BlameThePixel!

BTForum » Main BTP Stuff » BlameTheGeneralDiscussion » I didn't hack

Page: [] [2] [] [4] [5]
[S]ReadMe
Absent
Send PM
Posts: 2820
Threads: 85
Money: £43.42 (D)
(+ Friend)
Not online within the last half an hour
hrm the only way to reverse engineer an md5 is to use a lookup table, i would have taken ages to convert all the btp password hashes into a readable form.

That worries me slightly - that another site being a pile of shite can so seriously affect this one :(

________________
Cant be arsed to remake my sig.
08.01.05 00:24
Post #16
[Hide Sig (7)] [Profile] [Quote]
[]Glenn
Forsetti
Send PM
Posts: 4241
Threads: 98
Mood: Godly
Money: £8.24 (D)
(+ Friend)
Not online within the last half an hour
I'm not going to change my password unless someone acts on the password first. They've got to have better things to do than find places I'm registered at. And I (fortunately) have plenty of friends in high places to repair any possible damages.

Besides, anyone that hijacks my identity I could take legal action against :D.
08.01.05 00:54
Post #17
[Youtube] [Hide Sig (12)] [Profile] [Quote]
[]knifa
Statusless
Send PM
Posts: 1174
Threads: 78
Money: £4.78 (D)
(+ Friend)
Not online within the last half an hour

Quoted :: YBY

yes, and i wish to say again, sorry for any inconvience i have caused, except the weird thing is is that, if i didn't do this then u guys wouldn't of known this so in a good way, i have helped u all...

i didn't know until today


I hope you burn in hell.
Kyle is better than you.

08.01.05 01:04
Post #18
Last edited: 08.01.05 01:07 (Knifa - 2 times) [Hide Sig (11)] [Profile] [Quote]
[S]Bloopy
Lazy, Busy, Fizzy, Crazy
Send PM
An Avatar
Posts: 2996
Threads: 145
WA Clan: WwA
Money: £764.65 (D)
(+ Friend)
Not online within the last half an hour

Quoted :: keeper

This site uses MD5 encryption, id assume that the passwords are also encrypted. So pulling a username / password list would be fairly useless since the pass words would resebmle alhpabet soup on crack.

There is a way to get the passwords without trying to crack the encryption, but im not going to say what it is. (An admin can PM me later if they'd like to know what that way is).

So my question is how did anyone get a hold of the passwords for BTP users in any readable form?

MD5 is not encryption, it is a hash algorithm. Encryptions are made for the purpose of being able to be unencrypted again and read, but hashes are a one way function which cannot be reversed. However people can guess your password and see if it matches the hash, and computers can do millions of guesses.

Anyone who got hold of the list of hashes in the BTP database would have been able to quickly get 100s of passwords by bruteforcing - short passwords and dictionary word passwords would be obtained very quickly.


But MD5 will become even more insecure, as ReadMe says, there are things called lookup tables. Someone can allocate gigabytes to a database and then spend a long time matching a password to every possible hash. They might do every password for 1-40 characters, then no password is safe if someone has your hash.

________________

Quoted :: Bloopy

Quoted :: thomasp
I suppose that's one "good" thing about my degree (aero engineering), there aren't too many terms/words/etc that have "alternative" meanings.
What, like cockpits, turboshafts, thrust, nozzles, corkscrews, ram drag, payload, flaps, and wind tunnels?
08.01.05 05:14
Post #19
[Planet Bloopy] [Hide Sig (7)] [Profile] [Quote]
[G]keeper
Statusless
Send PM
Posts:
Threads:
Money: £0.00 (D)
(+ Friend)
Not online within the last half an hour
^^ heh, i knew that/. ^^ i was being genral as not everyone know the difference.

And a look up table is not the only way to do it. there is one far easier then slaving away sending info into a hash/. Originaly designed for cracking unix servers: i fond that this method works well for server like BTP as its permissions are very .. shall we say.. liberal.

