S1E15: "Backwards Passwords"

Posted
Comments 0

Navigation
Previous EpisodeNext Episode
Log
Recorded (UTC) Aired (UTC) Editor
2016-09-01 02:44:01 2016-09-12 03:45:00 "Edita"
Verification
Format SHA256 GPG Audio File
MP3 40c1df755a39def056f3441bf3660ab0dd9f4596e14d94290780968d482bc0b8 click click
OGG a6acc9ab0ab3e07cfb9673ba54247fe0bc33265060d90bf3fe94dfc57fe7e3b6 click click

A LOT about passwords (and we revisit the topic of HTTPS and general SSL/TLS auditing).

We mention it a lot during the intro- if you aren’t familiar with what The Game is, you should. (If you are, we both just lost.)

News

Starts at 5m41s.

Notes

Starts at 19m58s.

I was drinking water, but I mention Killian’s Red. Jthan was drinking Telluride’s Whacked Out Wheat. Paden was drinking Grant’s Family Reserve whisky.

  • Passwords are terrible. Let’s get that out of the way. (19m58s)
    • But we don’t really have anything “better” that can do what passwords do.
    • You need something: you can store in your brain instead of physical, you can change, can’t be stolen physically, isn’t biometrics (because lel).
    • It was also found that the department in question had no complexity requirements, just a rotation/expiration policy.
    • We also go on a tangent of how “previous password” detection might work- how many are authentication mechanisms storing it in plaintext, are there alternate ways besides a generated regex pattern or a simplified permutation being hashed, etc. If you’ve implemented this, please contact us!
    • The “luggage” reference is from Space Balls.
    • And as a kicker, we didn’t mention it in the show but I’m not convinced we should follow FTC’s concepts of ‘security’.

Sysbadministration Award

In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (50m42s)

So funny. Despite being changed, I’ve redacted out his old password to avoid wide exposure of his generation schema.

10:20:49< jedijf> paden: good luck
10:50:25< jthan> KyleYankan: I'm not actually. Been awhile.
11:28:17< jthan> [REDACTED]
11:28:24< jthan> that
11:28:25< jthan> is
11:29:36< r00t^2> your password
11:29:49< jthan> well
11:29:50< jthan> for one thing
11:29:54< jthan> OBVIOUSLY NOT ANYMORE

Errata

  • I said Jthan brought the Game back. I was wrong, after checking my logs- it was Paden. Oops.
  • The story Paden references during the intro is here.

Music

Music Credits
Track Title Artist Link Copyright/License
Intro Plumy Tale Dumbo Gets Mad click CC-BY-NC-SA 3.0
Outro Bollywood Blades Professor Kliq click CC-BY-NC-SA 3.0
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)

Author
Categories Season One

Comments

There are currently no comments on this article.

Comment...

Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.