ChristChurchofEnglandPrimarySchool
-
Because Aviva doesn't like schools with more than one word in them...
-
@PJH I'm struggling to think of a school where I grew up that had only one word.
-
@coldandtired all of mine were at least {something} school in their official names.
-
@coldandtired said in ChristChurchofEnglandPrimarySchool:
@PJH I'm struggling to think of a school where I grew up that had only one word.
My secondary (11-18 for the left-pondian among you) was (generally referred to by) a single word.
@Jaloopa said in ChristChurchofEnglandPrimarySchool:
@coldandtired all of mine were at least {something} school in their official names.
But most people drop it off, usually since the context makes it redundant..
: Which school did you go to?
: Fortismere
-
Mine were called 'something Manor', 'something Perowne', 'something Oldcorne', etc.
-
It's a good thing that no school ever has been named after a saint.
-
TRWTF is security questions though.
Does it accept symbols, numbers and uppercase characters and a string longer than 20?
-
@JBert said in ChristChurchofEnglandPrimarySchool:
Does it accept symbols, numbers and uppercase characters and a string longer than 20?
Given..
I'm guessing no for at least one of those...
-
@PJH said in ChristChurchofEnglandPrimarySchool:
I'm guessing no for at least one of those...
Looks like it accepts
.
and-
. And'
and"
, for mysterious raisins.I can understand forbidding
£
; who knows what encoding would be used with that? But the other characters are ASCII so why they're banned…
-
@dkf said in ChristChurchofEnglandPrimarySchool:
But the other characters are ASCII so why they're banned…
I do hope that was a rhetorical question...
-
@PJH This nonsense is why I now generate my "security answers" with KeePass as well. Between fields that won't accept my answers, and questions being really stupid and obvious anyway, anyone who knew what city I was born in and that I drive a Chevy (probably 85% of the people I know IRL) could probably have taken over my entire online life.
-
@PJH said in ChristChurchofEnglandPrimarySchool:
with more than one word in them...
Their csv database engine probably doesn't know how to escape spaces.
-
Around here, schools are usually named after people, so usually 2 words. As for security answers, I put in either unrelated nonsense or an expletive (which has more to do with my opinion of the question than anything else).
-
Good Hope
Parkway
Glen Hills
WCGL
Nicolet
UWM
-
@PJH said in ChristChurchofEnglandPrimarySchool:
@JBert said in ChristChurchofEnglandPrimarySchool:
Does it accept symbols, numbers and uppercase characters and a string longer than 20?
Given..
I'm guessing no for at least one of those...
Yay, looks like it's time for another game of "Guess Where In The Framework They're Mishandling Passwords In Plain Text"
@Lorne-Kates said:
Let's play a game I like to call "Guess Where In The Framework They're Mishandling Passwords In Plain Text". Your only clue is the restrictions on what is allowed in a password.
My guess is they take the password, create XML for a web call-- except they're handrolling the XML instead of using a library, and have never heard of character encoding-- and into that basket of WTF they're putting your plaintext password.
For bonus points, guess where the SQL injection point is!
-
@mott555 said in ChristChurchofEnglandPrimarySchool:
This nonsense is why I now generate my "security answers" with KeePass as well.
I treated "security answers" exactly like passwords for a while. Then I had to read one of them over the phone. Now... well, something more like this:
-
@Lorne-Kates said in ChristChurchofEnglandPrimarySchool:
Yay, looks like it's time for another game of "Guess Where In The Framework They're Mishandling Passwords In Plain Text"
Someone at my company sent out a company-wide email this week saying this:
I’ve been having problems with Go To Meeting (GTM) over the last couple of days and learned today when talking to GTM support that we shouldn’t be using any of the following special characters in the subject field when creating a new meeting:
>
<
&If you do use any of these characters in the subject of your meeting, you could see undesirable behavior such as not being able to start the meeting, the audio not working, etc. You can use a dash(-) in the subject field without issue.
-
@anotherusername I once commented in a company, after seeing this xkcd of the passwords, that somethinghorse* was a safer password than lots of symbols. Then they laughed and started using somethinghorse* for all the server and whatnot passwords.
*redacted for obvious reasons
-
@anotherusername If you get a real dictionary and really pick random words from it, you can easily get something very strong.
/usr/share/dict/words
on this system has (just under) 218 words in it, so a choice of 3 will give 54 bits of entropy.Have a free sample:
unwrangling pseudometamerism autoluminescence
-
@dkf Yeah. That's basically what I did.
-
@dkf said in ChristChurchofEnglandPrimarySchool:
so a choice of 3 will give 54 bits of entropy.
