website, because before the password was hashed, the password was known to the website owner  Tongue
Not if the password was hashed by the client.  In this case the unhashed password is never available to the server.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
fattypig
Full Member
***
Offline Offline

Activity: 224
Merit: 100



View Profile WWW
October 12, 2013, 02:31:53 AM
 #7

I'd like to communities opinion on this. This is a hypothetical situation..... Wink

Do you guys think its OK (legally or morally) for a website owner to bruteforce the password hashes of a number of users of their website, and then use the resulting passwords to access their accounts on other websites and email addresses?

Do you think it makes a difference if its part of an investigation into possible scamming?

Do you think it makes the website owner less trustworthy?

What if the website owner is being trusted with millions of dollars worth of BTC?

Do you think its worse if the owner gave the hashes to someone else and paid them bruteforce it?

What if you had proof that a website owner did this, would you prove it to the community?

I don't get it, why you wanna hack yourself? don't you already have password for all of them?

johnniewalker
Legendary
*
Offline Offline

Activity: 896
Merit: 1000



View Profile
October 12, 2013, 05:06:11 AM
 #8

Of course its not ok. I remember Yahoo wouldn't even release the password of a dead soldier to his family. If I had evidence of it of course I'd share it with the community.
Shallow
Sr. Member
****
Offline Offline

Activity: 938
Merit: 255


SmartFi - EARN, LEND & TRADE


View Profile
October 12, 2013, 05:30:12 AM
 #9

What kind of a question is this  Huh

████
██
██
██
██
██
██
██
██
██
██
██
████
...The Open..............
...Lending Platform...
████
████
████
████
████
████
████
████
████
████
████
████
████
▄▄█████████▄▄
▄█████████████████▄
▄██████████▀▀▀▀███████▄
█████████▀        ███████
████████▀        ▄█████████
█████████       ▄▀▀██████████
█████████     ▄▀   ▀█████████
██████████  ▄▀      █████████
█████████▀▀       ▄████████
███████        ▄█████████
▀███████▄▄▄▄██████████▀
▀█████████████████▀
▀▀█████████▀▀
.SMARTFI..████
████
████
████
████
████
████
████
████
████
████
████
████
...Join the SmartFi.....
...Token Sale...
████
██
██
██
██
██
██
██
██
██
██
██
████
████████████████████████████
████████████████████████████
████████████████████████████
█████████████████▀▀  ███████
█████████████▀▀      ███████
█████████▀▀   ▄▄     ███████
█████▀▀    ▄█▀▀     ████████
█████████ █▀        ████████
█████████ █ ▄███▄   ████████
██████████████████▄▄████████
████████████████████████████
████████████████████████████
████████████████████████████
████████████████████████████
████████████████████████████
████████████████████████████
████████▀▀▄██████▄▀▀████████
███████  ▀        ▀  ███████
██████                ██████
█████▌   ███    ███   ▐█████
█████▌   ▀▀▀    ▀▀▀   ▐█████
██████                ██████
███████▄  ▀██████▀  ▄███████
████████████████████████████
████████████████████████████
████████████████████████████
bludstem
Member
**
Offline Offline

Activity: 70
Merit: 10



View Profile
October 12, 2013, 08:37:53 AM
 #10

No ethical web designer would ever exploit user accounts in any way let alone cracking passwords. It is wrong of any webmaster to want to crack their user's passwords on more levels than I can even fathom. I would never recommend any behavior of this nature. I also do not recommend abusing a user's trust in any other way either.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!