seriously, how can I only do business with whites from now on? I can literally walk out of a store when I see jeets, but I can't opt out of jeet "programmers" at my bank.
>>108494981They're encrypted, not hashed.Learn the difference.
>>108494981They're just migtating to UNIX, nothing to see here:C:\accounts\username\password\balance.txt/mnt/ACCOUNTS/USERNAME/PASSWORD/BALANCE.TXT
>>108494981Computers in the sixties only had uppercase. A banking system designed back then would only support uppercase passwords. When the system switched to ascii, they maintained compatibility by converting passwords to uppercase. Now they've decided to stop doing that.This says nothing about whether the passwords are "encrypted", nor whether they are hashed as is the industry standard. They almost certainly are, as banks are subject to severe regulations.
>>108495034>balance inside password folder
>>108495089btw this is also the reason some banking systems only allow passwords up to 8 charactersit's some archaic backwards compatibility reason with ibm z/os machines from the 80s
>>108495214If balance was outside you could get it without knowing the password, duh!cat /mnt/accounts/someoneelse/balance.txtIt's called security. Learn it.
>>108494981What the shit kind of requirement is this anyway. Like, why did they even communicate this to the customers?Just uppercase what you receive on the server, then.
>>108495304oh wait, you mean the folder name would be the password?I can't tell if that's genius or retarded
>>108495089if what you are saying were the case, then don't you think someone would've noticed by now that when they typed "YOURMOMISAWHORE12" instead of "yourmomisawhore12" that it still logged them in with the wrong password?
>>108495313I believe the opposite happened actually: they made the password system case-sensitivePreviously the passwords were all stored in full uppercase, but when someone logged in they converted the login attempt password to uppercase to match the stored uppercase passwordBut now (presumably) they will allow actual mixed case passwordsSo, for existing users the password was always full uppercase, and now the users have to actually type in the full uppercase password when logging inIf this is not the case then it doesn't make much sense to me...
>>108495327I mean, that's why the switch from Windows to UNIX is adding case sensitivity.
>>108495356Even then, they are retarded; they could just try both, the password as it was sent and the password if converted to uppercase. Still no need to tell the customers.
>>108495375Somewhere some developer decided he did not want to have this risky code complexity in the login page for the next 20 years which they have to justify every year during an audit, so they decided to bite the trigger and let the users handle itWhich is the better choice is debatable, but this was the cleanest solution for the future
>>108495356enterprise software (SAP) guy here.when you see shit like this, it means there's some ancient ass piece of software in the backend they got rid of. ancient SAP releases (stuff out of support for well over a decade at this point) for example. the RFC library converted all password calls to uppercase. if you needed to have a newer system in the front call an older system, and you wanted the password passed along in the same format in the RFC call, then you had to use a more restrictive convert to uppercase rule. the passwords were still even on these ancient releases stored hashed though.what's happened for the OP post with HSBC is something similar. SAP? who knows. could be, could be another ancient ass application (I was at a Fortune 500 company in 2013 that required eight character letter/number/no symbols passwords because that's what IBM z/OS could handle).HSBC eliminated some backend dependency to have passwords be converted to uppercase when passed to a backend system for authentication.given my experience in enterprise IT, my guess is this:the password has ALWAYS been stored hashed in backend systems. the system that was the master to check said password has changed and is no longer a system that converts to uppercase before doing the hash. it's another system that stored the password case sensitively, but was not the master login source in their authentication flow. they then used the response from whatever backend that did the convert to uppercase to give some sort of login ticket (in SAP they would be login tickets) that were accepted by the newer backend systems.
>>108495469>>108495237aren't 8 character passwords cracked under a second nowadays, and even 10-15 years ago?crazy how some banks still force that shit
>>108495516SAP used to have very old backend versions of software that could not handle more complex passwords than 8 chars, but it did support symbols. the main counter to an 8 character password limit is a very aggressive account locking policy. 5 incorrect password attempts in a row (not from the same IP or session - 5 incorrect logon attempts for that user account PERIOD) on a support portal account would lock the account out. an administrator would have to manually unlock it, and it would take 24 hours to unlock.the SAP support portal has done away with this restriction and passwords can be properly complex.if a bank is still doing 8 char password max still, the most likely cause is old mainframe shit like IBM z/OS, and they are probably heavily throttling incorrect pw attempts.i'm not saying the above is good security practice either. i'm just saying what they're likely doing to make it so every account isn't compromised within days.
>>108495002You store salted hashes in databases, on encrypted discs is a seperate decision you dumbfuck
>>108495034>>108495214>>108495304You are supposed to stay dead, Albert Einstein. Now I'll have to kill you.
>>108494981>HSBC PhoneBankingfucking sussy af but then again anything involving indians is
>>108494981Why is the grammar in the email so bad? Based on that alone I would assume this is a phishing email.
>>108497364because a jeet wrote the template.Notice how they actually entertain "Test123" as a valid password.
>>108495352also>registration journey
>>108494981It's entirely possible they hashed/encrypted both the original and lower-cased versions, though..
>>108495002>your passwords are protected with state of the art ROT13 cryptographythanks I feel safer already
>>108494981More likely they uppercase your password before hashing. The change likely makes existing passwords case sensitive, thus why you need to all caps them.
