December 24, 2024, 06:51:18 PM

1,531,365 Posts in 46,734 Topics by 1,523 Members
› View the most recent posts on the forum.


FYI Users who used IRC (NSFCD???) in 2012. Check your passwords

Started by Daddy, April 18, 2016, 04:16:06 PM

previous topic - next topic

0 Members and 3 Guests are viewing this topic.

Go Down

silvertone


bluaki

I used to use the same ~3 passwords everywhere, but more recently have been using unique ones.

A password I used in 2012 isn't really used anymore for any account I care about. Except maybe this Boyah one. Come to think of it, maybe I should change my password here.

It's not like anybody's going to try breaking into my boyah account anyway y/n

bluaki

So, the passwords in that table are created essentially with:
1. Use the salt "lonjwxrb" for everyone (that's sufficiently random, right?)
2. Run the glibc crypt() function with md5

The strings are in a format like "$1$lonjwxrb$2YF4eBU24K2w/92MNkEEp0"
where "$1$lonjwxrb$" indicates the salt and hash type (1=md5)

Code Select
#include <stdio.h>
#include <crypt.h>
int main(int argc, char *argv[]) {
puts(crypt(argv[1], "$1$lonjwxrb$"));
}

Code Select
$ gcc crypt.c -lcrypt -o crypt
$ ./crypt password
$1$lonjwxrb$2YF4eBU24K2w/92MNkEEp0

I've verified that the password I used back then matches my entry. By the way, of those 415 nicks, three have the password "password". There's no "hunter2" or "jsnake".

Daddy

what fucking retard used the same salt for EVERY PASSWORD

squirrelfriend

well irc is not modern by today's standards 5thgrade;
that's why there's a lot of slack clones out there

Daddy

It's not a native IRC  feature though. It's the database for the NickServ bot.


silvertone

i sometimes use msg for my pw's other times i just forgoe the spices all together

6M69I69B9

Quote from: Travis on April 03, 2015, 10:52:52 PM
gotta eat the booty like groceries


Quote from: Travis on March 01, 2018, 08:44:39 PM
Quote from: reefer on March 01, 2018, 06:15:08 PM
Technology and globalism go hand and hand. If you want to be on the forefront of technology then you gotta be global

the earth is flat you globecuck





strongbad





bluaki

Quote from: Khadafi on April 19, 2016, 04:21:26 PM
It's not a native IRC  feature though. It's the database for the NickServ bot.
It's not even an issue with the bot software. Atheme services (the system ChatSpike uses for NickServ/ChanServ) seems to support random salts for each password, but judging by that database dump, I guess ChatSpike's instance of it was misconfigured in 2009.

They've probably fixed it by now for new registrations and password changes.

NickServ is the closest thing to a "standard" that isn't in the RFC. Just about every IRC client supports automatically authenticating with it. Most networks have it, although some of the biggest networks are among the ones that don't.

Go Up