109
hell
7y

My company contracted a 3rd party to do an internal system for us...
We only knew about it when it was almost done and we got the code... Oooooo boy.... What a fucking shit they did and got paid for...

They have a encryptPassword() and decryptPassword() functions...

What they do you may ask?
Well...

Encrypt: for loop that reverse the string and base64 it 5 times...

Decrypt: the opposite...

That's how they store passwords....

Our intern snapped at a company meeting when they where talking about maintaining it 😂😂

Comments
  • 25
    but we "encrypted" it 5 times, what more do you want!
  • 33
    Hahaha yeah i laughed really loud when I checked this fucking shit because we had a problem with login that when you change you password it deletes the fucking username from DB... I made a website just to "reset" the username because i cant handle that code emotionally right now...

    But good news are we are gonna make it from scratch now, in house, full team :D

    @C0D4
  • 14
    who deletes a username on a password reset o.O
    WTF is this madness.

    Now i never want to outsource my work if that's the kind of crap that can be handed back.
  • 17
    Dude, you have no idea...
    I have no idea...

    Its a clusterfuck of bad code + copied code + unused wtf code...

    Some say they had a 1k line php file just to show a fucking static clock on the main page.

    Its so fucking bad that we are not even gonna use the same data model, we are just using the data because its already there.

    I think its funny because the company wasted 3 months of my salary with this bullshit, they seem to don't understand that we are fucking devs.

    @C0D4
  • 11
    that is a lame encryption method, I store passwords in their ASCII code, now lets see which hacker will be able to figure it out :3
  • 7
    @azous oh, sounds like a pay per line issue :D

    1k for a clock, that thing had better come with alarms, multi clock faces and be multi TimeZone safe.
  • 4
    @gitpush now to go find one of your db's for err "research"
  • 5
    Haha no , static non refreshing clock.

    Not paid by line because the responsible for this was HR that knows jackshit about jackshit :)

    @C0D4
  • 5
    @C0D4 search? It's hosted on torrent sites because sharing is caring 😎
  • 15
    @gitpush I have seen worse.

    A once large economy program that we used back in the dos times stored the passwords in reverse cesarian chipher.

    That is, place two alphabets on two rows with the second reversed and then offset the second 3 letters.

    And this was in live software sold and it was not some minor either but mid range companies up to several hundred employees.

    Took almost 5 minutes to crack with pen and paper with only the user file to go by, no other info on what encryption was used and no code.

    I think the base64 could actually be harder to guess ;)
  • 2
    @Voxera wow! I hope I never see this in my life
  • 14
    Omg, they should reverse the string TWICE before base64 it, bunch of amateurs 😄
  • 3
    @azous where in the world does HR know anything else than jackshit about jackshit?
  • 4
    Let me guess... Oracle was the 3rd-party here?
  • 4
  • 2
    Please throw bags of salt at them when you see them the next time
  • 2
    @azous your intern seems a good developer, hire him/her. Nice move to drop that shit and develop it in house. All the best.
  • 5
    Yeah, we are gonna hire him on January :)
    He is actually the best on the team...

    @samxxx
  • 2
    Yeah exactly what we live here @insanealec
  • 3
    @azous Full team for that?
    Wow, that sounds like something I'd be stuck with and given a week to spec, write, test, migrate, and deploy. 🙁
  • 5
    We are 5 , total.

    But it was just a matter of speak , might be just me and the intern at this project :P

    Its a pretty large project

    @Root
  • 3
    @Root I see you have similar timeframes as me 🙌
Add Comment