
XTF
+Clients-
Content Count
150 -
Joined
-
Last visited
About XTF

-
Rank
Member
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Enabling Flag as Spammer only for members with less than n posts
XTF replied to Andy Badwool's topic in Feature Suggestions
Bump -
Mur reacted to a post in a topic: Rich text editor
-
Mur reacted to a post in a topic: Rich text editor
-
Bump
-
What's that?
-
http://xwis.net/downloads/Yuri's-Revenge-Multiplayer.exe This URL gets truncated, looks like a bug.
-
Where did that 'rule' come from? Wasn't part of your original claim. Anyway, you seem more interested in 'winning' a childish fight than in a constructive discussion. Peace out.
-
It's not a variable, it's a separator. It's still one field, isn't it? You claimed two fields were more secure than one (combined) field. Why would a separator not be allowed in such a combined field?
-
ram108 reacted to a post in a topic: Usernames: why?
-
Ah, that's your problem. Use a separator when merging your username and password. Now the combination spells out goo|berville, goob|erville or whatever and we're back to the same strength as two separate fields.
-
Number of possible username (length: U) / password (length: P) combinations over an alphabet of size X: X^(U+P) Number of possible passwords (length: U+P) over the same alphabet: X^(U+P) ... In general the lengths aren't known, but this generalizes to unknown lengths.
-
That's a vague answer, can't you come up with the exact math for both cases? Is this about best-case or worst-case? Yes, best-case the user name is unknown and totally different. Worst-case, especially with recent versions, both are equal. This is about security. If you can't prove a security scheme it's unlikely to be secure. Weren't we talking about the user / pass account? You keep changing stories... Yes, a password of size 10 with 26 different chars has 26^10 possibilities. What's your point? You've still not shown that using two fields is better than using one combined field. True, my ba
-
Are the two of you really arguing that it's harder to crack "XTF|password" vs "XTF", "password"? Total length is the same and that's basically all that counts.
-
blair reacted to a post in a topic: Usernames: why?
-
How much more time and why? Got a reference for that? Display name defaults to user name, so user name can NOT be considered a secret. Are you asking me to prove you're wrong instead of you proving you're right? That'd make account recovery a bit hard. But in some systems a single password (without username) is indeed used, think WPA for example.
-
Security depends on total entropy, not on the number of fields. They could as well be trying every combination of user/pass with total size <= 10 and they'd be finding your pass / word account too, wouldn't they? The effort would be equal.