Jump to content

Database Breach - An Update

Dark0ne

By Dark0ne
in Site Updates

 Share

Recommended Posts

  • Replies 547
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

PlagueHush Contributor

PlagueHush

Posted
Posted (edited)
In response to post #31656575. #31662045 is also a reply to the same post.


NeoH4x0r wrote:

 

In response to post #31645210. #31646060, #31646785, #31648240 are all replies on the same post.


jet4571 wrote: Heres a quick way to make very hard to crack passwords. Create a new text document and open it. Now randomly mash keys on your keyboard so you get something like dj5vp7;jQE:2ljwer1halk/jb9hl;sfj There's your new hard to crack password.
TrvsD wrote: Or just use some crazy several word long phrase that will stick in your mind. Think sentence not random characters you will forget.
Daelda1 wrote: I'd rather use LastPass or KeyPass to generate random, complex passwords, because those programs actually remember the passwords for you, and encrypt them (of course, you have to remember the phrase you used to encrypt them with - but if you use something long enough, and complex enough, like, "I am the 8th of 16 children. My mom was a VERY tired woman.", I'd say it would be fairly difficult to crack.
Dimon007 wrote: nonono..no word phrases! Hackers can figure those out easier. Always use nonsensical words made up, or ascii symbols are always nice too.

Long words doesen't really make it harder to crack... If you use a password like "ilikemysecurepassword" it would take me max 1 day, probably only 10-50minutes to crack it with rainbowtables or a good wordlist. You are much better of using for example "I#%Like!My#Sec/Passw"

 

That password is more complex .... but it still contains dictionary words.

Better to use a password like this: (64 characters, total random, and non-sense)

,sZa(t9iIIFX_G?Cy^Mq8YA9hB;f]w67z[7/X$&?{qX(wHI8A{%9jk9Yy(AN96wB

Dhegonus wrote: irrelevant, the database dump was from prior to 2013. If a computer wanted to decipher your password from scratch it would take at least 60 million years.


These are both correct and incorrect for different reasons. There are only two driving factors for password security - length and alphabet depth.

Providing it has at least one Capital, lowercase, number, and special character and is of decent length it will prove very difficult to crack. Passwords aren't cracked like a combination, one character at a time, they have to be guessed in their entirety, and "Human unreadable" does not mean "Machine unreadable".

A password that's as long and simple enough to remember yet sufficiently difficult enough to resist cracking would be something like " D0g,,,,,,,,,,,,,,,,,,,,". Estimated time to crack this with a distributed botnet? About four months... long enough for an attacker to lose interest or run out of money I think ;) Edited by PlagueHush
Link to comment
Share on other sites
Telmaron Newbie

Telmaron

Posted
Posted
In response to post #31660700. #31662030 is also a reply to the same post.


JaschMedia wrote: May I recommend contacting https://haveibeenpwned.com/ about adding the emails from the dump to the list?
It is a service that allows you to see if your email has been in any data breach they know of.
Lokie7 wrote: Maybe a dumb question, but I presume any of us, "I", could go there and check it out?
If so, Great info.

Edit; I went to the site, as recommended, did a check and so far, I'm good. Thanks for the tip.
BTW, I got my answer, ;)


You don't make yourself more secure by sending your info to even more people. Do you know anything about the people that even run that site or how they secure data?
Link to comment
Share on other sites
Telmaron Newbie

Telmaron

Posted
Posted
In response to post #31656620. #31658095 is also a reply to the same post.


Purr4me wrote:

Don't know if this matters, taking the advice is a good thing when needed.

But this ? kinda say's nah..

http://s26.postimg.org/98ookcxvt/2_billion.jpg

that's this sites PSW

 

all my other accounts use this one

http://s26.postimg.org/3yjpt2dmx/right.jpg

 

built to last.

 

kitty.

Netsplite wrote: Only if you use the password for all of your other accounts and one of those sites gets hacked and they're stored in DB as plain text / md5 without salt you're still screwed.
Not the case for Nexus as they have proper hashing like mentioned in their last post as well but even on large sites you would be surprised how often this happens.


That amount of years is probably for trying to brute force your password, that doesn't need to happen with the use of things called word lists. People can use wordlists to crack passwords that are complex and it might take only hours or days.
Link to comment
Share on other sites
TakelGryph Apprentice

TakelGryph

Posted
Posted
In response to post #31656575. #31662045, #31663470 are all replies on the same post.


NeoH4x0r wrote:

 

In response to post #31645210. #31646060, #31646785, #31648240 are all replies on the same post.


jet4571 wrote: Heres a quick way to make very hard to crack passwords. Create a new text document and open it. Now randomly mash keys on your keyboard so you get something like dj5vp7;jQE:2ljwer1halk/jb9hl;sfj There's your new hard to crack password.
TrvsD wrote: Or just use some crazy several word long phrase that will stick in your mind. Think sentence not random characters you will forget.
Daelda1 wrote: I'd rather use LastPass or KeyPass to generate random, complex passwords, because those programs actually remember the passwords for you, and encrypt them (of course, you have to remember the phrase you used to encrypt them with - but if you use something long enough, and complex enough, like, "I am the 8th of 16 children. My mom was a VERY tired woman.", I'd say it would be fairly difficult to crack.
Dimon007 wrote: nonono..no word phrases! Hackers can figure those out easier. Always use nonsensical words made up, or ascii symbols are always nice too.

Long words doesen't really make it harder to crack... If you use a password like "ilikemysecurepassword" it would take me max 1 day, probably only 10-50minutes to crack it with rainbowtables or a good wordlist. You are much better of using for example "I#%Like!My#Sec/Passw"

 

That password is more complex .... but it still contains dictionary words.

Better to use a password like this: (64 characters, total random, and non-sense)

,sZa(t9iIIFX_G?Cy^Mq8YA9hB;f]w67z[7/X$&?{qX(wHI8A{%9jk9Yy(AN96wB

Dhegonus wrote: irrelevant, the database dump was from prior to 2013. If a computer wanted to decipher your password from scratch it would take at least 60 million years.
PlagueHush wrote: These are both correct and incorrect for different reasons. There are only two driving factors for password security - length and alphabet depth.

Providing it has at least one Capital, lowercase, number, and special character and is of decent length it will prove very difficult to crack. Passwords aren't cracked like a combination, one character at a time, they have to be guessed in their entirety, and "Human unreadable" does not mean "Machine unreadable".

A password that's as long and simple enough to remember yet sufficiently difficult enough to resist cracking would be something like " D0g,,,,,,,,,,,,,,,,,,,,". Estimated time to crack this with a distributed botnet? About four months... long enough for an attacker to lose interest or run out of money I think ;)


Or you could just use a password manager rather than try to memorize a bunch of unique and complex passwords.

And you'd better be using unique passwords whether or not they're complex, people. Don't make me link the XKCD about password reuse.
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...