FYI Users who used IRC (NSFCD???) in 2012. Check your passwords

[squirrelfriend]

irc has pws?

if you registered yr nick
I never did

[silvertone]

oic. thx for info

[bluaki]

I used to use the same ~3 passwords everywhere, but more recently have been using unique ones.

A password I used in 2012 isn't really used anymore for any account I care about. Except maybe this Boyah one. Come to think of it, maybe I should change my password here.

It's not like anybody's going to try breaking into my boyah account anyway

[bluaki]

So, the passwords in that table are created essentially with:
1. Use the salt "lonjwxrb" for everyone (that's sufficiently random, right?)
2. Run the glibc crypt() function with md5

The strings are in a format like "$1$lonjwxrb$2YF4eBU24K2w/92MNkEEp0"
where "$1$lonjwxrb$" indicates the salt and hash type (1=md5)

Code Select

#include <stdio.h>
#include <crypt.h>
int main(int argc, char *argv[]) {
puts(crypt(argv[1], "$1$lonjwxrb$"));
}

Code Select

$ gcc crypt.c -lcrypt -o crypt
$ ./crypt password
$1$lonjwxrb$2YF4eBU24K2w/92MNkEEp0
I've verified that the password I used back then matches my entry. By the way, of those 415 nicks, three have the password "password". There's no "hunter2" or "jsnake".

[Daddy]

what fucking retard used the same salt for EVERY PASSWORD

[squirrelfriend]

well irc is not modern by today's standards
that's why there's a lot of slack clones out there

[Daddy]

It's not a native IRC  feature though. It's the database for the NickServ bot.

[squirrelfriend]

exactly, no one bothers to maintain it

[silvertone]

i sometimes use msg for my pw's other times i just forgoe the spices all together

[6M69I69B9]

lol list ends at 420 haha

[strongbad]

boyah needs embedded IRC

[squirrelfriend]

boyah needs embedded IRC

just use slack it's the same thing

[squirrelfriend]

i mean like practically not lit same but w/e

[strongbad]

sure lets do it

[bluaki]

It's not a native IRC  feature though. It's the database for the NickServ bot.

It's not even an issue with the bot software. Atheme services (the system ChatSpike uses for NickServ/ChanServ) seems to support random salts for each password, but judging by that database dump, I guess ChatSpike's instance of it was misconfigured in 2009.

They've probably fixed it by now for new registrations and password changes.

NickServ is the closest thing to a "standard" that isn't in the RFC. Just about every IRC client supports automatically authenticating with it. Most networks have it, although some of the biggest networks are among the ones that don't.