XTF

+Clients
  • Content count

    150
  • Joined

  • Last visited


XTF's Activity

  1. XTF added a record in IP.Board   

    PHP warnings in admin/applications/members/modules_public/list/view.php
    I'm seeing these warnings over and over in my logs:
    PHP Warning:  Illegal offset type in isset or empty in admin/applications/members/modules_public/list/view.php on line 229
    PHP Warning:  Illegal offset type in isset or empty in admin/applications/members/modules_public/list/view.php on line 231
    PHP Warning:  urldecode() expects parameter 1 to be string, array given in admin/applications/members/modules_public/list/view.php on line 300
    • 2 replies
    • 200 views
  2. XTF added a post in a topic Short quote/close tags   

    Invision?
  3. XTF added a post in a topic UCP option to hide avatars and other info?   

    What's that?
  4. XTF added a topic in Product Feedback   

    URL -> HTML bug?
    http://xwis.net/downloads/Yuri's-Revenge-Multiplayer.exe

    This URL gets truncated, looks like a bug.
    • 1 reply
    • 612 views
  5. XTF added a post in a topic Short quote/close tags   

    Bump
  6. XTF added a post in a topic Usernames: why?   

    Why?
  7. XTF added a post in a topic Usernames: why?   

    Where did that 'rule' come from? Wasn't part of your original claim.
    Anyway, you seem more interested in 'winning' a childish fight than in a constructive discussion. Peace out.
  8. XTF added a post in a topic Usernames: why?   

    It's not a variable, it's a separator. It's still one field, isn't it? You claimed two fields were more secure than one (combined) field. Why would a separator not be allowed in such a combined field?
  9. XTF added a post in a topic Usernames: why?   

    Ah, that's your problem. Use a separator when merging your username and password. Now the combination spells out goo|berville, goob|erville or whatever and we're back to the same strength as two separate fields.
  10. XTF added a post in a topic Usernames: why?   

    Number of possible username (length: U) / password (length: P) combinations over an alphabet of size X: X^(U+P)
    Number of possible passwords (length: U+P) over the same alphabet: X^(U+P)
    ...
    In general the lengths aren't known, but this generalizes to unknown lengths.
  11. XTF added a post in a topic Usernames: why?   

    That's a vague answer, can't you come up with the exact math for both cases?Is this about best-case or worst-case? Yes, best-case the user name is unknown and totally different. Worst-case, especially with recent versions, both are equal.This is about security. If you can't prove a security scheme it's unlikely to be secure.Weren't we talking about the user / pass account? You keep changing stories...
    Yes, a password of size 10 with 26 different chars has 26^10 possibilities. What's your point? You've still not shown that using two fields is better than using one combined field.True, my bad. If passwords were guaranteed to be strong and unique using just the password would be fine. Unfortunately that can't be guaranteed.
  12. XTF added a post in a topic Usernames: why?   

    Are the two of you really arguing that it's harder to crack "XTF|password" vs "XTF", "password"? Total length is the same and that's basically all that counts.
  13. XTF added a post in a topic Usernames: why?   

    How much more time and why?Got a reference for that? Display name defaults to user name, so user name can NOT be considered a secret.Are you asking me to prove you're wrong instead of you proving you're right?That'd make account recovery a bit hard. But in some systems a single password (without username) is indeed used, think WPA for example.