Offtherails Posted December 8, 2015 Share Posted December 8, 2015 Dark0ne, thankyou for all your efforts, and your openness about this issue. Link to comment Share on other sites More sharing options...
sunshinenbrick Posted December 8, 2015 Share Posted December 8, 2015 Thank you all for all you do and keeping us up to date! Link to comment Share on other sites More sharing options...
PlagueHush Posted December 8, 2015 Share Posted December 8, 2015 (edited) In response to post #31656575. #31662045 is also a reply to the same post. Reveal hidden contents Quote NeoH4x0r wrote: On 12/8/2015 at 8:06 AM, Fr4nsson said: In response to post #31645210. #31646060, #31646785, #31648240 are all replies on the same post. Reveal hidden contents Quote jet4571 wrote: Heres a quick way to make very hard to crack passwords. Create a new text document and open it. Now randomly mash keys on your keyboard so you get something like dj5vp7;jQE:2ljwer1halk/jb9hl;sfj There's your new hard to crack password. Quote TrvsD wrote: Or just use some crazy several word long phrase that will stick in your mind. Think sentence not random characters you will forget. Quote Daelda1 wrote: I'd rather use LastPass or KeyPass to generate random, complex passwords, because those programs actually remember the passwords for you, and encrypt them (of course, you have to remember the phrase you used to encrypt them with - but if you use something long enough, and complex enough, like, "I am the 8th of 16 children. My mom was a VERY tired woman.", I'd say it would be fairly difficult to crack. Quote Dimon007 wrote: nonono..no word phrases! Hackers can figure those out easier. Always use nonsensical words made up, or ascii symbols are always nice too.Long words doesen't really make it harder to crack... If you use a password like "ilikemysecurepassword" it would take me max 1 day, probably only 10-50minutes to crack it with rainbowtables or a good wordlist. You are much better of using for example "I#%Like!My#Sec/Passw" That password is more complex .... but it still contains dictionary words.Better to use a password like this: (64 characters, total random, and non-sense),sZa(t9iIIFX_G?Cy^Mq8YA9hB;f]w67z[7/X$&?{qX(wHI8A{%9jk9Yy(AN96wB Quote Dhegonus wrote: irrelevant, the database dump was from prior to 2013. If a computer wanted to decipher your password from scratch it would take at least 60 million years.These are both correct and incorrect for different reasons. There are only two driving factors for password security - length and alphabet depth.Providing it has at least one Capital, lowercase, number, and special character and is of decent length it will prove very difficult to crack. Passwords aren't cracked like a combination, one character at a time, they have to be guessed in their entirety, and "Human unreadable" does not mean "Machine unreadable".A password that's as long and simple enough to remember yet sufficiently difficult enough to resist cracking would be something like " D0g,,,,,,,,,,,,,,,,,,,,". Estimated time to crack this with a distributed botnet? About four months... long enough for an attacker to lose interest or run out of money I think ;) Edited December 8, 2015 by PlagueHush Link to comment Share on other sites More sharing options...
TriflingGnome Posted December 8, 2015 Share Posted December 8, 2015 Just want to add to the other users here that I am hugely impressed with the way you've handled this problem. Openness, honesty, and it seems that you've done everything you could be reasonably expected to do. Kudos. Link to comment Share on other sites More sharing options...
bobofzimbabwe Posted December 8, 2015 Share Posted December 8, 2015 (edited) downloaded one of the three mods 8 days before breach............. wipes sweat off brow does giggity dance. good job nexus staying on top of the haters with nothing better to do then to try and hack our games with 3 year old code Edited December 8, 2015 by bobofzimbabwe Link to comment Share on other sites More sharing options...
Telmaron Posted December 8, 2015 Share Posted December 8, 2015 In response to post #31660700. #31662030 is also a reply to the same post. Reveal hidden contents Quote JaschMedia wrote: May I recommend contacting https://haveibeenpwned.com/ about adding the emails from the dump to the list?It is a service that allows you to see if your email has been in any data breach they know of. Quote Lokie7 wrote: Maybe a dumb question, but I presume any of us, "I", could go there and check it out? If so, Great info. Edit; I went to the site, as recommended, did a check and so far, I'm good. Thanks for the tip. BTW, I got my answer, ;)You don't make yourself more secure by sending your info to even more people. Do you know anything about the people that even run that site or how they secure data? Link to comment Share on other sites More sharing options...
