Jump to content

Potential Database Breach


Dark0ne

Recommended Posts

In response to post #31561115. #31561180, #31561660, #31562180, #31562605, #31562795, #31563395 are all replies on the same post.


mokaiba wrote: im not worried about anyone getting into my email since I dont even know my email password. I have it written down because its just a bunch of randomness. eg, SJDHF&yhfsdhgf&*^#&*$TGFg375r2hdehfbghus <- like that lol
katleigh93 wrote: Hehehehe, thats the best kind to have mokaiba :D
mokaiba wrote: I do this for all websites that i care about keeping others out. This was not one of them and had a really simple password because I didnt care if anyone gained access as they wouldnt gain anything from it. I think they gained access to my account but didnt change anything and only wrote down the email. I have noticed an increase of spam mail to my email address this past week. Just in case they try to change my password here, I went and changed it from my 'lower case eight-letter' password to an alphanumeric :)

btw, I dont use my real name or personal information anywhere as well. even facebook has a fake name for me.
ultim8f8 wrote: Difficulty to remember: maximum
Bits of entropy: maximum

But there are better ways: xkcd: Password Strength
mokaiba wrote: I use entire sentences when it comes to work and financial-related passwords. I treat those as on an entirely different level than everything else. eg, ILikePinkButterFliesthatswimintheOcean1! good luck guessing that and cracking it lol
katleigh93 wrote: Lol, now that security, hehehehe
SingABrightSong wrote: As strong as XKCD's password is in regards to bits of entropy, it is rather vulnerable to dictionary attacks, where instead of "CorrectHorseBatteryStaple" being 25 characters, it is just four common strings that are concatenated.

That said "gibberish" strings can be made more easily remembered. An example given was "4S&7Ya,oFb4thutCanN,ciL,&dttPtaMac=.", which is interpreted by the human reader as an abbreviaton of the opening of the Gettysburg Address


thats why you add numbers and symbols (to delay dictionary attacks). brute force is going to check letter by letter first then word by word, however, once you pass 20 characters, it becomes time consuming for the process to complete. it doesnt matter if they are all known words. the fact is, it will take years to brute force a 25 character password (government could do it in less time though). one would assume, that before that occurs, that you have changed the password. Most websites will lock your account after so many failed attempts as well.

use my example above (pink butter flies):

2 quattuorvigintillion possible combinations.

It would take a desktop PC about 22 octodecillion years to crack.

or, take a super computer capable of 50,000,000,000,000,000 keys per second.

1.7767289882885646e+40 years 166 days 23 hours 51 minutes and 36 seconds
(2.803405260273855e+49 password combinations)

just shows you that using real words is irrelevant after 20 characters.


regardless of passwords used or the methods for them. the easiest solution for this website is to change to ssl (https) for all connections. 80% of the issues related to passwords and security will be eliminated when that change occurs.

Bascially, it would come down to a potential hacker doing this.

1. its ssl
2. passwords are hashed and salted.
3. not really worth my time.
4. moves on to another website. Edited by mokaiba
Link to comment
Share on other sites

  • Replies 365
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

As an SA myself I feel your pain. It's great you're willing to get out in front of this. GeohoundJason does a great job of saying how most of us feel about the situation. People forget security is a burden we all must share, and you do a great job explaining things in terms most can understand without talking down to anyone. Hang in there!
Link to comment
Share on other sites

In response to post #31566170. #31566375, #31567315 are all replies on the same post.


algustin wrote: help im trying to change my password but it keeps telling me that my current password is wrong even tho im sure it's right
urielz wrote: try resetting you password
algustin wrote: and how do i exactly do that? please?


log out and when you try to log in again look for a "forgot password" button. Maybe you have to enter a wrong password to get to the screen where you can find the "forgot password" button.
Link to comment
Share on other sites

In response to post #31566170. #31566375, #31567315, #31569360 are all replies on the same post.


algustin wrote: help im trying to change my password but it keeps telling me that my current password is wrong even tho im sure it's right
urielz wrote: try resetting you password
algustin wrote: and how do i exactly do that? please?
esfewsf wrote: log out and when you try to log in again look for a "forgot password" button. Maybe you have to enter a wrong password to get to the screen where you can find the "forgot password" button.


yeah i did that like a second ago thanks anyway
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...