• Announcement Discussion 4th December 2010
    259 replies, posted
[QUOTE=EDDY TT;26503736]Now thats just retarded.[/QUOTE] If you ask me, the best method would be sending a hash of the hash itself rather than a plain text password. Sending a hash, or sending a plain text password are both not great ideas in my honest opinion.
[QUOTE=Flapadar;26502564]Ok, according to your theory there comprimising an account using a hash will take ~5 billion years[/QUOTE] MD5 hashes rarely take ~5 billion years to crack. I know Vlad's gotten into Lithifold's account that way before. [QUOTE=Flapadar;26503132]Only using a table of hashes. And it's still incredibly inefficient.[/QUOTE] I believe he actually bruteforced that one "from scratch". Which is even less efficient than using rainbow tables but somehow still worked. [QUOTE=compwhizii;26503329]vBulletin allows people to log in with an MD5'd password[/QUOTE] The bbpassword cookie is salted.
[QUOTE=Dan2593;26503425]Really? Usernames like that exist?[/QUOTE] If you ever get banned just look at the homepage for facepunch a bit and just stare at the usernames. Shit'll keep you occupied.
Do we HAVE to change our password?
Compwhizii he wants you to contact him on Steam [url]http://steamcommunity.com/id/ZombieDawgs/[/url]
My name is not on this list. :smug:
Well, glad I'm not on there and good thing that you told us all.
I stand corrected. [code]] lua_run_cl print(hashtb.Check("a9fccff2c3cb42a7f6e98a6be9f7b271" , "MD5")) Wordbank contains 7431 MD5 hashes. Match found: Time elapsed (0) teasers [/code] Instead of using a dictionary (Couldn't find any easily formatted) I'm inputting URLs and hashing all words on the page.
[QUOTE=Flapadar;26503656]There's 53459728531456 unique combinations for a-z/A-Z 8 character password, or 50,000 hours (max of 5.6 years). The insecure passwords can be captured by saving hashes. For example, if you have "manchester", you can save the hash. You could even do that in Lua - nevermind any better language. All you need is a table of common words and you can dictionary attack it.[/QUOTE] There are like sites which are basically a giant 'dictionary' of md5. Couldn't the people who got the md5 of a password, use a site like that to look whether the password is in that dictionary? I mean some have (or they say they have) like literally 4 quadrillion letter combinations in them, so there's a good chance that your (weak) password is in it
[QUOTE=alt;26504458]There are like sites which are basically a giant 'dictionary' of md5. Couldn't the people who got the md5 of a password, use a site like that to look whether the password is in that dictionary? I mean some have (or they say they have) like literally 4 quadrillion letter combinations in them, so there's a good chance that your (weak) password is in it[/QUOTE] That's (basically) what i'm doing in Lua at the moment. Yeah. [code]] lua_run_cl print(hashtb.Check("2f621a9cbf3a35ebd4a0b3b470124ba9" , "MD5")) Wordbank contains 11645 MD5 hashes. Match found: Time elapsed (0) Santa [/code]
[QUOTE=SEKCobra;26504133]Compwhizii he wants you to contact him on Steam [url]http://steamcommunity.com/id/ZombieDawgs/[/url][/QUOTE] Tell him to contact me, I'm kinda busy to hunt someone down.
Changed my password.
[QUOTE=DinoJesus;26493272]What did compwisi do that was so bad?[/QUOTE] He was given moderator status so he could code an update to the forums. He "promised" that he wouldn't do any moderating, and that his status was temporary. He then immediately went on a banning rampage and almost completely neglected the updates. Also some of his bans/permas were outright wrong, and nobody liked him. Hezzy didn't want to put up with this bullshit, so he perma'd comwhizii, but garry jumped in and unperma'd him. So now instead of being a moderator, compwhizii is now a "Facepunch Studios Web Developer". But for some reason he still has moderating powers (which is bullshit). Basically, everyone took turns taking a dump on compwhizii's name.
[QUOTE=Run&Gun12;26505119]He then immediately went on a banning rampage and almost completely neglected the updates.[/QUOTE] haha that's so wrong.
This might have been mentioned before in this thread, but i really wish that list was sorted in alphabetical order..
[QUOTE=Ali Legend;26493107]I'd like to see them crack a salted MD5 hash.[/QUOTE] That really takes like a day at most.
I recommend you all change your passwords to something like as3l5m5sec1uihksdfhn6sqljwln56kjh7sfwq54sd321dfwe657df6s5f1e65w7dfs61e36w547f6sf51e32wd7f3ds21e
[QUOTE=Raneman;26512105]I recommend you all change your passwords to something like as3l5m5sec1uihksdfhn6sqljwln56kjh7sfwq54sd321dfwe657df6s5f1e65w7dfs61e36w547f6sf51e32wd7f3ds21e[/QUOTE] SHIT! How did you know my password?
Anyone else notice how most of the people on the list had retarded names?
[QUOTE=Raneman;26512105]I recommend you all change your passwords to something like as3l5m5sec1uihksdfhn6sqljwln56kjh7sfwq54sd321dfwe657df6s5f1e65w7dfs61e36w547f6sf51e32wd7f3ds21e[/QUOTE] [img]http://dl.dropbox.com/u/9104987/hashes.png[/img] Looks like I need to expand my dictionary a little.
Thanks Mr. Gestapo.
