[READ] Recent server breach

[paxie]

So no one should be concerned with the fact our passwords are hashed in a way that a free online website can crack them in seconds?

 

[flyerx2359]

B. Houston here with a temp forum account until my regular one gets fixed up lol. Sent in a support ticket to get my regular account (flyer2359x) fixed for the forums.

Crazy what some people will do to try and destroy something but in the end we're the ones laughing because they failed and look like idiots. Hopefully somehow extra security measures are put into place. Luckily I use a different password for most things albeit they can be hard to remember sometimes LOL. I feel like Booth and Evans kinda knew what they were doing from the getgo since they were part of management/helped develop it in some parts.

 

[Jordan23]

Whos that jordan he seems like a Cool guy

All Jordans are cool guys

my nigga

 

[Hiphop]

The passwords weren't hashed or if they were it was some weak ass hash, because my password was just sent to me by a friend.

Why the fuck wouldn't y'all use a proper hash like MD5 or SHA256 lol

MD5 is outdated lol.

go back in your cave ashley

MD5 is pure shit. Hashing at the moment is fine but people use easy passwords.

this is the best encrypt.
http://forum.sa-mp.com/showthread.php?t=453544

that hasnt been updated in 2 years. and it's not about whether md5 is shit or not -- they used NO hashing at all. the data in the leaked database is plain text lmfao

there was salting implemented by booth - instead of replacing it with an alternative they just removed the hashing and kept it plain text.

 

[TommyB]

that hasnt been updated in 2 years. and it's not about whether md5 is shit or not -- they used NO hashing at all. the data in the leaked database is plain text lmfao

there was salting implemented by booth - instead of replacing it with an alternative they just removed the hashing and kept it plain text.

yeah no, the passwords were never kept in plain text. maybe during the earliest days of rcrp they were but i wouldn't know about that.

 

[Jboi]

So no one should be concerned with the fact our passwords are hashed in a way that a free online website can crack them in seconds?

You do realize the only reason this breach was possible was because Booth was an ex-dev so he was given legitimate access to the database while he was working for RC:RP right?

You do realize that salting them wouldn't have changed anything since Booth would know the salt and the algorithm he used could easily be reverse engineered by himself right?

Regardless, the security measures have been updated, this type of breach will never happen again regardless of whether a disgruntled ex-dev gets a hold of the database.

 

[paxie]

So no one should be concerned with the fact our passwords are hashed in a way that a free online website can crack them in seconds?

You do realize the only reason this breach was possible was because Booth was an ex-dev so he was given legitimate access to the database while he was working for RC:RP right?

You do realize that salting them wouldn't have changed anything since Booth would know the salt and the algorithm he used could easily be reverse engineered by himself right?

Regardless, the security measures have been updated, this type of breach will never happen again regardless of whether a disgruntled ex-dev gets a hold of the database.

I hope you've picked a stronger password this time, John.

 

[Cain]

Fucking Aperture...

 

[paxie]

It's kind of funny considering you're claiming to be a pro expert in data protection whilst trying to blame it on everybody else for using 'poor passwords'. No. The burden legally lies upon the data holder to "maintain reasonable security procedures and practices” to protect “personal information” from “unauthorized access, destruction, use, modification, or disclosure" - that isn't what happened in this case. The passwords were using a simple hashing algorithm which anybody with basic computer science knowledge knows are vulnerable to dictionary attacks. And the sensitive data was taken from a database leaked months ago, which I don't know if the people in charge knew about before the attack but if they did they should have told everybody to reset their passwords then, before anything untoward happened.

cruxj only smart guy here

 

[TommyB]

Fucking Aperture...

I knew it.