They can already see your password? Is this true for all torrent sites? I thought everything is supposed to be encrypted, and passwords couldn't be seen.Originally Posted by Melvinmeow
They can already see your password? Is this true for all torrent sites? I thought everything is supposed to be encrypted, and passwords couldn't be seen.
sex a wolf in a bag
BT Rep: +70
All torrent sites encrypt your password by default if they are using TBDEV. The option has to be manually removed as it was in this case from what I've read.
Now go away.
BT Rep: +25
there is so much wrong with this that i dont even know where to start. Why in hell would you edit source code to even take out the hash to even store this in plain text.
if it is fixed now i would not put it past them that files were changed so that it stores then in plain text and in hash/md5.. Just shows again not to trust this site.
Also you dont need log.php to see this info, all you would have to do is set up a section in userdeatils.php and set it to sysop class or what ever class and you can see passwords if in plain text, you could also have a search script where all you have to do is search a users name and it tells you password. So again such a bad idea and proves site cant be trusted.
They can already see your password? Is this true for all torrent sites? I thought everything is supposed to be encrypted, and passwords couldn't be seen.
No this is not true. All trusted sites would never do this. As of right now i only know 1 site that has ever done this or tried this and it is RTS.
wild
Last edited by wildbytes; 06-26-2007 at 01:22 AM. Reason: Automerged Doublepost
You have got to be kidding me... so at any time, an admin can turn off the encrypt feature and check out your password?
This can't be... I mean... I thought ALL websites encrypted passwords, torrent site or not.
EDIT:
Do you guys use a unique password for every website, a few passwords, or one password?
Last edited by mforcex; 06-26-2007 at 01:25 AM.
BT Rep: +25
You have got to be kidding me... so at any time, an admin can turn off the encrypt feature and check out your password?
This can't be... I mean... I thought ALL websites encrypted passwords, torrent site or not.
No you would have to remove the the md5 hash code and change this to save as plain text. All torrent source codes use md5 hash
I use a different password on ever site, and you should also.
Wild
Last edited by wildbytes; 06-26-2007 at 01:29 AM.
www.arsebook.com
This is actually the second time a site has stored passwords as plaintext. I cannot remember the name of the first site to do it, but I do remember that they used the plaintext passwords to access the members' accounts at another tracker, and leeched from those members' accounts.
The information is on TPG, but since it is currently down, no one can reference it.
The ONLY reason to store plaintext passwords is to allow the Site Operators access to similar accounts on other trackers. PERIOD...
Seeda from Hell
BT Rep: +14
its funny... I would be able to forgive rts but since RTS the member here at FST and staff at RST has not respond in defense since the first page. it is just making them look as guilty as many other members here say they are.... I will no longer be using RTS.
TPG Mod
BT Rep: +1
I think all that had to be done, was to explain from the beginning. So if the passwords where plain text for 2 days, why say they never where?
______________________________________________
Retired
BT Rep: +35
Well, it's just word for word.
Melvinmeow said the passwords were in plaintext.
RTS said the passwords were always encrypted.
I think, like wild said, we should just use different passwords at all sites just to be 100% sure.
I did code for RTS for a bit when the site started, and I saw nothing wrong with the user authentication system as they were using the default TBDev system (MD5 encryption). And because of this, I have to defend RTS. (BTW, IRC passwords are not encrypted, that's why there's a note saying that you should use a different password than the site password)
I'm not sure why you guys think that the staff members are untrusted and are account 'stealers'. I've personally been in contact with them and know that they have absolutely no motive to steal others' accounts as they already have 'good' accounts in most torrent sites. Why wouldn't they? They have seedboxes, and axx too.
I'm not even sure how, and I mean, the technical details, on how melvinmeow came to see that the passwords were not encrypted. So, if you can PM me melvinmeow, that would be great. Same goes with wild, where exactly did you hear that RTS is untrusted from? If you can explain that to me in PM, that would be nice too, because I'm seriously lost on why you guys think that RTS is untrusted.
Personally, I don't think RTS can do anything in response.
As I said before, it's just word for word. Melvinmeow's against RTS'.
How about melvinmeow PM's me on how he read these logs of plaintext.
If he can't come up with it, well ill just post and confirm that he didn't gain access to the rts box.
IMHO; melvinmeow is creating social rubbish to put down a troubled torrent site..
Should I post the attacking IP's?
Posting Permissions
Bookmarks