S1E15: "Backwards Passwords"

Posted
Modified
Comments 0

Navigation
Previous EpisodeNext Episode
Log
Recorded (UTC) Aired (UTC) Editor
2016-09-01 02:44:01 2016-09-12 03:45:00 "Edita"
Verification
Format SHA256 GPG Audio File
MP3 39745f71e836f9c83eeb9577468d02e03bd4f55dcf11fc99a44fb804df302077 click click
OGG 51f63b5ea03de77bf4d8cbe326bdebd9b4b238f495634b569b7e324d3f404dfd click click
Quicklisten:

A LOT about passwords (and we revisit the topic of HTTPS and general SSL/TLS auditing).

We mention it a lot during the intro- if you aren’t familiar with what The Game is, you should. (If you are, we both just lost.)

News

Starts at 5m41s.

Notes

Starts at 19m58s.

I was drinking water, but I mention Killian’s Red. Jthan was drinking Telluride’s Whacked Out Wheat. Paden was drinking Grant’s Family Reserve whisky.

  • Passwords are terrible. Let’s get that out of the way. (19m58s)
    • But we don’t really have anything “better” that can do what passwords do.
    • You need something: you can store in your brain instead of physical, you can change, can’t be stolen physically, isn’t biometrics (because lel).
    • It was also found that the department in question had no complexity requirements, just a rotation/expiration policy.
    • We also go on a tangent of how “previous password” detection might work- how many are authentication mechanisms storing it in plaintext, are there alternate ways besides a generated regex pattern or a simplified permutation being hashed, etc. If you’ve implemented this, please contact us!
    • The “luggage” reference is from Space Balls.
    • And as a kicker, we didn’t mention it in the show but I’m not convinced we should follow FTC’s concepts of ‘security’.

Sysbadministration Award

In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (50m42s)

So funny. Despite being changed, I’ve redacted out his old password to avoid wide exposure of his generation schema.

10:20:49< jedijf> paden: good luck
10:50:25< jthan> KyleYankan: I'm not actually. Been awhile.
11:28:17< jthan> [REDACTED]
11:28:24< jthan> that
11:28:25< jthan> is
11:29:36< r00t^2> your password
11:29:49< jthan> well
11:29:50< jthan> for one thing
11:29:54< jthan> OBVIOUSLY NOT ANYMORE

Errata

  • I said Jthan brought the Game back. I was wrong, after checking my logs- it was Paden. Oops.
  • The story Paden references during the intro is here.

Music

Music Credits
Track Title Artist Link Copyright/License
Intro Plumy Tale Dumbo Gets Mad click CC-BY-NC-SA 3.0
Outro Bollywood Blades Professor Kliq click CC-BY-NC-SA 3.0
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)

Author
Categories

Comments

There are currently no comments on this article.

Comment...

Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.