Feds tell Web firms to turn over user account passwords

[_aj_]

you may well laugh but its a question that US citizens apparently have not been considering fror a very long time
This present malaise originated many years ago
its difficult to trust anybody else when you don't trust your self

This is not a mirthful laugh, but a rueful one. The US gov't hasn't trusted its citizens for more than a century. Maybe longer. The average American "citizen" is nothing but either a fatted cow to be milked or a voracious pig to be fed, usually for votes for the ruling political class. We rotted from the inside out a long time ago. Rome didnt realize it was a dead man walking for several centuries either.

I see very, very few option for salvation. And none that the potted plants that are my countrymen would consider palatable, given the only thing that matters to them is the next iPhone.

[thebrink]

Translation: I read it on the internet, the place where I get all of my information which I subsequently concatenate into my worldview.

uhh, as opposed to the state run media? 

[Jizzacked]

Keep in mind that all they can turn over is the hashes of the password and the salt. Most online places use a good (read: Not MD5) hashing algorithm and the more entropy (characters) you introduce, the harder it is to crack. The Feds are more than likely using Rainbow Tables to scan the hashes and even this optimization is a function of time.

I use 1Password as my password manager and use it to generate huge random passwords. 1Password is also great because it syncs my laptop, iPhone and iPad using Dropbox as the sync manager. Brilliance.

if they have the hash and the salt, they may as well have the password in plain text.

[Parker]

doesnt the US government trust its citizens?

Do the citizens trust the US government.

[_aj_]

if they have the hash and the salt, they may as well have the password in plain text.

Not true and depends on the hash algorithm and the entropy of the clear text. Even a shitty hash algorithm like MD5 has a fairly large keyspace (16 bytes is still 3.4x10^38 possible combinations) and most use better algos like SHA256 which is quite a bit larger.

Of course, the current SHA2 series was developed by the NSA, so YMMV.

[arce1988]

  USA is fucked.

[The Abdominal Snoman]

No, they aren't all-powerful.  

The fact that they're trying their absolute best to become that way, is the problem.

I don't believe it for a second...The NSA among others could crack any password on any site within minutes...Hell they most likely have programs that can track your position and see/hear ever key stroke you and I press if need be...These stories they put out just so the public can debate it...The fact that they actually put a $ figure on how hard it would be is laughable...

[Jack T. Cross]

I don't believe it for a second...The NSA among others could crack any password on any site within minutes...Hell they most likely have programs that can track your position and see/hear ever key stroke you and I press if need be...These stories they put out just so the public can debate it...The fact that they actually put a $ figure on how hard it would be is laughable...

Hard to argue against that, Snoman. If there's a will, there's a way. That's probably the one thing I've learned in this life.

[B_B_C]

If there's a will, there's a

solicitor

[Jack T. Cross]

solicitor

I hear you, but this is quite a bit more serious than that.