Encrypting/Decrypting Password from a Config File

Discussion in 'Java' started by michael.santamaria@gmail.com, Nov 2, 2005.

  1. Guest

    Hello,
    I am looking for a way to encrypt a password in a configuration file
    that is being read by a Java program. Currently, I read-in the
    password from the text file, but that leaves the password sitting right
    out in the open if someone were to look at the config file.

    I was thinking of building a simple class where user could type in
    their desired password, get an encrypted version of the password, then
    paste the encrypted version into the configuration text file. Then the
    application would read encrypted password, decrypt the password back
    into a string, and move on.

    I am having trouble with the string-->encrytped bytes-->string
    conversions.

    I am using the built-in java security classes to implement this code.
    Here is some sample test code:

    // Reads password from config file
    String password = ScriptConfig.getString( "password" );

    // Generate Key
    KeyGenerator kg = KeyGenerator.getInstance("DES");
    Key key = kg.generateKey();

    // Create Encryption cipher
    Cipher cipher = Cipher.getInstance( "DES" );
    cipher.init( Cipher.ENCRYPT_MODE, key );

    // Encrypt password
    byte[] encrypted = cipher.doFinal( password.getBytes() );

    // Create decryption cipher
    cipher.init( Cipher.DECRYPT_MODE, key );
    byte[] decrypted = cipher.doFinal( encrypted );

    // Convert byte[] to String
    String decryptedString = new String(decrypted);

    System.out.println("password: " + password);
    System.out.println("encrypted: " + encrypted);
    System.out.println("decrypted: " + decryptedString);

    // Read encrypted string from config file
    String encryptedPassword = ScriptConfig.getString( "encryptedPassword"
    );

    // Convert encryptedPassword string into byte[]
    byte[] encryptedPasswordBytes = new byte[1024];
    encryptedPasswordBytes = encryptedPassword.getBytes();

    // Decrypt encrypted password from config file
    byte[] decryptedPassword = cipher.doFinal( encryptedPasswordBytes );

    System.out.println("encryptedPassword: " + encryptedPassword);
    System.out.println("decryptedPassword: " + decryptedPassword);


    The config file has the following variables:
    password=password
    encryptedPassword=[B@2a4983


    When I run the code, I get the following output:
    password: passwd
    encrypted: [B@2a4983
    decrypted: passwd
    javax.crypto.IllegalBlockSizeException: Input length must be multiple
    of 8 when decrypting with padded cipher
    at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
    at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
    at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA12275)
    at javax.crypto.Cipher.doFinal(DashoA12275)
    at com.sapient.fbi.uid.TestEncryption.main(TestEncryption.java:48)


    Any help on the error, structure, or process I am using to do this
    would be great. Thanks.
    , Nov 2, 2005
    #1
    1. Advertising

