XTF

+Clients
  • Content count

    150
  • Joined

  • Last visited


XTF's Activity

  1. XTF added a post in a topic: Short quote/close tags   

    Invision?
  2. XTF added a post in a topic: UCP option to hide avatars and other info?   

    What's that?
  3. XTF added a post in a topic: URL -> HTML bug?   

    http://xwis.net/downloads/Yuri's-Revenge-Multiplayer.exe

    This URL gets truncated, looks like a bug.
  4. XTF added a post in a topic: Short quote/close tags   

    Bump
  5. XTF added a post in a topic: Usernames: why?   

    Why?
  6. XTF added a post in a topic: Usernames: why?   

    Where did that 'rule' come from? Wasn't part of your original claim.
    Anyway, you seem more interested in 'winning' a childish fight than in a constructive discussion. Peace out.
  7. XTF added a post in a topic: Usernames: why?   

    It's not a variable, it's a separator. It's still one field, isn't it? You claimed two fields were more secure than one (combined) field. Why would a separator not be allowed in such a combined field?
  8. XTF added a post in a topic: Usernames: why?   

    Ah, that's your problem. Use a separator when merging your username and password. Now the combination spells out goo|berville, goob|erville or whatever and we're back to the same strength as two separate fields.
  9. XTF added a post in a topic: Usernames: why?   

    Number of possible username (length: U) / password (length: P) combinations over an alphabet of size X: X^(U+P)
    Number of possible passwords (length: U+P) over the same alphabet: X^(U+P)
    ...
    In general the lengths aren't known, but this generalizes to unknown lengths.
  10. XTF added a post in a topic: Usernames: why?   

    That's a vague answer, can't you come up with the exact math for both cases?Is this about best-case or worst-case? Yes, best-case the user name is unknown and totally different. Worst-case, especially with recent versions, both are equal.This is about security. If you can't prove a security scheme it's unlikely to be secure.Weren't we talking about the user / pass account? You keep changing stories...
    Yes, a password of size 10 with 26 different chars has 26^10 possibilities. What's your point? You've still not shown that using two fields is better than using one combined field.True, my bad. If passwords were guaranteed to be strong and unique using just the password would be fine. Unfortunately that can't be guaranteed.
  11. XTF added a post in a topic: Usernames: why?   

    Are the two of you really arguing that it's harder to crack "XTF|password" vs "XTF", "password"? Total length is the same and that's basically all that counts.
  12. XTF added a post in a topic: Usernames: why?   

    How much more time and why?Got a reference for that? Display name defaults to user name, so user name can NOT be considered a secret.Are you asking me to prove you're wrong instead of you proving you're right?That'd make account recovery a bit hard. But in some systems a single password (without username) is indeed used, think WPA for example.
  13. XTF added a post in a topic: Usernames: why?   

    Security depends on total entropy, not on the number of fields.
    They could as well be trying every combination of user/pass with total size <= 10 and they'd be finding your pass / word account too, wouldn't they? The effort would be equal.