Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I don't know whether I could ask this question or even whether this question is dumb!
I am a member of Ubuntuforums.org and LinuxQuestions.org. While the former doesn't remember me once I restart my computer, the latter does! I know this is something similar to 'keep me signed in unless I sign out' in Yahoo!.
But I am sort of curious to know how this is achieved!
It is done via a cookie (or actually several). These are small text files stored on your PC, that contain data used by websites. As well as their text content - which might be a userid, or hashed (encrypted) password - they also have an expiry date. Assuming you haven't set any other preferences in your browser, this expiry date can either be at the end of the session, or a particular date.
If you are using Firefox, you can view your cookies by selecting Edit > Preferences > Privacy, and clicking "show cookies". You should find an entry in the list for linuxquestions.org - expand this, and take a look.
I have (among others):
bbpassword - contains my hashed password - expires 26/07/2009
bbuserid - contains a numeric id (not my username) - expires 26/07/2009
bbsessionhash - contains my current sessionid - expires at end of session
Cookies can be helpful, but there are also privacy issues (for instance, marketing companies can use "tracker cookies" to monitor your web activity). Firefox allows you to block cookies from particular domains (I have it ask me for each cookie, and block all from *.2o7.net, *.doubleclick.net, etc) or to set cookies to expire at the end of the session, whatever the expiry date.
Distribution: boat loads in my library:LFS3.1/dsl/puppy/tinycore
Posts: 31
Rep:
also your login info as he said (robhogg)since being stored in a cookie is only on the pc you logged in with, so it wont be there when you try to log in with another computer...plus your browser must support it as some do not.
I had another question on this issue, while I was sitting in a Biophysics class. [I find a lot of similarity between how we guys code and how DNA replication in our body is carefully, proofread :P ]
Given that our cookies are stored as small data files in our computer, can't we hack somebody's password by finding these data files? Obviously this can't be that easy else no one would want them.
Given that our cookies are stored as small data files in our computer, can't we hack somebody's password by finding these data files? Obviously this can't be that easy else no one would want them.
Not easy, in fact it's hard! The password is hashed using a cryptographic function. Although not unbreakable, if a good-enough algorithm is used there's no way of cracking it beyond brute-force. It is possible to find "collisions" where more than one "plaintext" hashes to the same value, and with some functions this has become too easy to be really secure. The LQ password hash is 32 hex characters, 128 bits (so possibly is MD5).
Of course for a site like LQ which allows you to stay fully logged in, often there would be no need to crack the password - just get at my PC, and you will be able to post as me (though would need the password to change some details). Sites where more is at stake should certainly not be storing passwords on the PC, encrypted or not. I have far fewer cookies stored from Amazon or my bank than from LQ, and none of them look like a password.
There will be utilities on your system to calculate these hashes, if you want to experiment with them:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.