  2. Oliver Wong Guest

    <> wrote in message
    news:...
    > Hello,
    > I am looking for a way to encrypt a password in a configuration file
    > that is being read by a Java program. Currently, I read-in the
    > password from the text file, but that leaves the password sitting right
    > out in the open if someone were to look at the config file.
    >
    > I was thinking of building a simple class where user could type in
    > their desired password, get an encrypted version of the password, then
    > paste the encrypted version into the configuration text file. Then the
    > application would read encrypted password, decrypt the password back
    > into a string, and move on.
    >
    > I am having trouble with the string-->encrytped bytes-->string
    > conversions.
    >
    > I am using the built-in java security classes to implement this code.
    > Here is some sample test code:
    >
    > // Reads password from config file
    > String password = ScriptConfig.getString( "password" );
    >
    > // Generate Key
    > KeyGenerator kg = KeyGenerator.getInstance("DES");
    > Key key = kg.generateKey();
    >
    > // Create Encryption cipher
    > Cipher cipher = Cipher.getInstance( "DES" );
    > cipher.init( Cipher.ENCRYPT_MODE, key );
    >
    > // Encrypt password
    > byte[] encrypted = cipher.doFinal( password.getBytes() );
    >
    > // Create decryption cipher
    > cipher.init( Cipher.DECRYPT_MODE, key );
    > byte[] decrypted = cipher.doFinal( encrypted );
    >
    > // Convert byte[] to String
    > String decryptedString = new String(decrypted);
    >
    > System.out.println("password: " + password);
    > System.out.println("encrypted: " + encrypted);
    > System.out.println("decrypted: " + decryptedString);
    >
    > // Read encrypted string from config file
    > String encryptedPassword = ScriptConfig.getString( "encryptedPassword"
    > );
    >
    > // Convert encryptedPassword string into byte[]
    > byte[] encryptedPasswordBytes = new byte[1024];
    > encryptedPasswordBytes = encryptedPassword.getBytes();
    >
    > // Decrypt encrypted password from config file
    > byte[] decryptedPassword = cipher.doFinal( encryptedPasswordBytes );
    >
    > System.out.println("encryptedPassword: " + encryptedPassword);
    > System.out.println("decryptedPassword: " + decryptedPassword);
    >
    >
    > The config file has the following variables:
    > password=password
    > encryptedPassword=[B@2a4983
    >
    >
    > When I run the code, I get the following output:
    > password: passwd
    > encrypted: [B@2a4983
    > decrypted: passwd
    > javax.crypto.IllegalBlockSizeException: Input length must be multiple
    > of 8 when decrypting with padded cipher
    > at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
    > at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
    > at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA12275)
    > at javax.crypto.Cipher.doFinal(DashoA12275)
    > at com.sapient.fbi.uid.TestEncryption.main(TestEncryption.java:48)
    >


    If you actually included an SSCCE, I could find out which line is line
    48, and it'd be easier for me to help you.

    SSCCE: http://www.physci.org/codes/sscce.jsp

    My guess is it has something to do with not padding the results
    correctly. As the message implies, the decryption algorithm expects the
    length to be a multile of 8, and "[B@2a4983" is of length 9.

    - Oliver
    Oliver Wong, Nov 2, 2005
    #2
    1. Advertising

  3. Jack Guest

    On 2 Nov 2005 11:45:57 -0800, wrote:

    >I was thinking of building a simple class where user could type in
    >their desired password, get an encrypted version of the password, then
    >paste the encrypted version into the configuration text file. Then the
    >application would read encrypted password, decrypt the password back
    >into a string, and move on.


    but any bad guy who has access to the config file would also have
    access to the decryption routine, yes?

    so you might instead do this: once the user creates their password,
    the software creates something like an MD5 hash of it and stores the
    hash. Thereafter, whenever the user wants to logon again, the software
    converts his entered pwd to MD5 and compares that to the list of
    stored, hashed pwds. That way, no one but the user ever can know the
    actual password.

    You probably have seen websites where, if you've forgotten your pwd,
    they can send you a new one - that's because they are using a scheme
    like that.
    Jack, Nov 3, 2005
    #3
  4. "Jack" <> wrote in message
    news:...
    > On 2 Nov 2005 11:45:57 -0800, wrote:
    >
    >>I was thinking of building a simple class where user could type in
    >>their desired password, get an encrypted version of the password, then
    >>paste the encrypted version into the configuration text file. Then the
    >>application would read encrypted password, decrypt the password back
    >>into a string, and move on.

    >
    > but any bad guy who has access to the config file would also have
    > access to the decryption routine, yes?
    >
    > so you might instead do this: once the user creates their password,
    > the software creates something like an MD5 hash of it and stores the
    > hash. Thereafter, whenever the user wants to logon again, the software
    > converts his entered pwd to MD5 and compares that to the list of
    > stored, hashed pwds. That way, no one but the user ever can know the
    > actual password.
    >
    > You probably have seen websites where, if you've forgotten your pwd,
    > they can send you a new one - that's because they are using a scheme
    > like that.


    You may want to use SHA-256 though, since MD5 is considered broken.

