Bitcoin Forum
December 15, 2017, 12:51:42 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Is it OK to for a website owner to bruteforce password hashes?  (Read 608 times)
Apache
Newbie
*
Offline Offline

Activity: 11


View Profile
October 11, 2013, 09:52:13 PM
 #1

I'd like to communities opinion on this. This is a hypothetical situation..... Wink

Do you guys think its OK (legally or morally) for a website owner to bruteforce the password hashes of a number of users of their website, and then use the resulting passwords to access their accounts on other websites and email addresses?

Do you think it makes a difference if its part of an investigation into possible scamming?

Do you think it makes the website owner less trustworthy?

What if the website owner is being trusted with millions of dollars worth of BTC?

Do you think its worse if the owner gave the hashes to someone else and paid them bruteforce it?

What if you had proof that a website owner did this, would you prove it to the community?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Nixsy
Full Member
***
Offline Offline

Activity: 150



View Profile WWW
October 11, 2013, 09:55:31 PM
 #2

Completely immoral, Horribly wrong and possibly illegal. If you are a web master/ site owner you should not have to ask these questions.

BurtW
Legendary
*
Offline Offline

Activity: 2114

All paid signature campaigns should be banned.


View Profile WWW
October 11, 2013, 09:55:48 PM
 #3

Why all the crap?  Spit it out.  Present your proof.  Get on with it.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
pedrog
Legendary
*
Offline Offline

Activity: 1652



View Profile
October 11, 2013, 10:20:28 PM
 #4


oser41eric
Hero Member
*****
Offline Offline

Activity: 502


View Profile
October 11, 2013, 10:24:49 PM
 #5

Do you guys think its OK (legally or morally) for a website owner to bruteforce the password hashes of a number of users of their website, and then use the resulting passwords to access their accounts on other websites and email addresses?
 

It is not OK, it is dumb to bruteforce the password hashes of a number of users of their website, because before the password was hashed, the password was known to the website owner  Tongue
BurtW
Legendary
*
Offline Offline

Activity: 2114

All paid signature campaigns should be banned.


View Profile WWW
October 11, 2013, 10:57:44 PM
 #6

Do you guys think its OK (legally or morally) for a website owner to bruteforce the password hashes of a number of users of their website, and then use the resulting passwords to access their accounts on other websites and email addresses?
 

It is not OK, it is dumb to bruteforce the password hashes of a number of users of their website, because before the password was hashed, the password was known to the website owner  Tongue
Not if the password was hashed by the client.  In this case the unhashed password is never available to the server.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
fattypig
Full Member
***
Offline Offline

Activity: 224



View Profile WWW
October 12, 2013, 02:31:53 AM
 #7

I'd like to communities opinion on this. This is a hypothetical situation..... Wink

Do you guys think its OK (legally or morally) for a website owner to bruteforce the password hashes of a number of users of their website, and then use the resulting passwords to access their accounts on other websites and email addresses?

Do you think it makes a difference if its part of an investigation into possible scamming?

Do you think it makes the website owner less trustworthy?

What if the website owner is being trusted with millions of dollars worth of BTC?

Do you think its worse if the owner gave the hashes to someone else and paid them bruteforce it?

What if you had proof that a website owner did this, would you prove it to the community?

I don't get it, why you wanna hack yourself? don't you already have password for all of them?

johnniewalker
Legendary
*
Offline Offline

Activity: 896



View Profile
October 12, 2013, 05:06:11 AM
 #8

Of course its not ok. I remember Yahoo wouldn't even release the password of a dead soldier to his family. If I had evidence of it of course I'd share it with the community.
Shallow
Sr. Member
****
Offline Offline

Activity: 280


View Profile
October 12, 2013, 05:30:12 AM
 #9

What kind of a question is this  Huh

bludstem
Member
**
Offline Offline

Activity: 70



View Profile
October 12, 2013, 08:37:53 AM
 #10

No ethical web designer would ever exploit user accounts in any way let alone cracking passwords. It is wrong of any webmaster to want to crack their user's passwords on more levels than I can even fathom. I would never recommend any behavior of this nature. I also do not recommend abusing a user's trust in any other way either.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!