Re: Password Checker

2018-02-27 Thread J. Landman Gay via use-livecode 
Right, I wasn't worried about Troy's site. But I read through the 
comments and there was a criticism that the site was vulnerable to 
malicious intrusions. Because I wasn't using the site itself I didn't 
worry. Troy also explained why the critcism wasn't entirely valid, but 
the commenter was still fairly vicious about it.


On 2/27/18 12:55 PM, Mike Kerner via use-livecode wrote:

Troy is a beast in the security community, so I would not be too worried
about him doing something nefarious.  He is constantly working with white
hats and blue teams to get on top of issues as soon as there is even a peep
on the dark web.

On Tue, Feb 27, 2018 at 12:57 PM, J. Landman Gay via use-livecode <
use-livecode@lists.runrev.com> wrote:


I wouldn't type into that web page either. I used Brian's handler that
uses their API and only sends a few characters of the hash to the database.
The article explains how it works and includes ways to set up the system on
your own server if you want. After reading through it I was convinced it
was a safe check.
--
Jacqueline Landman Gay | jac...@hyperactivesw.com
HyperActive Software   | http://www.hyperactivesw.com



On February 27, 2018 10:26:48 AM Bob Sneidar via use-livecode <
use-livecode@lists.runrev.com> wrote:

I would highly recommend NOT typing ANY current password you are using

into a web page like this. If no one knew about it before, they sure as
hell know it now! Whether they avail themselves of it is anyone's guess.

Bob S


On Feb 24, 2018, at 13:17 , J. Landman Gay via use-livecode <

use-livecode@lists.runrev.com> wrote:

I just got around to trying this -- *very* useful, thanks for posting it.

There are no matches for any of my passwords I've tried so far. :) On
the other hand, even "AbrahamLincoln" has 128 matches. And you have to
insert commas to read the number returned for "qwerty".




___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode





___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode








--
Jacqueline Landman Gay | jac...@hyperactivesw.com
HyperActive Software   | http://www.hyperactivesw.com

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Password Checker

2018-02-27 Thread Mike Kerner via use-livecode 
Troy is a beast in the security community, so I would not be too worried
about him doing something nefarious.  He is constantly working with white
hats and blue teams to get on top of issues as soon as there is even a peep
on the dark web.

On Tue, Feb 27, 2018 at 12:57 PM, J. Landman Gay via use-livecode <
use-livecode@lists.runrev.com> wrote:

> I wouldn't type into that web page either. I used Brian's handler that
> uses their API and only sends a few characters of the hash to the database.
> The article explains how it works and includes ways to set up the system on
> your own server if you want. After reading through it I was convinced it
> was a safe check.
> --
> Jacqueline Landman Gay | jac...@hyperactivesw.com
> HyperActive Software   | http://www.hyperactivesw.com
>
>
>
> On February 27, 2018 10:26:48 AM Bob Sneidar via use-livecode <
> use-livecode@lists.runrev.com> wrote:
>
> I would highly recommend NOT typing ANY current password you are using
>> into a web page like this. If no one knew about it before, they sure as
>> hell know it now! Whether they avail themselves of it is anyone's guess.
>>
>> Bob S
>>
>>
>> On Feb 24, 2018, at 13:17 , J. Landman Gay via use-livecode <
>>> use-livecode@lists.runrev.com> wrote:
>>>
>>> I just got around to trying this -- *very* useful, thanks for posting it.
>>>
>>> There are no matches for any of my passwords I've tried so far. :) On
>>> the other hand, even "AbrahamLincoln" has 128 matches. And you have to
>>> insert commas to read the number returned for "qwerty".
>>>
>>>
>>
>> ___
>> use-livecode mailing list
>> use-livecode@lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
>
>
>
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>



-- 
On the first day, God created the heavens and the Earth
On the second day, God created the oceans.
On the third day, God put the animals on hold for a few hours,
   and did a little diving.
And God said, "This is good."
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Password Checker

2018-02-27 Thread J. Landman Gay via use-livecode 
I wouldn't type into that web page either. I used Brian's handler that uses 
their API and only sends a few characters of the hash to the database. The 
article explains how it works and includes ways to set up the system on 
your own server if you want. After reading through it I was convinced it 
was a safe check.

