Game Dev Memes

Look up lolcode. Best 20 minutes spent learning a new language.

 

Trying to reach App Store Top 10

 

A tip from the dark side:

 

lol these are some good ones.

 

When everything works as expected

 

This is for those people who put they are from EA, Ubisoft and post very simple questions on FB groups...

 

http://programmers.life/2015/12/07/security-first/

 

What is the blue logo from?

 

Adobe Stingray.

 

@Not_Sure Autodesk* stingray

 

Ah, thank you.

 

Hash it... HASH IT!!! Storing an encrypted password was already a bad move!

 

You were close enough in my book.

 

But then the second part of the joke wouldn't have worked

 

I think the joke is that you don't store the original password on the db, period.

Not that you can reverse engineer an encrypted password if you have the original.

Which makes no sense as a joke, anyway. Because you just accessed a database with everyone's passwords on it...

 

To me the joke is about inexperienced people giving experienced people contradictory or foolish instructions. The details don't really matter.

 

Sounds like everyday at work.

 

The real joke is on the T-shirt.

 

***** ** ********* *** ****** ****?

******!!!

***.... ******** *** ******* *** ***,

 

Speaking from experience, when web devs hear a non-techie say "encrypted password", we mentally substitute "hashed password" because most people don't understand the difference.

This can occasionally get you into trouble when said non-techie thinks you can decrypt a password implemented this way... which I think is what's happening in the comic.

 

"hashed" doesn't really roll off the tongue, and I think that the term would leave most people wondering what people on computers have to do with breakfast foods. I would never use the word "hash" in conversation with normal people, I would say encrypted for fear of...

 

I thought it was simply a comment on the general propensity of websites to require a secure password with one upper case, one lower case, one numeral, one symbol, and one key only found on a Mandarin keyboard. Which they then email out to you in plain text over a standard channel.

Seriously, emailing users out their passwords in plain text. How dumb can you get?

But either way, its funny.

 

...debating the punch line. This is why people don't invite nerds to parties.

 

With hashing, can't multiple values give you the same hash and make something easier to crack?

 

Yes, multiple input strings can potentially result in the same output string. As for whether that makes something easier to crack... that's quite debatable. "Easier" compared to what? Certainly "easier" compared to if the same hashing algorithm was collision-free, but probably not "easier" compared to other approaches in general.

 

In theory, but given a small range/number of values/characters (like what you would expect to be a password), having a much larger output should limit that likelihood. I haven't heard of rainbow tables running into conflicts at least, so it's probably safe to say it's not an issue in practice.

 

A good, modern hashing is pretty much a processor-intensive, irreversible mangling. It's like shredding something, but the shredding of each thing is virtually guaranteed to be unique and each time you shred something, it will produce the same pile of crap. The only way to know if something matches is to shred it and compare the scraps. But there's no way of figuring out what the original was just from the scrap pile.

So, as long as you don't show the bad guys the originals, they can look through the scraps all they want.

Old hashing algorithms are now obsolete. The idea is once they become feasibly breakable, it is time to go bigger.

And... since I am rambling...

Two-step verification is the real answer, anyhow.

It's like looking for a lock that can't be picked. No such thing. But you can make it a royal pain in the ass, to the point that it would be easier to just consider if an entirely different way of breaking in would be more efficient.

Cracking a modern hash by finding a couple of collisions is pretty big talk.

 

@angrypenguin
@RockoDyne

I know the chances are small, I just think it's amusing.

You don't need the original. Your alternate input that matched the hash will also be accepted, right?

Quantum computing! Ahhh!!

 

Yes, but the point is it is not encrypted, which once broken opens your entire user base to malicious access. With a hash, they have to brute force each password. This assumes they have access to your entire user table, otherwise simply limiting the time between login tries and locks after x number of wrong guesses will make it near impossible to crack a good password.

 

Hah, my mom is a good example of that point. She wants every password to be the same. We accidentally changed her gmail password once so I manually changed it 110 times so we could reuse the previous one. It's not very secure, and the password itself isn't very strong.

 

That's a good point, but a different one. You're talking about security of an individual across services - if someone cracks your mum's password for some random website then they potentially have access to her email. Or her bank. Nasty stuff.

What @tango209 is talking about is security of a service itself - if passwords are encrypted (reversible) as opposed to hashed (one-way) then cracking one potentially means cracking them all at once, so all user accounts for that service are potentially compromised.

Of course there's lots of crossover, too, because - like your mum - there are plenty of people who reuse passwords.

The funny thing is... if I ask some random on the street for their password they're not going to give it to me. If I instead offer them a service to sign up to, many of them will happily hand over that same information without question.



Then, just like in @eskimojoe's cartoon, there are indeed online services that then store that information in plain text, which is a double whammy - they potentially know people's bank passwords, and they're not security conscious so they're an easy target from whom to steal passwords.

The moral of the story is, don't trust anyone with your passwords, including the people you use them with!

 

This thread has me curious how Stingray is doing now...I actually really like lua

 

Oh, I see. That makes more sense... because they figured out the encryption... oh

1 based array indexes though D:

 

https://m.reddit.com/r/Unity3D/comments/47n960/S***post_i_love_unity_with_a_passion_but_this_has/

 

HOLY S*** yeah that animator grid thingy pisses me off soo much lol