It seems that this page thinks that the entropy of the example I used is about 175 bits. Entropy checkers don't handle dictionaries well, or at least not if they've not been explicitly told about them. :)
-
@PJH said in ChristChurchofEnglandPrimarySchool:
@coldandtired said in ChristChurchofEnglandPrimarySchool:
@PJH I'm struggling to think of a school where I grew up that had only one word.
Hell?
-
@dkf said in ChristChurchofEnglandPrimarySchool:
@dkf said in ChristChurchofEnglandPrimarySchool:
so a choice of 3 will give 54 bits of entropy.
It seems that this page thinks that the entropy of the example I used is about 175 bits. Entropy checkers don't handle dictionaries well, or at least not if they've not been explicitly told about them. :)
The amount of entropy of dictionary words is tricky because it depends a lot on which dictionary you're using... it also depends on things like how well you can spell and whether you'd keep pressing the button until you got a series of words that you recognize/like.
Even moreso if your dictionary can include words like sdrawkcab.
-
"Error: school name must be between 8 and 10 characters long, and include at least one number and one special character"
-
@anonymous234 said in ChristChurchofEnglandPrimarySchool:
"Error: school name must be between 8 and 10 characters long, and include at least one number and one special character"
Every school has at least one special character.
It used to be a class clown.
Now that humor has been outlawed, it's the school shooter.
-
@dkf said in ChristChurchofEnglandPrimarySchool:
If you get a real dictionary and really pick random words from it, you can easily get something very strong.
Is it time for another Diceware plug yet? I feel like I haven't done one for a couple of weeks.
I swear I'm not paid by this guy and I gain nothing if you use it. But it is exactly what you asked for: A way to pick words at random using familiar and secure RNG hardware.
-
@dkf wouldn't anyone trying to crack a password use a dictionary attack alongside random permutations of characters?
-
@another_Sam well it's not like anyone is going to figure out your password by attacking your RNG. The complexity of an attack like that would be ridiculous.
-
@anonymous234 said in ChristChurchofEnglandPrimarySchool:
well it's not like anyone is going to figure out your password by attacking your RNG. The complexity of an attack like that would be ridiculous.
Except for a tiny number of very specific scenarios you're right. But people are terrible at choosing randomly, so if you're looking for random words, you can't ask a human to choose them.
-
@bb36e his 54 bits of entropy in his choice of 3 words assumes that you already have his dictionary and you're using it to help you crack the password.
If you're not using the dictionary, even assuming a character set of between 32 and 64 printable characters, the string of characters he gave would have between 225 and 270 bits of entropy.
So... knowing that they are words, and using a dictionary attack does greatly reduce the number of possibilities. But it's still a lot of possibilities to try to brute force, if your dictionary is large and you use more than a couple of words.
-
@dkf said in ChristChurchofEnglandPrimarySchool:
It's a good thing that no school ever has been named after a saint.
Ah, the ideal world…
-
@Lorne-Kates said in ChristChurchofEnglandPrimarySchool:
Every school has at least one special character.
It used to be a class clown.
Now that humor has been outlawed, it's the school shooter.
http://utbblogs.com/home/bradu25/public_html/wp-content/uploads/2015/04/South-Park-Timmy-300x173.jpg
Not necessarily.
-
@dkf said in ChristChurchofEnglandPrimarySchool:
@PJH said in ChristChurchofEnglandPrimarySchool:
I'm guessing no for at least one of those...
Looks like it accepts
.
and-
. And'
and"
, for mysterious raisins.I can understand forbidding
£
; who knows what encoding would be used with that? But the other characters are ASCII so why they're banned…We had a bug in our product actually, that would cause the £ sign to render improperly, because there are like 3 ways to encode it and most of the developers that came before were deadbeats.
Oh, did I say that our product is mainly sold in the UK?
-
@mott555 said in ChristChurchofEnglandPrimarySchool:
anyone who knew that I drive a Chevy (probably 85% of the people I know IRL) could probably have taken over my entire online life.
thanks for the info, now I've got your password, TJ.
-
@Lorne-Kates said in ChristChurchofEnglandPrimarySchool:
@anonymous234 said in ChristChurchofEnglandPrimarySchool:
"Error: school name must be between 8 and 10 characters long, and include at least one number and one special character"
Every school has at least one special character.
It used to be a class clown.
Now that humor has been outlawed, it's the school shooter.
It's gonna be the space shooter before long.
-
@da-Doctah said in ChristChurchofEnglandPrimarySchool:
@Lorne-Kates said in ChristChurchofEnglandPrimarySchool:
Every school has at least one special character.
It used to be a class clown.
Now that humor has been outlawed, it's the school shooter.
http://utbblogs.com/home/bradu25/public_html/wp-content/uploads/2015/04/South-Park-Timmy-300x173.jpg
Not necessarily.
Hey, you managed to say "my school's name was the Church of Martin the Latter Day's Saint" using just one word!
