I was just in contact with someone who was asking for assistance on IRC, asking why the password for a log was stored in plain text. I had the person send the log, and surely enough the password is plainly visible when opened in notepad.

Now, the user himself is gone, but I did get contact info and the logfile itself. anyone know why this happened?

I couldn't find my password in my logfiles. Anyway, I think the password is just used to make the encryption key.

well for the log file the user sent to me, I opened the file in notepad and the password was right there in the first line, each character separated by spaces. I open it with the log viewer, type it in without the spaces, and it is decrypted

Weird for I cannot find my password anywhere in the ple file when opened in Notepad.

Can you(MeEtc) or anyone else see their password in the ple file?

Can I have a look at this log file? IRC share or sending via WLM will do (considering you should publicly send it since its private). I just want to check a few things (and no, I obviously don't care to read logs or take emails or anything of the sort )

um could they have put in a password hint that is the password??

because the hint is not encrypted and they may have thought that plus wanted to confirm the password and didnt read that it was the hint... so yea i dunno if that made sense but yea i know what i was on about...

lol

quote:

---

Originally posted by NanaFreak
um could they have put in a password hint that is the password??

because the hint is not encrypted and they may have thought that plus wanted to confirm the password and didnt read that it was the hint... so yea i dunno if that made sense but yea i know what i was on about...

lol

---

lol so it did make sense!!! yay...

I just read "password" and "hint" in your post and realised what you meant I tend to skim through posts. Its become a habit by now

quote:

---

Originally posted by RaceProUK
I couldn't find my password in my logfiles. Anyway, I think the password is just used to make the encryption key.

---

quote:

---

Originally posted by John Anderton

quote:

---

Originally posted by NanaFreak
um could they have put in a password hint that is the password??

because the hint is not encrypted and they may have thought that plus wanted to confirm the password and didnt read that it was the hint... so yea i dunno if that made sense but yea i know what i was on about...

lol

---

That was one of the possiblities. I was just going to check the location of the password and come to a definite conclusion

---

click for bigger size

quote:

---

Originally posted by CookieRevised
it would be helpfull to know what translation he was using so that this can be checked out

---

quote:

---

Originally posted by CookieRevised
The hint is stored starting from offset 0x23 as a unicode text.

---

Moral of the story; don't make your password hint your password.

unless your password is the password hint...

(I'm confusing myself now )

quote:

---

Originally posted by CookieRevised
unless your password is the password hint...

(I'm confusing myself now )

---

quote:

---

Originally posted by John Anderton

quote:

---

Originally posted by CookieRevised
unless your password is the password hint...

(I'm confusing myself now )

---

That's exactly what you're not supposed to do.

---

lol.. alright, I'll prevent newer versions of Plus! to accept the password as the hint.