Its worthwhile reading Caitlin on the matter (as it is for every matter)
She correlates the partly obvious bait with the desire to weaponize space
psilocybin
joined 2 years ago
I have no idea how to interpret your comment
I think you're taking it too personal.
If it makes you feel better, for me its not about the phenomenon at all.
Its about the source not having any credibility when topics touching militarism and war are concerned.
And since an interest exists to weaponize space and this narrative fits the bill it might be true or not, but a comitte hearing, the pentagon or the intelligence community are as helpful in finding the truth as blindly guessing.
You should not be able to decrypt a password, passwords aren't encrypted but hashed, they would be insecure would they be encrypted.
Hashing differs from encryption in that it is irreversible, because two or more strings might result in the same hash if the hashing function is applied to them (hashing is not injective).
But since your password will always yield the same hash you can compare the two hashes and if they are equal you are considered authenticated. If you try to log in with a different password (or even the hash of the correct password) then it will produce a different hash resulting in a failed authentication attempt
The way crackers get a password if they have the hash is by guessing pw candidates and using the hash function on them, if its the same as the hash they have they found the/a valid password. The guessing can be quite involved and with enough time and data about a victim often 12-13 digit passwords with special characters and all can be cracked - If the victim used a somewhat mnemonic pw that is. Generated pws from a password safe are much safer (but usually also longer).
In your case I suspect MS was storing a history of hashes which is not advisable as it gives potential crackers more to work with, but its way less bad then storing plain text or encrypting passwords
Sure if the means of authorising a password change is your old pw then everythings fine
You're right ofc if you wanted to make a general remark, but wrong if you thought that was what I was implying. Never store hash histories, kids!
This war could not be more clear in who is the aggressor
Ofc it could be clearer. For example: The US invasion of Iraq was a an actually unprovoked invasion
You're just late at learning about a border conflict at a time of horrible escalation and don't have anything but imperialist propagandaof a meddling party to draw conclusions from.
And no I don't have the emotional energy to spare to discuss it here I just want to signal much needed dissent to people stumbling over this thread
That's the point though.
You're not supposed to have the old password. If you had the old password you could just compare it to the new password.
The only way you can do it is to take the new password and make a hash for every possible single-character variation and compare them all to the old hash
I mean "because password hashes" is basically my original rational so not sure it qualifies as a counter argument.
But the link you provide is more explicit:
When the user enters the new password, the system generates the variations of the new password entered, hashes each one of them, and compares each hash against the old password's hash. If any of the hash matches, it throws an error. Else, it successfully changes the password
It is possible to hash all 1 character variations I guess, I kinda doubt that it is done often (does anyone know a library?).
I guess complexity increases linearly so password length is might not severely limit this mechanism. It would be interesting to see a calculation of how long it takes for a long password can to calculate all possibilities for 1 char variations for utf-8 or other charsets
Thanks for sharing the link!
How would they know how many digits changed? They don't store the password in cleartext.
Right?
...
Does it? Or is it just the foreplay for more endless checks for the pentagon to weaponize space