The secrete is in the sauce.

And Knifa.. wow that was hash....

Candyman, as much as you dont want to change it.. i would if i were you. I signed up after all this went down so I know im clear, but i might just change mine to be carefull.


Quoted :: ReadMe

hrm the only way to reverse engineer an md5 is to use a lookup table, i would have taken ages to convert all the btp password hashes into a readable form.

That worries me slightly - that another site being a pile of shite can so seriously affect this one


Indeed readme, JoE's site has never been one of my favorites. I've been there only once, to leave a nast remark in his shoutbox.

Now that SargeTron is in charge there (or so he claims) I imagine that the site will only get worse. JoE's site is nothing but pirated Worms stuff, and probobaly a few other things as well.

As a rule of thumb i never use the same password twice. I keep a roll-a-dex of my passwords next to my monitor should i forget one..

I recomend everyone else do the same. You can't take secuity lightly, The USA did, and we got September 11th as our punishment for it.
08.01.05 05:20
Post #20
Last edited: 08.01.05 05:34 (keeper - 3 times) [Hide Sig (0)] [Profile] [Quote]
[]Khuzad
Great Donkey Master
Send PM
An Avatar
Posts: 971
Threads: 12
WA Clan: ABD
WWP Clan: ABD
Mood: Inactive
Money: £5.20 (D)
(+ Friend)
Not online within the last half an hour
I just want to shortly say that SargeTron told me all this as well, but he didn't send me the password list because I told him not to. I didn't share this information with anyone at the time, because I promised not to tell. However I told him that if he abused it (like he obviously did quite recently) I would have to tell an admin.

I would strongly advise you all to change your password, as I already have done. It's not certain that he knows YOUR password, but be on the safe side and change it.

Just to say again: If no one had found this out already, I would have told.

Edit: SargeTron wants to say this:
YBY, i did not force you.
I asked, and you did.
Thanks to Khuzad for posting this on my behalf, since im banned :(.
Well, i think thats it...

________________
08.01.05 08:01
Post #21
Last edited: 08.01.05 08:23 (Khuzad - 2 times) [Hide Sig (8)] [Profile] [Quote]
[G]ben
Statusless
Send PM
Posts:
Threads:
Money: £0.00 (D)
(+ Friend)
Not online within the last half an hour
What is JoE's site?
08.01.05 12:09
Post #22
[Hide Sig (0)] [Profile] [Quote]
[S]ReadMe
Absent
Send PM
Posts: 2820
Threads: 85
Money: £43.42 (D)
(+ Friend)
Not online within the last half an hour
$goologo $m[1]

basically he's breaking a fair few laws by not hashing his passwords and stroing them literally and then in turn using those stored passwords to gain unauthorised access to a website, does anyone know what country he is from?

________________
Cant be arsed to remake my sig.
08.01.05 12:17
Post #23
[Hide Sig (7)] [Profile] [Quote]
[G]emberstrife
Statusless
Send PM
Posts:
Threads:
Money: £0.00 (D)
(+ Friend)
Not online within the last half an hour
Those two will keep blaming each other until they find someone else to point at. Doesn't the fact that they made themselves admins by using the "stolen" passwords already qualify them both for a long-time ban? Nobody was forcing them, and even if someone was, they could always refuse
08.01.05 12:54
Post #24
[Hide Sig (0)] [Profile] [Quote]
[]Khuzad
Great Donkey Master
Send PM
An Avatar
Posts: 971
Threads: 12
WA Clan: ABD
WWP Clan: ABD
Mood: Inactive
Money: £5.20 (D)
(+ Friend)
Not online within the last half an hour
XxSpIDerxX, I would like to make it clear that it was SargeTron who admin'ed both of them, YBY didn't. edit: Okay, I'm no longer sure about this. I'm very confused. :/