[QUOTE=Execro;26503292]That's good to know. From the reading I've done you can quite easily achieve 300,000 passwords per second (I don't think the algorithm is as slow as you think). Although that wouldn't be able to crack secure passwords in any reasonable length of time it would crack the insecure ones in a matter of minutes.[/QUOTE] BarsWF can do 1200 million combinations/s with my computer and my parts are like 2 years old. If you're talking about brute forcing md5 hash with a home computer, a 8-letter long password with up letters and numbers could be cracked in like 50 hours. i dunno about salted hashes though [URL]http://3.14.by/en/md5[/URL] i just checked their forum, somebody has broke 12 billion/s mark so thats pretty cool
I am NOT a NUMBER, I AM a FREE MAN! -Iron Maiden
[QUOTE=compwhizii;26505154]haha that's so wrong.[/QUOTE] * compwhizii closed simazzarome's thread called Sorry, searching is limited to moderators and gold members right now in General Discussion * compwhizii renamed the thread in ToyBox from “Your faveroute ToyBox things” to Your favorite ToyBox things * compwhizii deleted the thread Vampires Suck (2010) DVDRip H264 MnM-RG in Drop Dead Thread * compwhizii DDT'd web: Reverted Permissions on Subversion Forum from Subversion * compwhizii DDT'd web: Fix permissions on Subversion forum from Subversion * compwhizii renamed the thread in General Discussion from “Friendly UK / Europe Reminder: CLOCKS GO BACK 1h SUNDAY 31'TH” to Friendly UK / Europe Reminder: CLOCKS GO BACK 1h SUNDAY 31'ST * compwhizii renamed the thread in General Discussion from “Friendly UK / Europe Reminder: CLOCKS GO BACK 1h SUNDAY 30'TH” to Friendly UK / Europe Reminder: CLOCKS GO BACK 1h SUNDAY 31'TH * compwhizii renamed the thread in General Discussion from “Friendly UK / Europe Reminder: CLOCKS GO BACK 1h SUNDAY 25'TH” to Friendly UK / Europe Reminder: CLOCKS GO BACK 1h SUNDAY 30'TH * compwhizii renamed the thread in General Discussion from “The 244 ACCOMPLISHMENTS of PRESIDENT OBAMA” to The 244 Accomplishments of President Obama * compwhizii closed Revanold's thread called Every time I rate in General Discussion * compwhizii opened the thread BROHOSTER GIVEAWAY - Gameservers, websites, and games! in Fast Threads * compwhizii closed JWJ's thread called BROHOSTER GIVEAWAY - Gameservers, websites, and games! in Fast Threads * compwhizii unbanned FreakyMe with the explanation “” * compwhizii deleted the thread Pictures Of You: Deeply In Love Edition in Fast Threads * compwhizii permabanned balogne in Greeman, Facepunch Moderator/Newly-wed father returns to Facepunch with the reason “doug” * compwhizii DDT'd Greeman, Facepunch Moderator/Newly-wed father returns to Facepunch from General Discussion * compwhizii fixed the capital letters in thread title Facepunch server setup * compwhizii renamed the thread in News Node from “Valve: Game Trade-In on Steam "Not Happening"” to Valve: Game Trade-In on Steam Not Happening * compwhizii DDT'd SethHack. V2 from Garry's Mod Discussion * compwhizii permabanned petrovitch.adre in Garrysmod aimbot with the reason “Spammer” * compwhizii closed skynrdfan2's thread called my quick opinion on the new facepunch in General Discussion * compwhizii DDT'd The Facepunch Ultra Greasemonkey Script from General Discussion with reason “Requested” * compwhizii permabanned vb4 doug in Facepunch vB4 - PROBLEMS IN HERE THANKS with the reason “doug” * compwhizii closed Zing!'s thread called Some forum problems? in General Discussion with the reason “ugh” * compwhizii renamed the thread in General Discussion from “Welcome back!” to Facepunch vB4 - PROBLEMS IN HERE THANKS * compwhizii closed Humberjini's thread called Facepunch - New account E-mail verification not working/shit slow! in General Discussion * compwhizii permabanned terdy doug in Facepunch vB4 - PROBLEMS IN HERE THANKS with the reason “bye doug” * compwhizii unbanned compwhiziitothemax with the explanation “All done” * compwhizii permabanned compwhiziitothemax in Moderator nonsense thread v3 with the reason “Security test” * compwhizii closed Funny's thread called Favicon in General Discussion * compwhizii DDT'd test from Moderators with reason “test” * compwhizii closed compwhizii's thread called The Facepunch labs are back in General Discussion Almost half of these are perms, all of which were taken from the same month.
Changed my password. So if this isn't about people who haven't change their passwords in a year, what is it about?
[QUOTE=Raneman;26512105]I recommend you all change your passwords to something like as3l5m5sec1uihksdfhn6sqljwln56kjh7sfwq54sd321dfwe657df6s5f1e65w7dfs61e36w547f6sf51e32wd7f3ds21e[/QUOTE] Now I have to change my luggage combination, thanks asshole.
[QUOTE=marksman_sni;26520110]I am NOT a NUMBER, I AM a FREE MAN! -Iron Maiden[/QUOTE] Dude, that's from the intro of the 1960s tv show The Prisoner. It's British also.
Everyone on the list will die
[QUOTE=Execro;26501965]Not quite how hashes work. Hashes are like an encoded form of your password that have to first be cracked in order to reveal the real password. 'Making a dump' of the passwords should no longer be possible (I hope).[/QUOTE] [img]http://avatars.fpcontent.net/image.php?u=73948&dateline=1211230715[/img] Your avatar fits the problem nice.
FUCK! My name is on the list
Sorry, you need to Log In to post a reply to this thread.