Good response, way to go Cheapy.
I don't even remember ever creating Adobe and Moneybooker accounts. Why the HELL would I have one of those?
The website said Final Fantasy Shrine was breached, and my e-mail address was included.
I don't play Final Fantasy, so why would I go there?
The website said Final Fantasy Shrine was breached, and my e-mail address was included.
I don't play Final Fantasy, so why would I go there?
Oh noes hacked via Xsplit...when did I even create an account?
1) Your passwords are combined with a random set of characters and then hashed to create a unique fingerprint, and only this is stored in our database.
This is impossible to reverse engineer, so if you use your CAG password on other sites, they would not be compromised.
Wow. Just checked as Many of my emails and usernames I can remember. I'm all green across the board. Lucky me.My details have already leaked in (at least) 3 major hacks:
One can check their own email address at https://haveibeenpwned.com/
And it's possible to get notified automatically.
edit: entering my user name finds a 4th breach: Battlefield Heroes.
TOP KEK
About CheapyD's post
No. If a password is weak (CAG allow passwords with 3 characters), the hackers will find it (wordlist or bruteforce). Hash+salt doesn't protect weak passwords.
Why does gaf always come up for no reason on these other sites lol
That free adobe premiere pro?I don't even remember ever creating Adobe and Moneybooker accounts. Why the HELL would I have one of those?
Well, password crackers generally don't go straight for simple brute force. They'll do dictionary attacks and then permutations (like $ instead of S, etc). A shorter password that's truly random is more secure than a password that's generated from one word, two words combined, a pattern on your keyboard, etc. In any case,I did an experiment once. If your password is greater than 5 characters and you happen to have some sort of punctuation and/or a capital letter it takes a LONG time to brute force. Moreso on the order of several years depending on how much hardware you are paying for/using. If the encryption was good, most users should generally be okay. Ouch at those who thought a 3 character passy was safe.
is overstating it. Salts (the "random set of characters" your password is combined with) are stored somewhere on the DB, so if they got in, it's safe to assume they got the salts as well. It's not "impossible" to crack, just more difficult, and possibly not worth the time, depending on which hashing algorithm they used.1) Your passwords are combined with a random set of characters and then hashed to create a unique fingerprint, and only this is stored in our database. This is impossible to reverse engineer, so if you use your CAG password on other sites, they would not be compromised.
CAG uses IP.Board, and their documentation sez:depending on which hashing algorithm they used.
The hash is the md5 sum of the md5 sum of the salt concatenated to the md5 sum of the plaintext password. Expressed in PHP code, this is as follows:Code:$hash = md5( md5( $salt ) . md5( $password ) );
CAG uses IP.Board, and their documentation sez:
The salt is a random 5 character string that's stored in the same database table.
what's a jabber?
Nexus6 said:Shout out to John getting the site back up so soon.
md5 is completely broken now, no one should be using it. Might be how the kid is logging in as web admin.
Übermatik;192664581 said:Whats with the Bitcoin image?
man I am glad I transitioned to using Lastpass for everything about a year ago.
Wow... I can't believe this is still happening. Poor CheapyD.Oh dear...