    --
    LTP

    :)
    Luc The Perverse, Nov 3, 2005
    #4
  5. Jack Guest

    On Wed, 2 Nov 2005 20:34:54 -0700, "Luc The Perverse"
    <> wrote:

    >
    >You may want to use SHA-256 though, since MD5 is considered broken.


    can you elaborate? :)
    Jack, Nov 3, 2005
    #5
  6. "Jack" <> wrote in message
    news:...
    > On Wed, 2 Nov 2005 20:34:54 -0700, "Luc The Perverse"
    > <> wrote:
    >
    >>
    >>You may want to use SHA-256 though, since MD5 is considered broken.

    >
    > can you elaborate? :)


    Sure.

    The purpose of a hash is ideally to create a number from an input that
    cannot be reversed and cannot be forged. (Reversed means an attacker with
    the hash output can "go backwards" and get the input.) (Forged means an
    attacker with the output can make up another made up pass phrase which
    generated the same hash.) Of course, asking just for the hash, is not good,
    because someone not knowing the passphrase could easily just send the same
    hash along.

    Most of these problems (except reversing) can be fixed by adding a
    negotiated preamble (IE random number) to the passphrase before hashing.
    But this only works if the server is seperate from the user and knows the
    passphrase. (For a local file on a local machine, this is an
    impossibility)

    MD5 has been broken, in that it is now known how to generate an input which
    will cause a certain hashed output.

    It just depends on how hard you want to make it. Every system has a
    weakness. A very tech savvy person could reverse engineer your program,
    find out your encryption, remake a new hash from a new password and drop it
    into your file, effectively changing the password without ever knowing what
    your old password was.

    You need to decide what your threat model is. The dilema that you will
    always come back to is this: If the computer is not secure then the
    password is not secure. If the computer is secure, then what are you
    worried about?

    So if the only thing you are trying to do, is keep it from exceptionally
    amateur hack attempts, then a simple file encoding would work (maybe a
    simple XOR bit mask on every byte.)

    If you don't want to compromise the users password to slightly more advanced
    attacks, (since you know people are using the same password for everything)
    then using a hash is a good idea. And in this model MD5 or SHA-256 would be
    fine. I prefer SHA-256 because it feels 1337er to me. Same reason I use
    Serpent instead of Rijndael ;)

    Just remember that there is always a way around security. Even the
    infallible Compusec HSM (http://www.ce-infosys.com.sg/CeiProducts_HSM.asp)
    can be easily taken over with a simple hardware keylogger, fingerprint
    forgery and simple mugging (for the smart card) or just walk in while the
    person is going pee.

    --
    LTP

    :)
    Luc The Perverse, Nov 3, 2005
    #6
  7. jonck Guest

    jonck, Nov 3, 2005
    #7
  8. Roedy Green Guest

    On Wed, 2 Nov 2005 21:32:09 -0700, "Luc The Perverse"
    <> wrote, quoted or indirectly
    quoted someone who said :

    >I prefer SHA-256 because it feels 1337er to me.


    is this some hip young dude speak? What is 1337er?
    --
    Canadian Mind Products, Roedy Green.
    http://mindprod.com Java custom programming, consulting and coaching.
    Roedy Green, Nov 3, 2005
    #8
  9. Oliver Wong Guest

    "Luc The Perverse" <> wrote in message
    news:436992fe$0$8298$...
    >
    > MD5 has been broken, in that it is now known how to generate an input
    > which will cause a certain hashed output.


    A technique was always "known": Brute force.

    But I guess what you're referring to is some mathematical flaw in the
    MD5 algorithm being discovered. I had read an article on that too, but from
    my recollection, the weakness was rather theoretical and had little
    practical impact. E.g. instead of using pure brute force and expecting to
    crack the password in 20 billion years, you could use the weakness they
    discovered and crack the password in 10 billion years. (Those were just
    numbers off the top of my head, but they illustrate what I meant by 'little
    practical impact').

    In other words, if you're just doing amateur level security for local
    programs, don't worry too much about "MD5 being broken" yet. As Luc alluded
    to, suceptibility to reverse engineering is probably a far bigger risk for
    you at this point.