Telmaron Posted December 8, 2015 Share Posted December 8, 2015 In response to post #31656620. #31658095 is also a reply to the same post. Reveal hidden contents Quote Purr4me wrote: Don't know if this matters, taking the advice is a good thing when needed.But this ? kinda say's nah..http://s26.postimg.org/98ookcxvt/2_billion.jpgthat's this sites PSW all my other accounts use this onehttp://s26.postimg.org/3yjpt2dmx/right.jpg built to last. kitty. Quote Netsplite wrote: Only if you use the password for all of your other accounts and one of those sites gets hacked and they're stored in DB as plain text / md5 without salt you're still screwed.Not the case for Nexus as they have proper hashing like mentioned in their last post as well but even on large sites you would be surprised how often this happens.That amount of years is probably for trying to brute force your password, that doesn't need to happen with the use of things called word lists. People can use wordlists to crack passwords that are complex and it might take only hours or days. Link to comment Share on other sites More sharing options...
TakelGryph Posted December 8, 2015 Share Posted December 8, 2015 In response to post #31656575. #31662045, #31663470 are all replies on the same post. Reveal hidden contents Quote NeoH4x0r wrote: On 12/8/2015 at 8:06 AM, Fr4nsson said: In response to post #31645210. #31646060, #31646785, #31648240 are all replies on the same post. Reveal hidden contents Quote jet4571 wrote: Heres a quick way to make very hard to crack passwords. Create a new text document and open it. Now randomly mash keys on your keyboard so you get something like dj5vp7;jQE:2ljwer1halk/jb9hl;sfj There's your new hard to crack password. Quote TrvsD wrote: Or just use some crazy several word long phrase that will stick in your mind. Think sentence not random characters you will forget. Quote Daelda1 wrote: I'd rather use LastPass or KeyPass to generate random, complex passwords, because those programs actually remember the passwords for you, and encrypt them (of course, you have to remember the phrase you used to encrypt them with - but if you use something long enough, and complex enough, like, "I am the 8th of 16 children. My mom was a VERY tired woman.", I'd say it would be fairly difficult to crack. Quote Dimon007 wrote: nonono..no word phrases! Hackers can figure those out easier. Always use nonsensical words made up, or ascii symbols are always nice too.Long words doesen't really make it harder to crack... If you use a password like "ilikemysecurepassword" it would take me max 1 day, probably only 10-50minutes to crack it with rainbowtables or a good wordlist. You are much better of using for example "I#%Like!My#Sec/Passw" That password is more complex .... but it still contains dictionary words.Better to use a password like this: (64 characters, total random, and non-sense),sZa(t9iIIFX_G?Cy^Mq8YA9hB;f]w67z[7/X$&?{qX(wHI8A{%9jk9Yy(AN96wB Quote Dhegonus wrote: irrelevant, the database dump was from prior to 2013. If a computer wanted to decipher your password from scratch it would take at least 60 million years. Quote PlagueHush wrote: These are both correct and incorrect for different reasons. There are only two driving factors for password security - length and alphabet depth.Providing it has at least one Capital, lowercase, number, and special character and is of decent length it will prove very difficult to crack. Passwords aren't cracked like a combination, one character at a time, they have to be guessed in their entirety, and "Human unreadable" does not mean "Machine unreadable".A password that's as long and simple enough to remember yet sufficiently difficult enough to resist cracking would be something like " D0g,,,,,,,,,,,,,,,,,,,,". Estimated time to crack this with a distributed botnet? About four months... long enough for an attacker to lose interest or run out of money I think ;)Or you could just use a password manager rather than try to memorize a bunch of unique and complex passwords.And you'd better be using unique passwords whether or not they're complex, people. Don't make me link the XKCD about password reuse. Link to comment Share on other sites More sharing options...
AdityaIyer Posted December 8, 2015 Share Posted December 8, 2015 In short, it is advisable to change password if one's account pre-dates July 2013? Link to comment Share on other sites More sharing options...
Hrenak Posted December 8, 2015 Share Posted December 8, 2015 that's a relief. Link to comment Share on other sites More sharing options...
Recommended Posts