One would think those are all with different hosts, but who knows? We actually know very little about the behind the scenes of this site, for starters who funds it? Whoever does is definitely someone who likes Steve Bannon, but that's all we know.
They have a hash (probably salted too...) of your email.
It's (almost) impossible to go from the hash to your email. It is possible, though, to go from your email to the hash, and get the same hash every time.
When you want to reset your password, Win requires you enter your email. Then it takes the email you enter, hashes it, compares it to any emails in the database, and if it matches, it sends you an email. Win doesn't know your email though.
Depends on how it is encrypted. If it's a one-way encryption (which it likely is), you'd need to hack it in order to decrypt it (a lot of time & processing power).
How it works is this. You enter the word "ability." Algorithm converts it deterministically into a hash like: "30570485".
Now if you enter "skill", it will yield "94025339". Both are compared. It's a mismatch. So all they can do is figure out if a given inserted e-mail address is already registered and to whom.
Now, you could run all possible combinations of 'n' letters and see which ones yield 30570485, and you'd likely get multiple results, only one of which reads remotely humanely ("ability", "asdfwe9tu820j23i", "lfdgpkwß9uifsüasdou32o1rfipeof", etc). Given that the integer created has less possible values than the strings you could input will inevitably lead to duplicates.
But be reminded you'd have to run the algorithm for let's say up to ~30 characters, each with one character from ~50 allowed ones. Meaning it would be 50^30 = 9.31e50 (~931000000000000000000000000000000000000000000000000) tries in the worst case - however then you'd have a complete table up to a character length of 30 and could apply it to all. However... if you'd use a "salt", meaning you add let's say ~30 extra letters into the hash to the whole set of data, you could use the table ONLY for this and it needs to be created first (hackers often have tables for cases without salt). If you have a long string like sentence "this_is_my_password_and_its_nice" then it's closer to the worst case scenario (its length is 32, so you'd need ~5000 times as much time and processing power.
So backtracking one-way encrypted strings is - in my humble knowledge - crazy.
Right. Although I get too many emails x100, I wouldn’t mind updates from TDW. Especially if regrouping will become as difficult as I imagine.
Maybe publicize multiple app groups on Gab, CloutHub, etc?
When our Reddit site went down, I followed links provided on other Reddit groups. It was even searchable at that time on DuckDuckGo. Might not be as easy next time.
They cannot... and it's awesome. They actually do NOT have your email. Instead, they have hashed your email and password so TDW not only can't figure out your password, they cannot figure out your email either.
The hashing they use goes one way... so, they hash (change your email and password) in to a long string of nonsense. They store the actual encrypted nonsense, and it cannot be decrypted.
When you log in, it takes your email/password and hashes it (turns it in to the nonsense), and then it compares the new nonsense with the old nonsense. The nonsense match, then it's a good login.
Ditto
That plan is already in place.
thedonald.xyz thedonald.one thedonald.space
If they take this site, you think they won’t take the others?
One would think those are all with different hosts, but who knows? We actually know very little about the behind the scenes of this site, for starters who funds it? Whoever does is definitely someone who likes Steve Bannon, but that's all we know.
Something that could incorporate both a message board and News Aggregator. Like here but with less repeat messaging :-)
No they don't have your email.
They have a hash (probably salted too...) of your email.
It's (almost) impossible to go from the hash to your email. It is possible, though, to go from your email to the hash, and get the same hash every time.
When you want to reset your password, Win requires you enter your email. Then it takes the email you enter, hashes it, compares it to any emails in the database, and if it matches, it sends you an email. Win doesn't know your email though.
Source
We also know for certain that whoever funds it is a Bannon fan.
No they don't. They have a hashed email... the email cannot be unhashed.
Mods promised that all emails used are stored encrypted, same as our passwords.
This was in one of their recent stickies about possible site take down.
Right. Hence my permission. Are they able to unencrypt? If not, can we submit it somewhere secure? Or risk it and submit unsecured?
shit ill give them my address at this point. send me a letter!
Depends on how it is encrypted. If it's a one-way encryption (which it likely is), you'd need to hack it in order to decrypt it (a lot of time & processing power).
How it works is this. You enter the word "ability." Algorithm converts it deterministically into a hash like: "30570485".
Now if you enter "skill", it will yield "94025339". Both are compared. It's a mismatch. So all they can do is figure out if a given inserted e-mail address is already registered and to whom.
Now, you could run all possible combinations of 'n' letters and see which ones yield 30570485, and you'd likely get multiple results, only one of which reads remotely humanely ("ability", "asdfwe9tu820j23i", "lfdgpkwß9uifsüasdou32o1rfipeof", etc). Given that the integer created has less possible values than the strings you could input will inevitably lead to duplicates.
But be reminded you'd have to run the algorithm for let's say up to ~30 characters, each with one character from ~50 allowed ones. Meaning it would be 50^30 = 9.31e50 (~931000000000000000000000000000000000000000000000000) tries in the worst case - however then you'd have a complete table up to a character length of 30 and could apply it to all. However... if you'd use a "salt", meaning you add let's say ~30 extra letters into the hash to the whole set of data, you could use the table ONLY for this and it needs to be created first (hackers often have tables for cases without salt). If you have a long string like sentence "this_is_my_password_and_its_nice" then it's closer to the worst case scenario (its length is 32, so you'd need ~5000 times as much time and processing power.
So backtracking one-way encrypted strings is - in my humble knowledge - crazy.
if they are honest actors and are not inept, they should not be able to decrypt.
The whole point of such design is to protect users as much as possible if the host infrastructure is compromised or outright captured by the enemy.
Right. Although I get too many emails x100, I wouldn’t mind updates from TDW. Especially if regrouping will become as difficult as I imagine.
Maybe publicize multiple app groups on Gab, CloutHub, etc?
When our Reddit site went down, I followed links provided on other Reddit groups. It was even searchable at that time on DuckDuckGo. Might not be as easy next time.
hope not
don't want that confiscated by malicious agents
Hopefully only mods would have the key
hopefully they tossed any key into the fires of mt. doom
Agreed !
They cannot... and it's awesome. They actually do NOT have your email. Instead, they have hashed your email and password so TDW not only can't figure out your password, they cannot figure out your email either.
The hashing they use goes one way... so, they hash (change your email and password) in to a long string of nonsense. They store the actual encrypted nonsense, and it cannot be decrypted.
When you log in, it takes your email/password and hashes it (turns it in to the nonsense), and then it compares the new nonsense with the old nonsense. The nonsense match, then it's a good login.
Agreed
Yes.
Same here
Agreed
Yes. Please do this. But cloudfare is holding the line, fingers crossed.
Same
Second
Is it crazy that a feel like all you faggy shitposting patriots are my frens? You make me feel like I don’t have to eat bugs alone...
No
Mass email incoming.
Somebody else do the work for me, its too hard and scary!