• Welcome to The Cave of Dragonflies forums, where the smallest bugs live alongside the strongest dragons.

    Guests are not able to post messages or even read certain areas of the forums. Now, that's boring, don't you think? Registration, on the other hand, is simple, completely free of charge, and does not require you to give out any personal information at all. As soon as you register, you can take part in some of the happy fun things at the forums such as posting messages, voting in polls, sending private messages to people and being told that this is where we drink tea and eat cod.

    Of course I'm not forcing you to do anything if you don't want to, but seriously, what have you got to lose? Five seconds of your life?

Offensive passwords?

E

Ether's Bane

future Singaporean
Pronoun
he
First off, trigger warning for potential problematic content that may arise throughout this thread.

Okay, now that that's out of the way:

Are there any sanctions imposed against offensive passwords? (I'm assuming Butterfree can see all our passwords.) I was thinking of changing my password to a fairly offensive term (not because I have such sentiments, but because it's easy to remember), but I wasn't sure about the ruling on this, so I've asked.
 
well... nobody would see them except you anyway. I'm pretty sure passwords are encrypted and nobody can see them - you can't in Mod CP, anyway.
 
To elaborate a bit, what is actually stored in the database when you've provided a password is not the actual password you typed, but a hash - a long string of gibberish produced by running a particular type of mathematical function on the password. When you type in your password to log in, what happens is that the forum runs what you typed in through the same function (hashes it) and checks that the resulting gibberish matches the gibberish that it has in the database. Because that's how functions work, the same password will always result in the same hash when you've run the function on it - however, there is no function that can reverse the hash function and turn the hash back into the original password. This means that even though I could look up the hash of your password in the database, I could not find out your actual password, unless I were to "brute-force" it by trying every possible password until I get the right hash. (It's a little more complicated than that, because of "salting", but there's no need to go into that.)

Storing passwords in plaintext is horrifically dangerous, especially because people reuse the same password on many different sites all the time - even if you trust the administrator of the site completely to not hijack any of your accounts, if hackers manage to get into the database, they'll be able to see the passwords and take over your accounts in many different places.

So, long story short, no human being ever has access to your actual password, so it doesn't matter if it's offensive, a plot to overthrow my adminship, or whatever. Just make it strong.
 
You must log in or register to reply here.
Back
Top Bottom