    - Oliver
    Oliver Wong, Nov 3, 2005
    #9
  10. Oliver Wong Guest

    "Roedy Green" <> wrote in
    message news:p...
    > On Wed, 2 Nov 2005 21:32:09 -0700, "Luc The Perverse"
    > <> wrote, quoted or indirectly
    > quoted someone who said :
    >
    >>I prefer SHA-256 because it feels 1337er to me.

    >
    > is this some hip young dude speak? What is 1337er?


    1337er = leeter = more leet = more elite.

    - Oliver
    Oliver Wong, Nov 3, 2005
    #10
  11. Dag Sunde Guest

    "Oliver Wong" <> wrote in message
    news:Y2qaf.74534$S4.9917@edtnps84...
    >
    > "Roedy Green" <> wrote in
    > message news:p...
    >> On Wed, 2 Nov 2005 21:32:09 -0700, "Luc The Perverse"
    >> <> wrote, quoted or indirectly
    >> quoted someone who said :
    >>
    >>>I prefer SHA-256 because it feels 1337er to me.

    >>
    >> is this some hip young dude speak? What is 1337er?

    >
    > 1337er = leeter = more leet = more elite.
    >


    Yeah... And there is nothing more removed from being
    elite that using that 14-year old "WaReZ kIdZ" speak...

    LOL...

    --
    Dag.
    Dag Sunde, Nov 3, 2005
    #11
  12. Daniel Dyer Guest

    On Thu, 03 Nov 2005 15:30:27 -0000, Oliver Wong <>
    wrote:

    > "Luc The Perverse" <> wrote in
    > message
    > news:436992fe$0$8298$...
    >>
    >> MD5 has been broken, in that it is now known how to generate an input
    >> which will cause a certain hashed output.

    >
    > A technique was always "known": Brute force.
    >
    > But I guess what you're referring to is some mathematical flaw in the
    > MD5 algorithm being discovered. I had read an article on that too, but
    > from
    > my recollection, the weakness was rather theoretical and had little
    > practical impact. E.g. instead of using pure brute force and expecting to
    > crack the password in 20 billion years, you could use the weakness they
    > discovered and crack the password in 10 billion years. (Those were just
    > numbers off the top of my head, but they illustrate what I meant by
    > 'little
    > practical impact').
    >
    > In other words, if you're just doing amateur level security for local
    > programs, don't worry too much about "MD5 being broken" yet. As Luc
    > alluded
    > to, suceptibility to reverse engineering is probably a far bigger risk
    > for
    > you at this point.


    "In 1996, a flaw was found with the design of MD5; while it was not a
    clearly fatal weakness, cryptographers began to recommend using other
    algorithms, such as SHA-1 (recent claims suggest that SHA-1 was broken,
    however). In 2004, more serious flaws were discovered making further use
    of the algorithm for security purposes questionable."

    [From http://en.wikipedia.org/wiki/Md5]

    Collisions can be found in a matter of hours with a modest PC.

    Or you can look up a hash in an online database such as this one:

    http://www.md5lookup.com/

    Dan.

    --
    Daniel Dyer
    http://www.dandyer.co.uk
    Daniel Dyer, Nov 3, 2005
    #12
  13. On 2005-11-03, Dag Sunde penned:
    > "Oliver Wong" <> wrote in message
    > news:Y2qaf.74534$S4.9917@edtnps84...
    >>
    >> "Roedy Green" <>
    >> wrote in message news:p...
    >>> On Wed, 2 Nov 2005 21:32:09 -0700, "Luc The Perverse"
    >>> <> wrote, quoted or indirectly
    >>> quoted someone who said :
    >>>
    >>>>I prefer SHA-256 because it feels 1337er to me.
    >>>
    >>> is this some hip young dude speak? What is 1337er?

    >>
    >> 1337er = leeter = more leet = more elite.
    >>

    >
    > Yeah... And there is nothing more removed from being elite that
    > using that 14-year old "WaReZ kIdZ" speak...
    >
    > LOL...


