54 replies to this topic

[silversun]

Well, I guess on the bright side, if you find yourself on one, you know you're doing something right

[gemificus]

my password is password12....

yes guys is was my poor excuse for a joke

[Boggart]

so poor it needs welfare LOL

[Gee]

Luckily I have a complex password so no idiot can try to guess what my password is. >_>
I have a question, if you get cookie grabbed wouldn't they be able to access your personal PIN as well? Just a thought...

[sc4fps3]

Luckily I have a complex password so no idiot can try to guess what my password is. >_>
I have a question, if you get cookie grabbed wouldn't they be able to access your personal PIN as well? Just a thought...

That's not stored in your cookies, just on Neopets' servers.

[Lineage]

Good thing my email goes to my university and my password is seriously just random numbers and+ random capitalized and uncapitalized letters.

I used to have quite a problem with people trying to fuck with my account so I'm sure my account has been on these lists before.

[Boggart]

CG'ers don't get access to your info, just to your cookies. THus they can browse your account until your cookies expire.

[Noitidart]

This stuff is horrible. We don't allow this on our boards.

[Mishelle]

I feel like my account is too crappy for them to even attempt to break in to mine but I'm going to change my password to something a little more secure just in case.

[luvsmyncis]

A few people here know my account. It's not that impressive

That's what she said.

[Elindoril]

That's what she said.

About his account, or his Asian penis?

[Faval]

JN and TDN are pretty safe IT's the people hacking them into hash lists that can't be trusted

Makes me wonder about the security of those sites if people can get into the database and get the hashed list of username and passwords.

[Boggart]

yes, lots of people here know about my Asian penis. It's not that impressive

[Philly]

Makes me wonder about the security of those sites if people can get into the database and get the hashed list of username and passwords.

I thinkthey are pretty secure. havent heard of someone losing their account thanks to those sites yet.

[Waser Lave]

I thinkthey are pretty secure. havent heard of someone losing their account thanks to those sites yet.

Actually I'd say people have lost hundreds, if not thousands, of accounts due to hash lists from those kind of sites...

[Boggart]

I thinkthey are pretty secure. havent heard of someone losing their account thanks to those sites yet.

I agree with laser. Someone told me that per every hash list of about 1000 names, about 100 would work. Sometimes more, sometimes less of course.

[Coilvect]

IMO Passwords should contain %&$# if they're allowed.

[Elindoril]

IMO Passwords should contain %&$# if they're allowed.

Why so? A randomly generated password of both lower and upper case letters as well as numbers should be secure enough, depending on its length and complexity.

Really, no one is going to try and crack your account if they can just jump right into some idiots account with "justinbeiber" as their password or something.

[Waser Lave]

Why so? A randomly generated password of both lower and upper case letters as well as numbers should be secure enough, depending on its length and complexity.

Really, no one is going to try and crack your account if they can just jump right into some idiots account with "justinbeiber" as their password or something.

20+ character length and you should be fine.

[Philly]

Actually I'd say people have lost hundreds, if not thousands, of accounts due to hash lists from those kind of sites...

Sorry to be so ignorant but what's a hash list?

[Faval]

Sorry to be so ignorant but what's a hash list?

It's basically like a encrypted version of the password if you will. Databases usually store the password in an encrypted forum using whatever keys they have setup in their configuration.

I'm not sure how long it would take to crack what the key is and decrypt the data but some people have a lot of time on their hands.

So let's say the database here stores my password as 7C4A8D09CA3762AF61E59520943DC26494F8941B or something arbitrary like that. Once you know the algorithm for decrypting it, they have my password.

Edited by Faval, 22 October 2010 - 12:13 PM.

[Coilvect]

In a nut shell hash lists are a list of data blocks in a file or a set. Its usually encrypted with SHA-1 encryption.

[Waser Lave]

In a nut shell hash lists are a list of data blocks in a file or a set. Its usually encrypted with SHA-1 encryption.

They're usually MD5.

[Faval]

They're usually MD5.

Yeah since that seems to be the default for php settings. SHA1 is probably the default setting if you're using a .Net build.

[iargue]

20+ character length and you should be fine.

Using 1 letter is probably the best. Most crackers just start at 4 letters and continue from there. .