________________
08.01.05 13:01
Post #25
Last edited: 08.01.05 18:08 (Khuzad - 1 times) [Hide Sig (8)] [Profile] [Quote]
[G]jay
Statusless
Send PM
Posts:
Threads:
Money: £0.00 (D)
(+ Friend)
Not online within the last half an hour



Quoted :: XxSpIDerxX

Those two will keep blaming each other until they find someone else to point at. Doesn't the fact that they made themselves admins by using the "stolen" passwords already qualify them both for a long-time ban? Nobody was forcing them, and even if someone was, they could always refuse


Agreed.
08.01.05 15:44
Post #26
[Hide Sig (0)] [Profile] [Quote]
[G]the candy man
Statusless
Send PM
Posts:
Threads:
Money: £0.00 (D)
(+ Friend)
Not online within the last half an hour
yeah...well said Spider....

and why did Sarge Get Banned but not YBY?

they were both wrong
08.01.05 15:47
Post #27
[Hide Sig (0)] [Profile] [Quote]
[S]Zogger!
Looking For Status
Send PM
Posts: 3954
Threads: 62
Money: £93.82 (D)
(+ Friend)
Not online within the last half an hour
I believe he's from canada seeing as he told me his ISP.

And he says he used the md5 hashes to get the passwords, nowhere were any passes stored in plain text. short MD5d passwords can be turned back into plain text fairly quickly using various programs. It doesn't take a hugely long time, as Bloopy says.

[S]Zogger!$1notes there is also a thread about this at CL2k

YBY was unbanned because he's generally been less annoying than SargeTron in the past...

________________
You know I'm a dancing machine
08.01.05 16:35
Post #28
[Hide Sig (8)] [Profile] [Quote]
[]YBY
Why me?
Send PM
Posts: 293
Threads: 17
WWP Clan: ABD
Mood: w00t £1000 and my 15% tax gone
Money: £350.95 (D)
(+ Friend)
Not online within the last half an hour
http://www.acidplanet.com/artist.asp?PID=673751&t=4784 My ACIDplanet profile, PHS. Please go check this out, my own made music
--------------------------------------------------------------------------------

thx:D

________________
--------------------------------------------------------------------------------
My MSN Status is currently: An image!
08.01.05 18:00
Post #29
[Bobland Illustrations] [Hide Sig (20)] [Profile] [Quote]
[]kikumbob
om nom nom nom nom
Send PM
Posts: 1473
Threads: 38
Mood: Effervescent
Money: £80.00 (D)
(+ Friend)
Not online within the last half an hour
change it to a different language.
08.01.05 18:53
Post #30
(Spam) [Hide Sig (9)] [Profile] [Quote]
Page: [] [2] [] [4] [5]

Post Reply

Jump To:


Your Comments:

Donate to BlameThePixel:
Donate to BTP Via PayPal


[22 Queries, Page Loaded in 0.889327 Seconds]

ShoutMeUp

Xmas Greetings from waka waka waka waka []Unvalidated EmailChristmasRiddle MERRY CHRISTMAS EVERYONE! []Spleet Except for Spleet. []TheAbdBoy Always bummin' a brother out. []Spleet Happy New Year everyone! But Spleet. []TheAbdBoy

Word Association

All

-10 Ago-

MiddleEastern []AlphaWolf camel [S]Bloopy toe []TheAbdBoy moose knuckle [S]Bloopy MeatLoaf []Spleet IdDoAnything4Lo ve []AlphaWolf rub n tug []TheAbdBoy tugboat []The Pope rope [S]Bloopy race []TheAbdBoy

-Latest-


Must be logged in to add new words

FictoLeague

You have to be logged in to vote...

Member Stats

Date: 18.12.24.
Members: 4731.
Latest: []Unvalidated Emailsdsakldsaldklasdsdsa
Active:
0 user(s)
1 guest(s)

On chat:
Lots of people

Files: 3330

Bloopy's Site
Get Firefox Get Opera Donate to BTP Via PayPal