    It's a form of humor. Using "1337" in otherwise well-formed and
    comprehensible text is a way of both mocking the script kiddies and
    yourself, just a bit, at the same time. Obviously Luc is mocking
    himself when the only reason he gives for using one over the other is
    "it feels 1337er". He's acknowledging that he doesn't have a better
    reason.

    As with all jokes, it's not funny if you have to explain it.

    In short, if every third word you type uses numbers in place of
    letters, etc, then you look dumb. If you very rarely use a select
    l33tspeak word for emphasis, you are identifying yourself as part of a
    particular community.

    --
    monique

    Ask smart questions, get good answers:
    http://www.catb.org/~esr/faqs/smart-questions.html
    Monique Y. Mudama, Nov 3, 2005
    #13
  14. Juha Laiho Guest

    "Daniel Dyer" <> said:
    >On Thu, 03 Nov 2005 15:30:27 -0000, Oliver Wong <>
    >wrote:
    >
    >> "Luc The Perverse" <> wrote in
    >> message
    >> news:436992fe$0$8298$...
    >>>
    >>> MD5 has been broken, in that it is now known how to generate an input
    >>> which will cause a certain hashed output.

    >>
    >> But I guess what you're referring to is some mathematical flaw in the
    >> MD5 algorithm being discovered.

    >
    >Collisions can be found in a matter of hours with a modest PC.


    Hmm.. was this "free-form" collisions, as in I give you just any hash,
    and you provide data matching that hash within hours, or cases where
    you first generate the data and hash yourself, and then manipulate the
    initial data in such ways that you have another piece of data which
    produces the same hash as the first one?

    I know the latter can be done, but I'm still unclear whether the former
    has been successfully demonstrated. For some uses even the latter case
    is enough to not use md5, and of course it does take some credibility
    from the algorithm, but mostly I wouldn't panic - yet.
    --
    Wolf a.k.a. Juha Laiho Espoo, Finland
    (GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
    PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
    "...cancel my subscription to the resurrection!" (Jim Morrison)
    Juha Laiho, Nov 3, 2005
    #14
  15. Dag Sunde Guest

    "Monique Y. Mudama" <> wrote in message
    news:...
    > On 2005-11-03, Dag Sunde penned:
    >> "Oliver Wong" <> wrote in message
    >> news:Y2qaf.74534$S4.9917@edtnps84...
    >>>
    >>> "Roedy Green" <>
    >>> wrote in message news:p...
    >>>> On Wed, 2 Nov 2005 21:32:09 -0700, "Luc The Perverse"
    >>>> <> wrote, quoted or indirectly
    >>>> quoted someone who said :
    >>>>
    >>>>>I prefer SHA-256 because it feels 1337er to me.
    >>>>
    >>>> is this some hip young dude speak? What is 1337er?
    >>>
    >>> 1337er = leeter = more leet = more elite.
    >>>

    >>
    >> Yeah... And there is nothing more removed from being elite that
    >> using that 14-year old "WaReZ kIdZ" speak...
    >>
    >> LOL...

    >
    > It's a form of humor. Using "1337" in otherwise well-formed and
    > comprehensible text is a way of both mocking the script kiddies and
    > yourself, just a bit, at the same time. Obviously Luc is mocking
    > himself when the only reason he gives for using one over the other is
    > "it feels 1337er". He's acknowledging that he doesn't have a better
    > reason.
    >
    > As with all jokes, it's not funny if you have to explain it.
    >
    > In short, if every third word you type uses numbers in place of
    > letters, etc, then you look dumb. If you very rarely use a select
    > l33tspeak word for emphasis, you are identifying yourself as part of a
    > particular community.


    Oh, I got it... I've got two kids at 11 and 16 that speak the lingo...
    :)
    Dag Sunde, Nov 3, 2005
    #15
  16. On 2005-11-03, Dag Sunde penned:
    > "Monique Y. Mudama" <> wrote in message
    > news:...
    >> On 2005-11-03, Dag Sunde penned:
    >>>
    >>> Yeah... And there is nothing more removed from being elite that
    >>> using that 14-year old "WaReZ kIdZ" speak...
    >>>
    >>> LOL...

