Quote:
|
Originally Posted by Demon Dave
or maybe it was the fact that Yahwe was at Skiddy's house and used SKiddy's logged in Admin account while Skiddy was unconcious, as previously mentioned in the thread
|
I did read that but regarding to what i wrote, it doesnt matter how somebody gets access. The point is that there are always multiple ways how unwanted persons can gain access to stored passwords and therefore passwords should never be stored in a readable or even recoverable (this is argueable) way.
A common solution is to store any password as a one-way hash.
So in the given case if the passwords where stored in a safe way:
- Yahwe could start trying to crack the one-way hashes so the security would depend on the implementation of the algorithm and the individual users password choice
- Yahwe could have likely sniffed passwords during the days he was admin by manipulating the login process or the password storage method for example
- Yahwe could have changed passwords but that would be obvious to the user trying to log in
But the one thing he cant do is knowing all passwords of all users just because he had the ability to look at the stored passwords.
Yahwes interest or ability to crack passwords or manipulate the board software is a completely different topic
ps: i guess it was just a misunderstanding about what i tried to say - i was refering to the "making us change all the passwords" part