EPT[Patch 3.10: Yimake Patch] General Discussion - Page 317
| Forum Index > LoL General |
|
SnK-Arcbound
United States4423 Posts
| ||
|
nyxnyxnyx
Indonesia2978 Posts
On August 21 2013 10:02 thenexusp wrote: There's some wrong information in here and I'll just go point by point: - This is why you never, ever reuse the same password for multiple sites. - xkcd's 4x dictionary words approach cannot be brute forced. The idea is that the combination of 4 (random, independent) dictionary words cannot be brute-forced, because each additional word multiplicatively increases the brute-force time.. Say the words are taken from the 10,000 most common words. A password containing a single dictionary word might be brute-forced in 0.01 second. But 4 dictionary words together exponentially increases the number of possible passwords. so instead of 10,000 things to search through you have 10,000,000,000,000,000. This takes 10,000,000,000 seconds, which is hundreds of years. - You can get all the hashes and salts, but as long as your password is decently secure your password should still be safe. The whole point of salting & hashing your passwords is to mitigate the damage in the case of a database break-in. - You misunderstand how password salts work. There isn't a single "Riot salt" that is applied to each password. Each user has his own salt, which is stored in the database in the same row as the user. The idea is to make it so that one can't create a comprehensive table of password->hash combinations to immediately break large sections of the database; you have to redo the work for each user because each user has a different salt. - You should never use a password that's been leaked on one of the plaintext leaks. If you have an original, secure password, chances are you're fine. - One way to check your password security is by asking "if the attacker knew what form my password took, how many other passwords are possible?" For example, if your password form was "common dictionary word followed by a number", there are about 10,000*10 = 100,000 possible passwords, which is horribly insecure. If you use "common dictionary word with some letters in leetspeak" you have 10,000*16ish (assuming 4 possible letters to substitute or not), which is still bad. You want something on the order of 10^14 at least, more if you're paranoid about future advances in technology. - On the other hand, you don't need the most secure password; all you need to be is have a harder-to-crack password than the next guy. If someone were to comb through Riot's databases, and finds 100,000 people who have passwords that can be cracked in 3 minutes, he's not going to bother with yours if yours takes an hour to crack (even if it is theoretically doable). (Still, it's probably better to go with passwords that will take thousands of years) And more stuff... - A list of the 10,000 most common passwords: http://pastebin.com/Y1Tx2hA9 There are some interesting things on here. For example, "zaqxsw". If you think about it, you might see how someone would use this password... Needless to say, if your password appears here you are very unsafe. I'm not an expert or anything, just read this article a little. Wouldn't it be possible to do a combinator attack like here: "The specific type of hybrid attack that cracked that password is known as a combinator attack. It combines each word in a dictionary with every other word in the dictionary. Because these attacks are capable of generating a huge number of guesses—the square of the number of words in the dict—crackers often work with smaller word lists or simply terminate a run in progress once things start slowing down. Other times, they combine words from one big dictionary with words from a smaller one. Steube was able to crack "momof3g8kids" because he had "momof3g" in his 111 million dict and "8kids" in a smaller dict. "The combinator attack got it! It's cool," he said. Then referring to the oft-cited xkcd comic, he added: "This is an answer to the batteryhorsestaple thing."" | ||
|
MidnightGladius
China1214 Posts
Also, my password is pinyin, with numbers, of a random Chinese statement. | ||
|
WiseBagus
Canada452 Posts
| ||
|
obesechicken13
United States10467 Posts
On August 21 2013 11:19 nyxnyxnyx wrote: I'm not an expert or anything, just read this article a little. Wouldn't it be possible to do a combinator attack like here: "The specific type of hybrid attack that cracked that password is known as a combinator attack. It combines each word in a dictionary with every other word in the dictionary. Because these attacks are capable of generating a huge number of guesses—the square of the number of words in the dict—crackers often work with smaller word lists or simply terminate a run in progress once things start slowing down. Other times, they combine words from one big dictionary with words from a smaller one. Steube was able to crack "momof3g8kids" because he had "momof3g" in his 111 million dict and "8kids" in a smaller dict. "The combinator attack got it! It's cool," he said. Then referring to the oft-cited xkcd comic, he added: "This is an answer to the batteryhorsestaple thing."" Thanks for the long reply nexus. I'm not sure if a combinator attack would work. The article says they use two dictionaries, whereas correctBatteryHorseStaple requires 4 in a row, greatly increasing the complexity. | ||
|
Koenig99
Canada904 Posts
![[image loading]](http://4.bp.blogspot.com/-1ilPH70NjAQ/UhQcjQ0oCoI/AAAAAAAAGYc/a76wc1DXGGA/s640/Leona_Splash_4.jpg) Goddamn... | ||
|
Zess
Adun Toridas!9144 Posts
On August 21 2013 11:19 nyxnyxnyx wrote: "The combinator attack got it! It's cool," he said. Then referring to the oft-cited xkcd comic, he added: "This is an answer to the batteryhorsestaple thing."" Yes and no. It is a big disingenuous to suggest that 4 dictionary words are "super secure" since you can still brute force them much easier than unpatterned passwords. It is far more secure than doing something that is shorter letters and has numbers and stuff though, just because anything under 6 characters can be purely brute forced in the order of minutes. And even with pattern rules using existing word list profiles, "batteryhorsestaplecorrect" is going to be pretty hard to crack because it has complexity N^4, N being the word list you are using. Appending some random characters into the middle of a word "batteryho#4x3rsestablecorrect" makes it pretty much as secure as "E88xn8YJMX0m|YVJNSk$4`Zt^[U.>J|0" from the perspective of automated brute force. Basically trying to crack either of those is in the "not gonna bother" area of diminishing returns because hackers always go for the low hanging fruit. So don't be the guy with "h4h4mordekaiser" and you should be safe. P.s. keepass is amazing and you should all use it. | ||
|
obesechicken13
United States10467 Posts
On August 21 2013 12:07 Koenig99 wrote: Goddamn... Oh man. That is hot. Something something sun don't shine. | ||
|
FinestHour
United States18466 Posts
| ||
|
justiceknight
Singapore5741 Posts
| ||
|
Alaric
France45622 Posts
Also maybe Leona would see more play if people realised she's a redhead?  Her posture on the splash makes me wonder what it'd look like in the loading screen. Pretty different from the rest of her skins. Graves' W pretty good. | ||
|
Celial
2602 Posts
Hearthstone though =( Tore Salce a new one as Hunter vs Mage, didn't even take one point of damage^^ | ||
onlywonderboy
United States23745 Posts
| ||
|
wei2coolman
United States60033 Posts
On August 21 2013 11:51 WiseBagus wrote: I have been getting Soulstealer in game where I play Lulu, Sona, Janna, and Soraka. I usually go SS> Boots> Chalice> Ruby SS> Mobi Boots> Philo > Mejai> Crucible> into a morello or something else we need. I wish I was this rich when I play support. But I gotta buy wards and stuff. | ||
|
Ryuu314
United States12679 Posts
On August 21 2013 08:56 AsianEcksDragon wrote: I'd say DShield is a much more attractive buy than before now that they lowered the price and removed the armor component. Are you going mid with Zed against someone like Ori, Lux, or TF? Well now that DShield only grants health and helps you against ranged autoattack, your level 1-3 is way smoother with the unique passive compared to the longsword + 2pot opening. The other example I already gave in an earlier post is Alistar vs. Lulu/Ez or any other strong kiting ranged duo at bot lane. You want to negate as much poke damage as possible as you are an all-in champion so you need to keep your health before finding a good opportunity to go deep. I wouldn't open with it unless the enemy jungler has no early gank potential but it's something you might want to consider buying on the first or second trip back. Really late to this reply but w/e First off, no one really goes longsword +2pot. If you're playing an AD assassin mid, you go red elixir for all-in potential or you open with a sustain-heavy opening. DShield is not a good starting item in almost any situation. The regen on the item itself is pithy and you only get 1 potion, which is almost never enough especially if they're harass heavy, and have no possibility to get a ward unless you go deep into utility. After you recall, you'd much rather buy items like DBlades, Cutlass, Bruta to help you actually kill the other guy. On supports it's a reasonably good buy, but even then it's suspect since sightstone and wards are just so strong you're probably better off just getting a ruby crystal and turning it into a sightstone asap. | ||
|
Frudgey
Canada3367 Posts
On August 21 2013 12:53 wei2coolman wrote: Summer skin leona too sexualized. Someone cover her up! Honestly I think she could have been a lot worse. I think she's pretty decent as is. | ||
|
Ryuu314
United States12679 Posts
On August 21 2013 13:08 Frudgey wrote: Honestly I think she could have been a lot worse. I think she's pretty decent as is. I'm honestly quite surprised at how not sexualized it is. I mean come on, the midriff isn't even showing. Not that much boobage in the splash art either. | ||
|
wei2coolman
United States60033 Posts
On August 21 2013 13:08 Frudgey wrote: Honestly I think she could have been a lot worse. I think she's pretty decent as is. It was sarcasm.... | ||
|
onlywonderboy
United States23745 Posts
| ||
|
Frudgey
Canada3367 Posts
On August 21 2013 13:11 wei2coolman wrote: It was sarcasm.... Oh.... That's cool.... I guess..... I think my favorite thing about the summer skins is all the different champions that you can see in the backgrounds of their splash arts. | ||
| ||