    >>
    >> It's a form of humor. Using "1337" in otherwise well-formed and
    >> comprehensible text is a way of both mocking the script kiddies and
    >> yourself, just a bit, at the same time. Obviously Luc is mocking
    >> himself when the only reason he gives for using one over the other
    >> is "it feels 1337er". He's acknowledging that he doesn't have a
    >> better reason.
    >>
    >> As with all jokes, it's not funny if you have to explain it.
    >>
    >> In short, if every third word you type uses numbers in place of
    >> letters, etc, then you look dumb. If you very rarely use a select
    >> l33tspeak word for emphasis, you are identifying yourself as part
    >> of a particular community.

    >
    > Oh, I got it... I've got two kids at 11 and 16 that speak the
    > lingo...
    >:)
    >


    Okay, then I won't comment on the irony of someone using "LOL" to
    laugh at l33tspeak =)

    --
    monique

    Ask smart questions, get good answers:
    http://www.catb.org/~esr/faqs/smart-questions.html
    Monique Y. Mudama, Nov 3, 2005
    #16
  17. Dag Sunde Guest

    "Monique Y. Mudama" <> wrote in message
    news:...
    > On 2005-11-03, Dag Sunde penned:
    >> "Monique Y. Mudama" <> wrote in message
    >> news:...
    >>> On 2005-11-03, Dag Sunde penned:
    >>>>
    >>>> Yeah... And there is nothing more removed from being elite that
    >>>> using that 14-year old "WaReZ kIdZ" speak...
    >>>>
    >>>> LOL...


    <snipped>

    >>> l33tspeak word for emphasis, you are identifying yourself as part
    >>> of a particular community.

    >>
    >> Oh, I got it... I've got two kids at 11 and 16 that speak the
    >> lingo...
    >>:)
    >>

    >
    > Okay, then I won't comment on the irony of someone using "LOL" to
    > laugh at l33tspeak =)
    >


    Context? Usenet/NG vs. chatrooms/IRC? Social culture in the one
    vs. the other? ...and where we communicate now?

    LOL belongs here (together with AFAIK, YMMV, IANAL et.c.)
    1337, 1am3r et.c does not?

    I don't see the irony...
    :)

    --
    Dag.
    Dag Sunde, Nov 3, 2005
    #17
  18. Oliver Wong Guest

    "Daniel Dyer" <> wrote in message
    news:eek:...
    >
    > "In 1996, a flaw was found with the design of MD5; while it was not a
    > clearly fatal weakness, cryptographers began to recommend using other
    > algorithms, such as SHA-1 (recent claims suggest that SHA-1 was broken,
    > however). In 2004, more serious flaws were discovered making further use
    > of the algorithm for security purposes questionable."
    >
    > [From http://en.wikipedia.org/wiki/Md5]
    >
    > Collisions can be found in a matter of hours with a modest PC.
    >
    > Or you can look up a hash in an online database such as this one:
    >
    > http://www.md5lookup.com/


    This is not to say that I doubt your claims, but I found it amusing that
    md5lookup.com reports that the database is down for maitenance and will be
    back up on October 31st ("now" being November 3rd, 2005). I guess it isn't
    exactly a lie, as they haven't specified October 31st of what year!

    I then proceeded to go down the list of "MD5 Crackers" listed on
    Wikipedia and none of them worked. http://md5.crysm.net/ kept timing out for
    me, http://gdataonline.com/ reported the password as being "?????" for every
    hash I tried (which is either a stunning coincidence, or this is their way
    of saying they don't know the password), and
    http://passcracking.ru/index.php I couldn't figure out how to use, as it was
    in Russian (no matter what hashes I tried, it would return a blank page).
    http://passcracking.com/ was the most promising of the bunch, but apparently
    there was a queue of 31504 hashes to crack before me (I was too impatient to
    wait).

    Conclusion: Cracking MD5s isn't as easy as some people make it sound,
    sometimes for as pragmatic reasons as the fact that the webservers are being
    overloaded with work and cannot respond in time.

