How does Totse store passwords?

Unknown · May 2011

As you may well know, T2 was hacked earlier today and they had all their password hashes stolen, which were apparently really easy to crack. This made me wonder about the state of our passwords and if they're stored securely.

So, how do we store the passwords?
How strongly encrypted are they?
If stolen, can they be cracked easily?

Dfg · May 2011

I think it uses MD Hashes which are salted but I could be wrong. I talked ot oddballz194 yesterday and we discussed this issue. He offered a solution but I can't implement it right now because we might be moving to VB4. Plus, T2 was using VB4 and got hacked. This sort of delayed everything.

bornkiller · May 2011

Fuck No! I didn't know that. Man that sux!
Rather like the guys @ T2

Did they leave a calling card?

StephenPBarrett · May 2011

^ This. I dont have any issues with our more docile brother. But if any totse related forum is attacked it worries me for us. Except zoklet... Then its just funny.

Unknown · May 2011

MissingMuse wrote: »

^ This. I dont have any issues with our more docile brother. But if any totse related forum is attacked it worries me for us. Except zoklet... Then its just funny.

I wouldn't worry. It was probably just a random attack, nothing to do with the fact that they are Totse related. Just don't use the same password on more than one site and you'll be alright. If accounts are compromised then it's not the end of the world, although it would suck balls greatly.

Unknown · June 2011

Bumping - Dfg, have we gotten any further with the salting of things?

Dfg · June 2011

trx100 wrote: »

Bumping - Dfg, have we gotten any further with the salting of things?

Yep, I am using Iodized salts now. Give me 24 hours for a status report. IRL stuff raping me.

Dfg · June 2011

GeneralMcBoozer wrote: »

That must be painful.

I would prefer getting raped by niggers than this.

MarineBoat · June 2011

Wow, I wasn't aware that T2 got the shaft. FEEL sorry for them.

Dfg wrote: »

I would prefer getting raped by niggers than this.

It's a real shame that my being-raped fetish only applies to humans and canines.

Unknown · June 2011

Yeah, T2 was hacked by a skiddie I think. He used a vulnerability in VB4 to gain access, then stole usernames and password hashes. If he was any good, he'd have planted a backdoor, removed logs and not left any noticeable trace of him ever being there. Instead, he spoke up in the forum and actually TOLD them that he hacked them :facepalm:

Sarahlov3ly · June 2011

should we change our passwords?

Unknown · June 2011

On T2? You probably should, yes. On here, its not necessary unless you used the same password for both websites (which you should never do anyway).

SpecGuru · July 2011

trx100 wrote:

So, how do we store the passwords?

[SIZE=3]md5(md5($pass).$salt)[/SIZE]

trx100 wrote:

How strongly encrypted are they?

[SIZE=3]tinyurl.com/43rzqcv[/SIZE]

trx100 wrote:

If stolen, can they be cracked easily?

[SIZE=3]tinyurl.com/4y3wf3v
uiu.me/1h.zip[/SIZE]

ducklips · July 2011

Sarahlov3ly wrote: »

should we change our passwords?

change your pw's regularly

Dfg · July 2011

SpecGuru wrote: »

[SIZE=3]md5(md5($pass).$salt)[/SIZE]

[SIZE=3]tinyurl.com/43rzqcv[/SIZE]

[SIZE=3]tinyurl.com/4y3wf3v
uiu.me/1h.zip[/SIZE]

Thanks for the information. I am currently looking into making things more secure here atm.

buddha · July 2011

This thread should have been locked for the safety of the community. As well as any other questions about how things work here..

Unknown · July 2011

SpecGuru, I was kinda hoping that was how it was working around here. Gotta love salting! :thumbsup:

MooseKnuckle · July 2011

everybody MSGS me their password, and i piece up anybody who violates their privacy. any1 who has not, feel free now, although it may be too late.

How does Totse store passwords?

Comments

Quick Links

Categories