--
Jacqueline Landman Gay | jac...@hyperactivesw.com
HyperActive Software   | http://www.hyperactivesw.com



On February 27, 2018 10:26:48 AM Bob Sneidar via use-livecode 
 wrote:


I would highly recommend NOT typing ANY current password you are using into 
a web page like this. If no one knew about it before, they sure as hell 
know it now! Whether they avail themselves of it is anyone's guess.


Bob S


On Feb 24, 2018, at 13:17 , J. Landman Gay via use-livecode 
 wrote:


I just got around to trying this -- *very* useful, thanks for posting it.

There are no matches for any of my passwords I've tried so far. :) On
the other hand, even "AbrahamLincoln" has 128 matches. And you have to
insert commas to read the number returned for "qwerty".




___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your 
subscription preferences:

http://lists.runrev.com/mailman/listinfo/use-livecode




___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Password Checker

2018-02-27 Thread Bob Sneidar via use-livecode 
I would highly recommend NOT typing ANY current password you are using into a 
web page like this. If no one knew about it before, they sure as hell know it 
now! Whether they avail themselves of it is anyone's guess. 

Bob S


> On Feb 24, 2018, at 13:17 , J. Landman Gay via use-livecode 
>  wrote:
> 
> I just got around to trying this -- *very* useful, thanks for posting it.
> 
> There are no matches for any of my passwords I've tried so far. :) On
> the other hand, even "AbrahamLincoln" has 128 matches. And you have to
> insert commas to read the number returned for "qwerty".
> 


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Password Checker

2018-02-24 Thread J. Landman Gay via use-livecode 

I just got around to trying this -- *very* useful, thanks for posting it.

There are no matches for any of my passwords I've tried so far. :) On 
the other hand, even "AbrahamLincoln" has 128 matches. And you have to 
insert commas to read the number returned for "qwerty".


On 2/22/18 10:50 PM, Brian Milby via use-livecode wrote:

Read this interesting article about a half billion PW database of
compromised passwords that I thought I'd share:

*https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
*

*on* mouseUp
*local* tSHAData, tSHAHex, tList
*put* messageDigest(the text of field "password", "SHA-1") into tSHAData
*repeat* for each byte tByte in tSHAData
   *put* format("%02X",bytetonum(tByte)) after tSHAHex
*end* *repeat*
*put* url ("https://api.pwnedpasswords.com/range/; & char 1 to 5 of
tSHAHex) into tList
*delete* char 1 to 3 of tList *-- delete the BOM*
*filter* tList with (char 6 to -1 of tSHAHex) & "*"
*set* the itemdel to ":"
*put* item 2 of tList into field "hits"
*end* mouseUp

I've written some code that uses the new v2 API.  You send the first 5
characters of the SHA1 of your password and get a list back of matches.
You can then see if the rest of the hash is in the list and get the number
of times it appears on the list.  "123123" appears 2048411 times for
example.

I'm sure that someone can tighten it up some, but just wanted to make
something in LiveCode that could use the API.

You can also download the full database of SHA1 values (8.75GB) if you
would want to use to provide a service.  Links are in the article (he
prefers that you use a torrent).

Thanks,
Brian
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode




--
Jacqueline Landman Gay | jac...@hyperactivesw.com
HyperActive Software   | http://www.hyperactivesw.com

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Password Checker

2018-02-23 Thread Brian Milby via use-livecode 
That is built in for LC9. You can use sha1digest though.
On Fri, Feb 23, 2018 at 7:52 AM Roger Eller via use-livecode <
use-livecode@lists.runrev.com> wrote:

