Topic: Is it OK to for a website owner to bruteforce password hashes? (Read 728 times)
No ethical web designer would ever exploit user accounts in any way let alone cracking passwords. It is wrong of any webmaster to want to crack their user's passwords on more levels than I can even fathom. I would never recommend any behavior of this nature. I also do not recommend abusing a user's trust in any other way either.
What kind of a question is this 
Of course its not ok. I remember Yahoo wouldn't even release the password of a dead soldier to his family. If I had evidence of it of course I'd share it with the community.
I'd like to communities opinion on this. This is a hypothetical situation..... 
Do you guys think its OK (legally or morally) for a website owner to bruteforce the password hashes of a number of users of their website, and then use the resulting passwords to access their accounts on other websites and email addresses?
Do you think it makes a difference if its part of an investigation into possible scamming?
Do you think it makes the website owner less trustworthy?
What if the website owner is being trusted with millions of dollars worth of BTC?
Do you think its worse if the owner gave the hashes to someone else and paid them bruteforce it?
What if you had proof that a website owner did this, would you prove it to the community?
Do you guys think its OK (legally or morally) for a website owner to bruteforce the password hashes of a number of users of their website, and then use the resulting passwords to access their accounts on other websites and email addresses?
Do you think it makes a difference if its part of an investigation into possible scamming?
Do you think it makes the website owner less trustworthy?
What if the website owner is being trusted with millions of dollars worth of BTC?
Do you think its worse if the owner gave the hashes to someone else and paid them bruteforce it?
What if you had proof that a website owner did this, would you prove it to the community?
I don't get it, why you wanna hack yourself? don't you already have password for all of them?
Do you guys think its OK (legally or morally) for a website owner to bruteforce the password hashes of a number of users of their website, and then use the resulting passwords to access their accounts on other websites and email addresses?
It is not OK, it is dumb to bruteforce the password hashes of a number of users of their website, because before the password was hashed, the password was known to the website owner
Do you guys think its OK (legally or morally) for a website owner to bruteforce the password hashes of a number of users of their website, and then use the resulting passwords to access their accounts on other websites and email addresses?
It is not OK, it is dumb to bruteforce the password hashes of a number of users of their website, because before the password was hashed, the password was known to the website owner
Why all the crap? Spit it out. Present your proof. Get on with it.
Completely immoral, Horribly wrong and possibly illegal. If you are a web master/ site owner you should not have to ask these questions.
I'd like to communities opinion on this. This is a hypothetical situation.....
Do you guys think its OK (legally or morally) for a website owner to bruteforce the password hashes of a number of users of their website, and then use the resulting passwords to access their accounts on other websites and email addresses?
Do you think it makes a difference if its part of an investigation into possible scamming?
Do you think it makes the website owner less trustworthy?
What if the website owner is being trusted with millions of dollars worth of BTC?
Do you think its worse if the owner gave the hashes to someone else and paid them bruteforce it?
What if you had proof that a website owner did this, would you prove it to the community?
Do you guys think its OK (legally or morally) for a website owner to bruteforce the password hashes of a number of users of their website, and then use the resulting passwords to access their accounts on other websites and email addresses?
Do you think it makes a difference if its part of an investigation into possible scamming?
Do you think it makes the website owner less trustworthy?
What if the website owner is being trusted with millions of dollars worth of BTC?
Do you think its worse if the owner gave the hashes to someone else and paid them bruteforce it?
What if you had proof that a website owner did this, would you prove it to the community?
Jump to: