Thread replies: 12
Thread images: 3
Thread images: 3
File: hongfire hacked.jpg (362KB, 1920x1080px) Image search:
[Google]
362KB, 1920x1080px
so stupid question, what is a salted MD5 password? does that mean encrypted?
I just found out that hongfire got hacked and my email was a part of it, but I stopped using hongfire when they got rid of there download section, that was years ago. I dont even remember what password I was using back then.
do you think I should be worried, I dont even use the same passwords anymore. except on other old forums that I dont visit any more.
>>
>>58818669
>abp
>noscript
>windows
you deserved it
kys
>>
File: 1123343548.png (528KB, 702x658px) Image search:
[Google]
528KB, 702x658px
>>58818669
>2017
>1080p
>Stock Firefox
>NoScript when uMatrix exists
>ABP when uBlockO/uMatrix exists
>Having more than 2 items pinned on Taskbar
>Labels set on 'Never Combine'
>>
Salted md5 means a random value is added to the password before hashing with md5.
For example, if I have the password "password," and a salt is added to it, it would become "password1234" and then hashed with the md5 algorithm.
This is a very basic idea, but it is an added security measure against reverse hashing.
>>
>>58818798
thank you, I went back to the site, and found out I was using a realy old password, I also found out that hongfire brought back there DL sections, not that it matters any more. that place looks like a ghost town.
>>
File: 1478345413903.png (369KB, 1880x3148px) Image search:
[Google]
369KB, 1880x3148px
Stop being a nigger and learn a thing or two
>>
Your password is typically stored as a hash, which isn't really your password, but the result of what happens when your password is fed into a sort of meat grinder. When you log into the site, your password is fed into that grinder, and if the resulting hash matches the hash stored for your account, you get to log in.
However, while your password isn't stored as your password itself, knowing that hash allows someone to feed random junk into the meat grinder until they get the matching result. That will reveal your password because the process will remember what it it into the grinder before it got the correct result.
Thus, some systems will 'salt' a hash by adding some other information into the grinder along with your password. That extra info can just be a random number, a date, anything. And that 'salt' can change from person to person, ensuring that a successful attack against one person doesn't mean a successful attack against everyone else.
To find out what the 'salt' is, a more comprehensive dump of the database is required. That, or access to the site's authentication implementation. Or, a lot more time and a lot more effort.
Which is to say that if someone has your salted hash from hongfire, someone potentially has your hongfire password. But, to actually turn that potential into a reality, they'll need to do a lot of work, or they'll need to have a lot of information and do just a little less work.
>>
>>58818827
Additionally, I'd like to point out that within the security community, md5 is not considered secure anymore.
It is "cryptographically broken and unsuitable for further use."
http://www.kb.cert.org/vuls/id/836068
>>
>>58818851
thank you, that is exactly what I wanted too know.
>>
>>58818798
And the salts are stored alongside the passwords. I.e., they are known to the hacker.
>>
TL;DR their security is shit and they hadn't taken very good countermeasures for if someone did hack their shit
>>
>>58818669
>anime
degenerate
Thread posts: 12
Thread images: 3
Thread images: 3