> There seems to be a missing handler, "messageDigest".
>
> ~Roger
>
>
> On Thu, Feb 22, 2018 at 11:50 PM, Brian Milby via use-livecode <
> use-livecode@lists.runrev.com> wrote:
>
> > Read this interesting article about a half billion PW database of
> > compromised passwords that I thought I'd share:
> >
> > *https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
> > *
> >
> > *on* mouseUp
> >*local* tSHAData, tSHAHex, tList
> >*put* messageDigest(the text of field "password", "SHA-1") into
> tSHAData
> >*repeat* for each byte tByte in tSHAData
> >   *put* format("%02X",bytetonum(tByte)) after tSHAHex
> >*end* *repeat*
> >*put* url ("https://api.pwnedpasswords.com/range/; & char 1 to 5 of
> > tSHAHex) into tList
> >*delete* char 1 to 3 of tList *-- delete the BOM*
> >*filter* tList with (char 6 to -1 of tSHAHex) & "*"
> >*set* the itemdel to ":"
> >*put* item 2 of tList into field "hits"
> > *end* mouseUp
> >
> > I've written some code that uses the new v2 API.  You send the first 5
> > characters of the SHA1 of your password and get a list back of matches.
> > You can then see if the rest of the hash is in the list and get the
> number
> > of times it appears on the list.  "123123" appears 2048411 times for
> > example.
> >
> > I'm sure that someone can tighten it up some, but just wanted to make
> > something in LiveCode that could use the API.
> >
> > You can also download the full database of SHA1 values (8.75GB) if you
> > would want to use to provide a service.  Links are in the article (he
> > prefers that you use a torrent).
> >
> > Thanks,
> > Brian
> > ___
> > use-livecode mailing list
> > use-livecode@lists.runrev.com
> > Please visit this url to subscribe, unsubscribe and manage your
> > subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
> >
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Password Checker

2018-02-23 Thread Roger Eller via use-livecode 
There seems to be a missing handler, "messageDigest".

~Roger


On Thu, Feb 22, 2018 at 11:50 PM, Brian Milby via use-livecode <
use-livecode@lists.runrev.com> wrote:

> Read this interesting article about a half billion PW database of
> compromised passwords that I thought I'd share:
>
> *https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
> *
>
> *on* mouseUp
>*local* tSHAData, tSHAHex, tList
>*put* messageDigest(the text of field "password", "SHA-1") into tSHAData
>*repeat* for each byte tByte in tSHAData
>   *put* format("%02X",bytetonum(tByte)) after tSHAHex
>*end* *repeat*
>*put* url ("https://api.pwnedpasswords.com/range/; & char 1 to 5 of
> tSHAHex) into tList
>*delete* char 1 to 3 of tList *-- delete the BOM*
>*filter* tList with (char 6 to -1 of tSHAHex) & "*"
>*set* the itemdel to ":"
>*put* item 2 of tList into field "hits"
> *end* mouseUp
>
> I've written some code that uses the new v2 API.  You send the first 5
> characters of the SHA1 of your password and get a list back of matches.
> You can then see if the rest of the hash is in the list and get the number
> of times it appears on the list.  "123123" appears 2048411 times for
> example.
>
> I'm sure that someone can tighten it up some, but just wanted to make
> something in LiveCode that could use the API.
>
> You can also download the full database of SHA1 values (8.75GB) if you
> would want to use to provide a service.  Links are in the article (he
> prefers that you use a torrent).
>
> Thanks,
> Brian
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Password Checker

2018-02-22 Thread Brian Milby via use-livecode 
Read this interesting article about a half billion PW database of
compromised passwords that I thought I'd share:

*https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
*

*on* mouseUp
   *local* tSHAData, tSHAHex, tList
   *put* messageDigest(the text of field "password", "SHA-1") into tSHAData
   *repeat* for each byte tByte in tSHAData
  *put* format("%02X",bytetonum(tByte)) after tSHAHex
   *end* *repeat*
   *put* url ("https://api.pwnedpasswords.com/range/; & char 1 to 5 of
tSHAHex) into tList
   *delete* char 1 to 3 of tList *-- delete the BOM*
   *filter* tList with (char 6 to -1 of tSHAHex) & "*"
   *set* the itemdel to ":"
   *put* item 2 of tList into field "hits"
*end* mouseUp

I've written some code that uses the new v2 API.  You send the first 5
characters of the SHA1 of your password and get a list back of matches.
You can then see if the rest of the hash is in the list and get the number
of times it appears on the list.  "123123" appears 2048411 times for
example.

I'm sure that someone can tighten it up some, but just wanted to make
something in LiveCode that could use the API.

You can also download the full database of SHA1 values (8.75GB) if you
would want to use to provide a service.  Links are in the article (he
prefers that you use a torrent).

Thanks,
Brian
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode