December 24, 2024, 06:37:37 PM

1,531,365 Posts in 46,734 Topics by 1,523 Members
› View the most recent posts on the forum.


FYI Users who used IRC (NSFCD???) in 2012. Check your passwords

Started by Daddy, April 18, 2016, 04:16:06 PM

previous topic - next topic

0 Members and 1 Guest are viewing this topic.

Go Down

Daddy

https://searchcode.com/codesearch/view/40326435/#l-1368


I came across this and there is a hashed (idk if salted) password for at least Thyme, LoTE, and Bluaki. 

It's a sql dump from I don't know where. I'm guessing NSFCD's IRC, though could be elsewhere.

if you didn't use that password elsewhere you're ok but fyi lol

squirrelfriend

is there any way to retrieve the original password if it was hashed

Daddy

Quote from: squirrelfriend on April 18, 2016, 04:20:59 PM
is there any way to retrieve the original password if it was hashed
There are many variables that make the answer range from "yes" to a "theoretically yes, but reasonably no"

Daddy

that meaning, given enough time and/or processing power, any password can be brute forced and/or a hash can be cracked.

If it's a weak and/or unsalted password the amount of time/power becomes significantly smaller.

If a password is "fuckyou123" someone probably already calculated those hashes.

if it's "xEK3dfjk.#%!@#39209sdkjfKJESOWVNSWdsfksj!!dk" and it's salted with #f9W18 and the UN then the salted hash and original would both need to be broken

don't let's


Daddy

Quote from: ­Ì...Ì...Ì...Ì...Ì...Ì...Ì...Ì...Ì...Ì...­ on April 18, 2016, 04:25:33 PM
But why? And had this been it there all this time?
idk how long it's been up there.

I just came across it a few minutes before posting it (searched for something else related to boyah and it brought up this as a result).

looks like September 2012 was the dump. So closer to 3.5 years.

ME##

how protected are boyah's passwords?  #boyahtransparency2016

don't let's

Quote from: Khadafi on April 18, 2016, 04:29:03 PM
Quote from: ­Ì...Ì...Ì...Ì...Ì...Ì...Ì...Ì...Ì...Ì...­ on April 18, 2016, 04:25:33 PM
But why? And had this been it there all this time?
idk how long it's been up there.

I just came across it a few minutes before posting it (searched for something else related to boyah and it brought up this as a result).

looks like September 2012 was the dump. So closer to 3.5 years.
That could have been when my other twitter account that I used for anime purposes was compromised which I may have used that password for.

Daddy

Quote from: David on April 18, 2016, 04:30:57 PM
how protected are boyah's passwords?  #boyahtransparency2016
They're salted (with 2 unique variables for each user) and hashed so they're pretty secure


if someone got full DB acess they'd get access to that hash and the 2 salt values but it'd still take a tremendous amount of time to actually crack it.

ME##

Quote from: Khadafi on April 18, 2016, 04:35:48 PM
Quote from: David on April 18, 2016, 04:30:57 PM
how protected are boyah's passwords?  #boyahtransparency2016
They're salted (with 2 unique variables for each user) and hashed so they're pretty secure


if someone got full DB acess they'd get access to that hash and the 2 salt values but it'd still take a tremendous amount of time to actually crack it.
nice.  tybjmv

YPrrrr


don't let's

Given all the names there that might have been the ns2 channel on chatspike. Unless they just grabbed everybody on chatspike or the #chatspike or #nintendo channel.

But then again there's a bunch of stuff about twilightirc which I can never remember using but it looks like it was connected to http://cuccoscratch.com/

C.Mongler

my boyah password is heinously simple. like it's a dictionary word simple lol

i started using strings of random horshit like 5 years ago but never got around to chagning boyah lol

SOMEONE HACK ME GOGOGOGO

squirrelfriend

my password is jsnake
idk why retards on outsider were allowed to be mod over me tbh

silvertone


Go Up