EPTa) have the hash of our passwords
b) know the hashing algorithm that blizzard use
c) your password need to be weak
I don't see that happening, but better safe than sorry.
Blizzard Security Breach - Page 6
| Forum Index > SC2 General |
|
DertoQq
France906 Posts
a) have the hash of our passwords b) know the hashing algorithm that blizzard use c) your password need to be weak I don't see that happening, but better safe than sorry. | ||
|
Bagration
United States18282 Posts
So could we infer that the hackers are based from China, or is that just simply a red herring to scapegoat? | ||
|
Kambing
United States1176 Posts
| ||
|
WiljushkA
Serbia1416 Posts
On August 10 2012 07:38 Probe1 wrote: So change your passwords. Got it. (Before anyone says "Oh no Probe u sux at reading", cryptographically scrambled versions.. do you trust your account and information on that? Do you?") yeah. they store only the hash values of passwords, that are attained through the use of a one-way function. its actually pretty safe stuff. to break them hackers would need to be either better at math than the worlds best mathematicians, or have access to currently non-existent amounts computing power. | ||
|
InDesconrowl
Togo311 Posts
On August 10 2012 08:40 QuanticIllusion wrote: Didnt something like this happen a year or so ago? damn hackers It happened to steam about a year ago. The chinese hacker who hacked steam is now in jail  . | ||
|
Medrea
10003 Posts
I'd imagine most people have one by now, its so small. I wish my bank account had one. | ||
|
Virtue
United States318 Posts
On August 10 2012 08:30 netherh wrote: It's lucky they don't do anything stupid like make all the passwords case insensitive... Oh wait. Usually at this point after a hack, case of the characters in your passwords doesn't matter. They are just going to brute force (Try every possible combination of characters for a certain length) and when a computer is just calculating hashes and comparing them it doesn't make it harder or easier. Thankfully, it seems like Blizzard's password storage protocol is a lot better than most encryption methods at standing up to brute forcing their hashes. (Might even be impossible.) Still, when it comes to passwords length is all that matters. I work for a company that audits IT and when we get hashes of passwords like these guys did, we can usually crack all of an institutions passwords in a day. The only ones we can't crack no matter how long we try are are ones that are long (Something like 13-15 characters or longer). The best passwords are ones that are long and easy for you to remember/type but that are also hard for people who have information about you to guess and are not used for multiple accounts/sites. R1CH has pointed out that last bit before; If you have a different password for everything, one compromised site like this won't matter. People only use short passwords because they are usually forced to used ridiculous cases and special characters that make the password hard to type quickly. If you just make a password that is long, has a few spaces, and only uses lower case letters, you'll be more secure than someone who has an 8 character long password that has a capital letter, special character, and a number and much more likely to be able to remember it and type it quickly. *Edited part of my second paragraph. It now correctly says that "The only ones we can't crack no matter how long we try are the ones that are long(Something like 13-15 characters or longer)" | ||
|
Grimmyman123
Canada939 Posts
| ||
|
Integra
Sweden5626 Posts
| ||
|
Dingobloo
Australia1903 Posts
On August 10 2012 08:48 Bagration wrote: Hmm, so everyone outside of China was hit? Interesting So could we infer that the hackers are based from China, or is that just simply a red herring to scapegoat? The hacker could very well be from china, but I don't think you can infer that from the information, blizzard gets a different company to run all of it's mainland china business and they probably have seperate authentication servers that weren't hit. | ||
|
Na_Dann_Ma_GoGo
Germany2959 Posts
Reminds me of this: ![[image loading]](http://cache.gawkerassets.com/assets/images/17/2011/08/passwords.jpg) | ||
|
Windwaker
Germany1597 Posts
| ||
|
HeeroFX
United States2704 Posts
| ||
|
thekoalaz
United States109 Posts
On August 10 2012 08:55 Na_Dann_Ma_GoGo wrote: @ Virtue Reminds me of this: Beat me to it  | ||
|
Integra
Sweden5626 Posts
On August 10 2012 08:55 Na_Dann_Ma_GoGo wrote: @ Virtue Reminds me of this: Have you ever heard of the Green horse wanking off at the prairie? GreenHorseWankingPrairie, you'll never forget that password, and its hard as hell to break  | ||
|
DertoQq
France906 Posts
On August 10 2012 08:51 Virtue wrote: Usually at this point after a hack, case of the characters in your passwords doesn't matter. They are just going to brute force (Try every possible combination of characters for a certain length) and when a computer is just calculating hashes and comparing them it doesn't make it harder or easier. Thankfully, it seems like Blizzard's password storage protocol is a lot better than most encryption methods at standing up to brute forcing their hashes. (Might even be impossible.) Actually, case does help. They are going to brute force it and if they have to take into account the case, it will increase the number of possibilities by A LOT. | ||
|
Raskit
579 Posts
On August 10 2012 08:49 Kambing wrote: Also this should serve as a reminder of how stupid the concept of secret questions is. Fill in garbage or otherwise meaningless words for those fields and safeguard your passwords via other means, e.g., with a program like keepass or service like 1password. I think it's time to just start treating the secret answer as another unique password. You can't actually answer the question correctly, as anyone who knows you well enough will be able to guess the answer and you can't use the same answer for all questions as these attacks are becoming increasingly more common. | ||
|
NKexquisite
United States911 Posts
| ||
|
forsooth
United States3648 Posts
| ||
|
xSilverx
Sweden76 Posts
| ||
| ||
