Good crypto / Bad crypto

Sebzy · 24-04-2014 4:00pm #1

Been asked by a colleague to review this service as a potential tool for our users to create new passwords.

http://www.askthedirectory.com/

See not too sure how to tell them how bad of an idea this is.

Cuddlesworth · 24-04-2014 4:20pm

Lets look over the details.

Non-existent site - Check
Registered to American Hosting service and .com domain - Check
Email address is to a yahoo account - check

Now lets face facts. There is no chance in hell that this company was stumbled upon, they have zero presence on the web or advertising. So it either came from a spam email, which should be easy enough to trace. Or the owner is the brother/friend of somebody in your company and its his new genious idea which will make him and them rich. Which means its going ahead no matter how stupid it is. Which it is stupid, there are numerous tools out there for password resets without human interaction.

Good luck with that.

Sebzy · 24-04-2014 4:34pm

The whois registration for askthedirectory.com is a chap from Dublin (go figure)

Who would actually use this?

Steviemoyne · 24-04-2014 4:39pm

They show up on Solocheck.ie anyway so from first glance everything seems above board. As for who would use it, I have no clue.

According to solocheck they're in business 4 years.

CreepingDeath · 24-04-2014 5:08pm

Cuddlesworth wrote: »

Lets look over the details.

Non-existent site - Check
Registered to American Hosting service and .com domain - Check
Email address is to a yahoo account - check

Site uses a self signed https cert - Check
Site doesn't default/redirect users to https - Check

No, this is a complete amateur with no idea about real computer security.

LastPass is a free browser add-on that lets you generate very strong passwords.

I 100% rely on that for ALL passwords I have.

Good crypto / Bad crypto

Comments