Ozyrox wrote:Can't I just not change it? I don't see what they could possibly do with my information if it isn't linked to my email password. Haven't made any payments or done anything significant. I mean sure they can use my account to play a few rounds don't see what thats gonna do to me. I just don't want to change it to a more secure password since this hacking may happen again and we'd all be back to square one with my secure passwords no longer being secure. Sorry for not quite trusting the system but this is the reason why I didn't use a good password to begin with. I know that if I use a secure password it would be harder for them to figure it out but the keyword here is harder not impossible.
Technetium wrote:If you don't use the password you used here for anything else, the only thing whoever breached the site can get at with the information they have is your ToS account. Is that the case?
Naru2008 wrote:Ozyrox wrote:Can't I just not change it? I don't see what they could possibly do with my information if it isn't linked to my email password. Haven't made any payments or done anything significant. I mean sure they can use my account to play a few rounds don't see what thats gonna do to me. I just don't want to change it to a more secure password since this hacking may happen again and we'd all be back to square one with my secure passwords no longer being secure. Sorry for not quite trusting the system but this is the reason why I didn't use a good password to begin with. I know that if I use a secure password it would be harder for them to figure it out but the keyword here is harder not impossible.
Oh shit boi, it's Ozy. God that's a name I haven't seen in years.
mamazavulan wrote:Password must be between 8 and 32 characters long, must contain letters in mixed case, must contain numbers and must contain symbols.
For the record, this is really obnoxious. Was not a previous requirement, nor should this be a requirement.
ZoruaLuhansk wrote:mamazavulan wrote:Password must be between 8 and 32 characters long, must contain letters in mixed case, must contain numbers and must contain symbols.
For the record, this is really obnoxious. Was not a previous requirement, nor should this be a requirement.
This.
For me, I just get a bunch of words from Random Word Generator and put that as my password. If my password is 27 characters, I feel that needing to add symbols and numbers to my password causes more harm trying to remember where I put them than the extra security it brings.
GeniusWind wrote:switching to a more secure hashing algorithm is not a problem? Simply have a flag for each user that is set when the user successfully resets their password. Don't allow the user to login without resetting their password such that only inactive accounts will not have reset their passwords. eZ
Algorithm should be switched ASAP. Y u no use SHA-2?
Naru2008 wrote:Ozyrox wrote:Can't I just not change it? I don't see what they could possibly do with my information if it isn't linked to my email password. Haven't made any payments or done anything significant. I mean sure they can use my account to play a few rounds don't see what thats gonna do to me. I just don't want to change it to a more secure password since this hacking may happen again and we'd all be back to square one with my secure passwords no longer being secure. Sorry for not quite trusting the system but this is the reason why I didn't use a good password to begin with. I know that if I use a secure password it would be harder for them to figure it out but the keyword here is harder not impossible.
Oh shit boi, it's Ozy. God that's a name I haven't seen in years.
Stu34666 wrote:I was going to post the same as hope64 above. Salt is a random string (to be most beneficial it should be long and unique to each user) added to the plaintext input - a way of making your password even longer - it's not dependent on any hashing algorithm.
$salt = bin2hex( random_bytes(32) );
-> '91a779e1c9bfe1d074f08c2637710a1dc2ebf591cf684c34d6569feda4b13604'
md5( 'password123' ) -> 482c811da5d5b4bc6d497ffa98491e38
md5 ( 'password12391a779e1c9bfe1d074f08c2637710a1dc2ebf591cf684c34d6569feda4b13604' ) -> 981187ec7518c9634e88e9c9a6ba251f
Cracking of md5 password hashes is usually done with rainbow tables ( basically a spreadsheet of plain text passwords and their corresponding md5 hash, for that method to be useful with a salted password, the rainbow table would need a row with 'password12391a779e1c9bfe1d074f08c2637710a1dc2ebf591cf684c34d6569feda4b13604' in it ) or brut-force ( dictionary words and oft-used passwords are md5-hashed and compared to the hash in the breached list - again for that to work the word 'password12391a779e1c9bfe1d074f08c2637710a1dc2ebf591cf684c34d6569feda4b13604' would have to be one that's guessed )
re moving to a different hash - that can be done without having access to the plain-text by double-hashing e.g. bcrypt( md5( 'password123' )) -> password_hash("482c811da5d5b4bc6d497ffa98491e38", PASSWORD_BCRYPT, ['cost' => 14] ) -> $2y$14$1seSmg0kLvKVPyoXIwipt.GbBW5tgetvN08gyHak14iKGvcOhNsMe
There's a good writeup here https://www.michalspacek.com/upgrading- ... ord-hashes
Royee wrote:@devs , @ admins , @ mods.
Someone on reddit posted and admitted that he breached all of the passwords and sold it for some cash. What are you going to do about him?
Ozyrox wrote:Royee wrote:@devs , @ admins , @ mods.
Someone on reddit posted and admitted that he breached all of the passwords and sold it for some cash. What are you going to do about him?
You should probably provide a link here so they know who was responsible
Royee wrote:Ozyrox wrote:Royee wrote:@devs , @ admins , @ mods.
Someone on reddit posted and admitted that he breached all of the passwords and sold it for some cash. What are you going to do about him?
You should probably provide a link here so they know who was responsible
Sure thing , i will provide a link once i come back home(on phone rn). For now the username is u/Darkstrider666
He has only 1 post so it shouldnt be hard to to find it.
99Pineapples wrote:Someone please help! I've looked for probably 20-25 minutes and can't find anywhere to change my password from the string of numbers and letters the e-mail password reset gave me.xXWeaponPrimeXx wrote:Maybe I'm just horrifically incompetent but I can't find where to change my password. Can someone tell me where to click/look?
Alicitzen wrote::LUL: email about this got junk filtered and i didnt see it tilpeople said emails were sent and i dug for it
Flavorable wrote:Alicitzen wrote::LUL: email about this got junk filtered and i didnt see it tilpeople said emails were sent and i dug for it
So far, from what I heard, this seems to be a hotmail issue, because hotmail auto-spamfilters it.
On gmail, I got it straight away in my inbox.
Gorlegg wrote:So you're asking me to change my password because it has been stolen from you, and THEN you send me a clear-text password by e-mail? I see that any information I give to you is being well kept!
Alicitzen wrote:Flavorable wrote:Alicitzen wrote::LUL: email about this got junk filtered and i didnt see it tilpeople said emails were sent and i dug for it
So far, from what I heard, this seems to be a hotmail issue, because hotmail auto-spamfilters it.
On gmail, I got it straight away in my inbox.
I do not use hotmail so no idea where thats comin from.
Users browsing this forum: No registered users and 8 guests