-
@kt_ there's more than three
I think: UTF-7, UTF-8, UTF-16 (+UCS-2), UTF-32 (+UCS-4), HTML as a numeric entity (dealers choice as to decimal or hex), HTML as a named entity, ISO-8859-1, ISO-8859-7 through -9 and -13 through -15(though at same position as -1), CP437/CP850/CP858 and Win-1252.
There's probably others too.
-
@mott555 said in ChristChurchofEnglandPrimarySchool:
@PJH This nonsense is why I now generate my "security answers" with KeePass as well. Between fields that won't accept my answers, and questions being really stupid and obvious anyway, anyone who knew what city I was born in and that I drive a Chevy (probably 85% of the people I know IRL) could probably have taken over my entire online life.
I keep a long, randomly generated secondary password in the Notes field of KeePass entries for sites that want security questions. The answer to all such questions is always the secondary password with the last word of the question appended. That way they're all unique, as these things are generally required to be, but still only take one trip into KeePass to fill in.
I have yet to meet a security question facility that balks at my claiming to have grown up in WLdphyQyJWjyObmCvOGkin with a dog named WLdphyQyJWjyObmCvOGkdog, or going to school at WLdphyQyJWjyObmCvOGkschool where my favourite teacher was WLdphyQyJWjyObmCvOGkteacher. I might, after all, be Welsh.
-
@flabdablet said in ChristChurchofEnglandPrimarySchool:
I might, after all, be Welsh.
You never can tell.
-
@dkf Just what are you trying to WLdphyQyJWjyObmCvOGk, boyo?
-
@kt_ said in ChristChurchofEnglandPrimarySchool:
@dkf said in ChristChurchofEnglandPrimarySchool:
It's a good thing that no school ever has been named after a saint.
Ah, the ideal world…
I've definitely heard of schools named something like Firstname Lastname Elementary, so even if you get rid of the person's St. title and just name the school after the person you'll still have spaces in the names of some of the schools.
-
@anotherusername I went to high school in a city with two words in the name, and it was named essentially City Name High.
-
@Yamikuronue If I use the name that everyone called my (equivalent to) high school, it'd be a single word. OTOH, I consider such security questions to be terrible as the information isn't exactly hidden; I was even reported in the press as having attended that school (in a positive way too; it was one of those dumb Good News fluff filler stories).
And that was something I hadn't thought about for about 25 years.
-
@flabdablet said in ChristChurchofEnglandPrimarySchool:
I have yet to meet a security question facility that balks at my claiming to have grown up in WLdphyQyJWjyObmCvOGkin with a dog named WLdphyQyJWjyObmCvOGkdog, or going to school at WLdphyQyJWjyObmCvOGkschool where my favourite teacher was WLdphyQyJWjyObmCvOGkteacher. I might, after all, be Welsh.
Then it won't balk if I say my school name is
radiancies pagers harlequins presenter purveyor
either. And I can actually pronounce that over the phone ... actually scratch that, I'd probably still have to spell it for the help droid.
-
@anotherusername said in ChristChurchofEnglandPrimarySchool:
@kt_ said in ChristChurchofEnglandPrimarySchool:
@dkf said in ChristChurchofEnglandPrimarySchool:
It's a good thing that no school ever has been named after a saint.
Ah, the ideal world…
I've definitely heard of schools named something like Firstname Lastname Elementary, so even if you get rid of the person's St. title and just name the school after the person you'll still have spaces in the names of some of the schools.
I meant religious names.
-
@kt_ said in ChristChurchofEnglandPrimarySchool:
@anotherusername said in ChristChurchofEnglandPrimarySchool:
@kt_ said in ChristChurchofEnglandPrimarySchool:
@dkf said in ChristChurchofEnglandPrimarySchool:
It's a good thing that no school ever has been named after a saint.
Ah, the ideal world…
I've definitely heard of schools named something like Firstname Lastname Elementary, so even if you get rid of the person's St. title and just name the school after the person you'll still have spaces in the names of some of the schools.
I meant religious names.
A bunch of them were sainted for doing legitimately good stuff, though. Stuff worthy of having schools named after them.
-
@anotherusername said in ChristChurchofEnglandPrimarySchool:
@kt_ said in ChristChurchofEnglandPrimarySchool:
@anotherusername said in ChristChurchofEnglandPrimarySchool:
@kt_ said in ChristChurchofEnglandPrimarySchool:
@dkf said in ChristChurchofEnglandPrimarySchool:
It's a good thing that no school ever has been named after a saint.
Ah, the ideal world…
I've definitely heard of schools named something like Firstname Lastname Elementary, so even if you get rid of the person's St. title and just name the school after the person you'll still have spaces in the names of some of the schools.
I meant religious names.
A bunch of them were sainted for doing legitimately good stuff, though. Stuff worthy of having schools named after them.
Nope.