Bitcoin Forum
December 06, 2016, 10:28:32 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Your Facebook Account has Three Passwords - WTF?  (Read 938 times)
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
May 03, 2012, 10:36:26 AM
 #1

So, as seen here: http://www.labnol.org/internet/facebook-account-passwords/21241/ your facebook account has 3 passwords.

Read the article first and then come back to comment on this...

I wonder what kind of salting and hashing are they using... 3 hashes for each password, or no salting/hashing at all and they just see your facebook password in plain text, and consequently, for at least 50% of users, all of their other passwords?

Facebook is funny Tongue

1481020112
Hero Member
*
Offline Offline

Posts: 1481020112

View Profile Personal Message (Offline)

Ignore
1481020112
Reply with quote  #2

1481020112
Report to moderator
1481020112
Hero Member
*
Offline Offline

Posts: 1481020112

View Profile Personal Message (Offline)

Ignore
1481020112
Reply with quote  #2

1481020112
Report to moderator
The forum was founded in 2009 by Satoshi and Sirius. It replaced a SourceForge forum.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481020112
Hero Member
*
Offline Offline

Posts: 1481020112

View Profile Personal Message (Offline)

Ignore
1481020112
Reply with quote  #2

1481020112
Report to moderator
1481020112
Hero Member
*
Offline Offline

Posts: 1481020112

View Profile Personal Message (Offline)

Ignore
1481020112
Reply with quote  #2

1481020112
Report to moderator
1481020112
Hero Member
*
Offline Offline

Posts: 1481020112

View Profile Personal Message (Offline)

Ignore
1481020112
Reply with quote  #2

1481020112
Report to moderator
pieppiep
Sr. Member
****
Offline Offline

Activity: 402



View Profile
May 03, 2012, 12:25:38 PM
 #2

Confirmed Smiley

Weird.
I understand the complete case switch for when the capslock is on. But why would you just switch the case of the first character?
Carlos L.
Legendary
*
Offline Offline

Activity: 952


View Profile
May 03, 2012, 12:46:38 PM
 #3

Confirmed Smiley

Weird.
I understand the complete case switch for when the capslock is on. But why would you just switch the case of the first character?

We accept three forms of the user’s password to help overcome the most common reasons that authentic logins are rejected. In addition to the original password, we also accept the password if a user inadvertently has caps lock enabled or their mobile device automatically capitalizes the first character of the password.
Valalvax
Sr. Member
****
Offline Offline

Activity: 439


View Profile
May 03, 2012, 05:27:41 PM
 #4

Basically, an extremely minor reduction in your security to drastically lower tech support tickets...
dpifke
Newbie
*
Offline Offline

Activity: 12



View Profile
May 03, 2012, 10:13:06 PM
 #5

I wonder what kind of salting and hashing are they using... 3 hashes for each password, or no salting/hashing at all and they just see your facebook password in plain text, and consequently, for at least 50% of users, all of their other passwords?

Most big sites use either bcrypt or PBKDF2 for password hashing.  The latter because it's standards-based, the former because it's designed to be difficult to implement in hardware and thus slow to crack.





Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
May 03, 2012, 10:42:45 PM
 #6

I wonder what kind of salting and hashing are they using... 3 hashes for each password, or no salting/hashing at all and they just see your facebook password in plain text, and consequently, for at least 50% of users, all of their other passwords?

Most big sites use either bcrypt or PBKDF2 for password hashing.  The latter because it's standards-based, the former because it's designed to be difficult to implement in hardware and thus slow to crack.

Yes, but my real doubt is if they are really storing 3 hashes for each password or just storing them in plain text... Wink

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!