Quote:
Originally Posted by Jace
I have run it for 6 years on a paysite that gets quite a bit of password crackers attempting to rip my shit, strongbox gets them every time and I have never had a password posted to a password forum that was successful
in fact, before strongbox (using ccbill) I had my entire members password list posted....since strongbox that has never happened
|
yes strongbox gives a protection, however it is not unbreakable, with brute force attack, you have to run the attack slowly with >500 proxies. Off course most people don't use so much proxies, but strongbox is not unbreakable.
Also ccbill's pass scheme can be very weak sometimes, if it is 6/8 user/pass choosen from the users.
I have never seen a verotel password posted, you have to use an other way that brute force to enter.
Also it is possible to break turing protections, but it is hard.
So if you ban ips 30 minutes after 3 unsuccesfull attempts, with a free turing protection you should have a pretty unexpensive protection.
(at least against brute force)
If you see you full password database posted you should be warned that yo may have a keylogger on your server.
Because if your password are crypted it is usually not possible to crack more than 70% of the password from a database. (with online brute force you have to use a corrupted combo database)
Switch from des to freebsd md5 could be a solution to prevent password offline cracking. (for stolen db).
need a perfect10 password ?
http://www.google.com/search?hl=en&s...ssword&spell=1
and perfect10 started a lawsuit against these sites... (or against google)