    - Oliver
    Oliver Wong, Nov 3, 2005
    #18
  19. "Monique Y. Mudama" <> wrote in message
    news:...
    > On 2005-11-03, Dag Sunde penned:
    >> "Oliver Wong" <> wrote in message
    >> news:Y2qaf.74534$S4.9917@edtnps84...
    >>>
    >>> "Roedy Green" <>
    >>> wrote in message news:p...
    >>>> On Wed, 2 Nov 2005 21:32:09 -0700, "Luc The Perverse"
    >>>> <> wrote, quoted or indirectly
    >>>> quoted someone who said :
    >>>>
    >>>>>I prefer SHA-256 because it feels 1337er to me.
    >>>>
    >>>> is this some hip young dude speak? What is 1337er?
    >>>
    >>> 1337er = leeter = more leet = more elite.
    >>>

    >>
    >> Yeah... And there is nothing more removed from being elite that
    >> using that 14-year old "WaReZ kIdZ" speak...
    >>
    >> LOL...

    >
    > It's a form of humor. Using "1337" in otherwise well-formed and
    > comprehensible text is a way of both mocking the script kiddies and
    > yourself, just a bit, at the same time. Obviously Luc is mocking
    > himself when the only reason he gives for using one over the other is
    > "it feels 1337er". He's acknowledging that he doesn't have a better
    > reason.
    >
    > As with all jokes, it's not funny if you have to explain it.
    >
    > In short, if every third word you type uses numbers in place of
    > letters, etc, then you look dumb. If you very rarely use a select
    > l33tspeak word for emphasis, you are identifying yourself as part of a
    > particular community.


    Thank you! I couldn't have described it better myself.

    --
    LTP

    :)
    Luc The Perverse, Nov 3, 2005
    #19
  20. Joan Guest

    "Dag Sunde" <> wrote in message
    news:I5vaf.7396$...
    > "Monique Y. Mudama" <> wrote in message
    > news:...
    >> On 2005-11-03, Dag Sunde penned:
    >>> "Monique Y. Mudama" <> wrote in message
    >>> news:...
    >>>> On 2005-11-03, Dag Sunde penned:
    >>>>>
    >>>>> Yeah... And there is nothing more removed from being elite
    >>>>> that
    >>>>> using that 14-year old "WaReZ kIdZ" speak...
    >>>>>
    >>>>> LOL...

    >
    > <snipped>
    >
    >>>> l33tspeak word for emphasis, you are identifying yourself as
    >>>> part
    >>>> of a particular community.
    >>>
    >>> Oh, I got it... I've got two kids at 11 and 16 that speak the
    >>> lingo...
    >>>:)
    >>>

    >>
    >> Okay, then I won't comment on the irony of someone using "LOL"
    >> to
    >> laugh at l33tspeak =)
    >>

    >
    > Context? Usenet/NG vs. chatrooms/IRC? Social culture in the one
    > vs. the other? ...and where we communicate now?
    >
    > LOL belongs here (together with AFAIK, YMMV, IANAL et.c.)


    shouldn't this be "iANAL"

    > 1337, 1am3r et.c does not?
    >
    > I don't see the irony...
    > :)
    >
    > --
    > Dag.
    >
    >
    Joan, Nov 3, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Marshall Dudley

    encrypting and decrypting with perl

    Marshall Dudley, Jan 27, 2005, in forum: Perl
    Replies:
    1
    Views:
    732
    Brian McCauley
    Jan 27, 2005
  2. VB Programmer

    Encrypting/Decrypting Connection String

    VB Programmer, Nov 29, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    7,607
    Sahil Malik
    Nov 30, 2004
  3. dfa_geko
    Replies:
    3
    Views:
    379
    dfa_geko
    Apr 6, 2007
  4. Andy Chau
    Replies:
    7
    Views:
    204
    Andy Chau
    Oct 5, 2003
  5. Anders
    Replies:
    0
    Views:
    88
    Anders
    Jun 12, 2005
Loading...

Share This Page