Gamer Site's Emails and Passwords Hacked and Published...

[Illiterati]

Hope no one here has been compromised.

http://www.ingame.msnbc.msn.com/tec...to Content=Earned to Mixed=1&__utmk=107649666

 

[Overmind One]

Hope no one here has been compromised.

http://www.ingame.msnbc.msn.com/technology/ingame/millions-gaming-passwords-email-addresses-released-online-904730?__utma=14933801.1401469046.1342899459.1343091235.1343105386.8&__utmb=14933801.1.10.1343105386&__utmc=14933801&__utmx=-&__utmz=14933801.1342899459.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&__utmv=14933801.|8=Earned By=msnbc|cover=1^12=Landing Content=Mixed=1^13=Landing Hostname=www.nbcnews.com=1^30=Visit Type to Content=Earned to Mixed=1&__utmk=107649666

Just wow. I am glad that the writer mentioned that the passwords were hashed. And despite his claim that the hackers "likely decoded much of it", the chances of that are actually pretty slim. It just goes to show that ANY online presence of your private data is at risk. Having a "throwaway" email used just for low security purposes is a good idea. Have good passwords and create multi-level versions of them depending on the security level you want. Some people give too many clues away :mad-new:

 

[Bluce Ree]

Just wow. I am glad that the writer mentioned that the passwords were hashed. And despite his claim that the hackers "likely decoded much of it", the chances of that are actually pretty slim. It just goes to show that ANY online presence of your private data is at risk. Having a "throwaway" email used just for low security purposes is a good idea. Have good passwords and create multi-level versions of them depending on the security level you want. Some people give too many clues away :mad-new:

The writer says that the hashed passwords were "likely decoded"? If they really were hashed, you can't reverse a hash. It's impossible. A hash is also known as a digest. Think of it like putting food in your mouth and what comes out the other end is your "hash". It simply doesn't work the other way around. You can't turn shit back into the banana or sandwich you ate.

The only way to "decode" a hash is to brute force a dictionary through a hash algorithm and hope it produces a matching hash. I remember explaining this in an old thread on the other site when their idiot technical admin was trying to convince people that their passwords were "compromised" due to the fact that an old version of the database was sitting here. .

 

[Overmind One]

The writer says that the hashed passwords were "likely decoded"? If they really were hashed, you can't reverse a hash. It's impossible. A hash is also known as a digest. Think of it like putting food in your mouth and what comes out the other end is your "hash". It simply doesn't work the other way around. You can't turn shit back into the banana or sandwich you ate.

The only way to "decode" a hash is to brute force a dictionary through a hash algorithm and hope it produces a matching hash. I remember explaining this in an old thread on the other site when their idiot technical admin was trying to convince people that their passwords were "compromised" due to the fact that an old version of the database was sitting here. .

Exactly. But only if you know what "hashing" is. Your analogy is perfect. There is no way to "decode" a hashed data object.

 

[Overmind One]

The exact quote:

"And though the data was hashed to make it difficult to decipher, it's highly likely hackers were able to decode much of it."

:highly_amused: Really? You can tell from reading that piece that the guy does not know what hashing is. An MD5 hashing operation is a one way deal. You go from string to hash, and it does not go back the other way. It is not like encryption which merely encodes the string using a private key. Encryption CAN be broken. Hashing cannot. You would need the salt to even start trying.

 

[Bluce Ree]

The exact quote:

"And though the data was hashed to make it difficult to decipher, it's highly likely hackers were able to decode much of it."

:highly_amused: Really? You can tell from reading that piece that the guy does not know what hashing is. An MD5 hashing operation is a one way deal. You go from string to hash, and it does not go back the other way. It is not like encryption which merely encodes the string using a private key. Encryption CAN be broken. Hashing cannot. You would need the salt to even start trying.

Breaking a hash involves guessing strings, running them through a hash algorithm and hoping to hit the right combination. That's the equivalent of sitting in front of a log-in screen and just randomly entering passwords until you hit the right one.

Here are some examples:

Value - "Welcome to Gatefans."
Hash - fb519afac73c2e502449c74fe297e81a

Value - "Hi"
Hash - c1a5298f939e87e8f962a5edfc206918

Value - "Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum."

Hash - 01aad0e51fcd5582b307613842e4ffe5

A hash is basically a fingerprint produced from the digested input used to make sure that the value provided is correct. No matter how long the string, the returned value is always exactly 32 bytes (for a 128-bit MD5 hash), which is a 16-digit hexadecimal value (or 128 bit value). You can't "decipher" that 32 chatacter value to its original value. The only way to hack an MD5 hash is to keep MD5-hashing text, characters and values until you get a matching MD5 hash back. In other words, wildly guessing.