Jump to content

Undecryptable password?


Piu

Recommended Posts

So I guess I know why so many people are getting their passwords stolen in Rs. Passwords aren't secure. Only way to have a good password would seem to be to add numbers.

 

Rs passwords are by no means insecure.

For one thing the database has never been stolen or breached, which would be the main way to hack a lot of passwords.

Also they require the pass to be 8 characters long and judging by the change password form now forces you to have letters and numbers.

 

8 characters even on just a-z and 0-9 (36 characters) gives 2,821,109,907,456 combinations, so unless you use an obvious password it's pretty impossible to brute force it; especially as u get locked out for a while every 10 failed attempts or so.

 

Most people lose rs passwords by account sharing, phishing sites, using same pass on everything or having easy recoveries. If you're recoveries are all things that a friend would know or (even worse) can all be found on internet profiles they aren't good. Eg It'd be stupid for me to have What is your pet's name? as a recovery since my fb and deviant art has loads of pictures of my cat, with her name.

Plv6Dz6.jpg

Operation Gold Sparkles :: Chompy Kills ::  Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA Rewards

Dragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue

Link to comment
Share on other sites

  • 2 months later...

As some people pointed out, there is a difference between a word list and a rainbow table. A rainbow table is a complete table of hash to input value pairs made by feeding all possible input sequences and recording the resulting hashes. When you use a RT, you make a simple lookup.

 

Currently you can find complete vanilla MD5 rainbow tables along with (last time checked - 3 years ago) nearly complete vanilla SHA1 tables, thanks to the FAST nature of these hashing algorithms.

MD5 hash length is 128 bits (16 US-ASCII characters), SHA1's - 160 bits (20 US-ASCII chars). So if you have a longer password, a rainbow table will contain a different input for the same hash. Which, since the server does not know the real password, will be valid.

 

Of course, salting adds an additional phase of work before you can automatically generate lists of passwords from these hashes.

 

For one thing the database has never been stolen or breached

 

Would you stake one of your limbs on this statement?

savormix.gif
R.I.P. oO000oO0oO00, RS2 range pure transformed to a maxed PvM char in EoC, ten years of time completely wasted.
Good to be gone :)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.