Security Breach

[beatles1]

Were passwords salted, I'm slightly worried by the post not mentioning it that they weren't?

[myonlake]

At least they were encrypted. That's already good enough, unless you happen to have a bad password that can be found from rainbow tables.

[beatles1]

Hashed, not encrypted. It's not good enough without being salted. Most users will use common words and maybe some numbers and so without salt they will be very vulnerable.

What's happened has happened, I just want to know.

[Myths_Gaming]

I've the same question, normal MD5 encryption can be easily decrypted using free databases on the internet that have billions and billions of words, so ... ?

[Blokker_1999]

As far as I know phpbb3 uses the phpass framework. MD5 has been considered insecure for many years now. Any site still using it might as well simply use plain text.

[Callum]

What security breach?

[beatles1]

@Callum: viewtopic.php?f=31&t=92175

[Jaysds1]

Either way, everything was encrypted and you should still consider on changing your passwords...

By the way, I heard one of the MTA Admin or Dev was working on a new Forum/Community/Bugs site for MTA.

Seen by this anyways http://login.mtasa.com/

[myonlake]

Either way, everything was encrypted and you should still consider on changing your passwords...

By the way, I heard one of the MTA Admin or Dev was working on a new Forum/Community/Bugs site for MTA.

Seen by this anyways http://login.mtasa.com/

Well that's just someone testing the sub-domain probably, no other reason for having a Google layout there, unless they're working on authenticating through Google in the future (which I'd like a lot).

[Mr_Moose]

Changing your password is the best thing you can do right now, hash functions are made to be extremely fast to calculate so using them to secure passwords aren't smart at all. Still tho, most forum software does exactly that including phpbb, mybb, smf etc.. Generally, the longer password you have the longer time it takes to crack it as a cracker needs to try all combinations, a few examples can be found here: https://hashcat.net/oclhashcat/#performance.

To crack all passwords built by 6 characters you would only need a couple of seconds on a normal gaming PC. If the cracker used to mine bitcoin he'll probably crack all passwords a hundred times faster. So at this moment he's probably done cracking all the passwords here, although I don't think it's a big threat for the average members as the cracker can't do much more than post or edit some details, the important thing is that all administrators and moderators around here update their passwords.

[Jaysds1]

Yea that's true,

the big threat goes to Admins and Mods but it's also a threat to us because if the cracker follow our usernames anywhere else other than here.

Like me, I use the same username on most sites but change password to something different; but others might use the same password for their username.

[myonlake]

Yea that's true,

the big threat goes to Admins and Mods but it's also a threat to us because if the cracker follow our usernames anywhere else other than here.

Like me, I use the same username on most sites but change password to something different; but others might use the same password for their username.

The general rule is that you never trust anyone. For that reason alone you might want to consider having a different password on every site. If people have the same password everywhere, then that's more or less their own problem. You can never trust anyone, because everything is vulnerable to human error.

[Jaysds1]

That's true.