BlameThePixel!

hrm the only way to reverse engineer an md5 is to use a lookup table, i would have taken ages to convert all the btp password hashes into a readable form.

That worries me slightly - that another site being a pile of shite can so seriously affect this one

I'm not going to change my password unless someone acts on the password first. They've got to have better things to do than find places I'm registered at. And I (fortunately) have plenty of friends in high places to repair any possible damages.

Besides, anyone that hijacks my identity I could take legal action against .

I hope you burn in hell.
Kyle is better than you.

MD5 is not encryption, it is a hash algorithm. Encryptions are made for the purpose of being able to be unencrypted again and read, but hashes are a one way function which cannot be reversed. However people can guess your password and see if it matches the hash, and computers can do millions of guesses.

Anyone who got hold of the list of hashes in the BTP database would have been able to quickly get 100s of passwords by bruteforcing - short passwords and dictionary word passwords would be obtained very quickly.


But MD5 will become even more insecure, as ReadMe says, there are things called lookup tables. Someone can allocate gigabytes to a database and then spend a long time matching a password to every possible hash. They might do every password for 1-40 characters, then no password is safe if someone has your hash.

^^ heh, i knew that/. ^^ i was being genral as not everyone know the difference.

And a look up table is not the only way to do it. there is one far easier then slaving away sending info into a hash/. Originaly designed for cracking unix servers: i fond that this method works well for server like BTP as its permissions are very .. shall we say.. liberal.

The secrete is in the sauce.

And Knifa.. wow that was hash....

Candyman, as much as you dont want to change it.. i would if i were you. I signed up after all this went down so I know im clear, but i might just change mine to be carefull.




Indeed readme, JoE's site has never been one of my favorites. I've been there only once, to leave a nast remark in his shoutbox.

Now that SargeTron is in charge there (or so he claims) I imagine that the site will only get worse. JoE's site is nothing but pirated Worms stuff, and probobaly a few other things as well.

As a rule of thumb i never use the same password twice. I keep a roll-a-dex of my passwords next to my monitor should i forget one..

I recomend everyone else do the same. You can't take secuity lightly, The USA did, and we got September 11th as our punishment for it.

I just want to shortly say that SargeTron told me all this as well, but he didn't send me the password list because I told him not to. I didn't share this information with anyone at the time, because I promised not to tell. However I told him that if he abused it (like he obviously did quite recently) I would have to tell an admin.

I would strongly advise you all to change your password, as I already have done. It's not certain that he knows YOUR password, but be on the safe side and change it.

Just to say again: If no one had found this out already, I would have told.

Edit: SargeTron wants to say this:
YBY, i did not force you.
I asked, and you did.
Thanks to Khuzad for posting this on my behalf, since im banned .
Well, i think thats it...

What is JoE's site?

$goologo $m[1]

basically he's breaking a fair few laws by not hashing his passwords and stroing them literally and then in turn using those stored passwords to gain unauthorised access to a website, does anyone know what country he is from?

Those two will keep blaming each other until they find someone else to point at. Doesn't the fact that they made themselves admins by using the "stolen" passwords already qualify them both for a long-time ban? Nobody was forcing them, and even if someone was, they could always refuse

XxSpIDerxX, I would like to make it clear that it was SargeTron who admin'ed both of them, YBY didn't. edit: Okay, I'm no longer sure about this. I'm very confused. :/

Agreed.

yeah...well said Spider....

and why did Sarge Get Banned but not YBY?

they were both wrong

I believe he's from canada seeing as he told me his ISP.

And he says he used the md5 hashes to get the passwords, nowhere were any passes stored in plain text. short MD5d passwords can be turned back into plain text fairly quickly using various programs. It doesn't take a hugely long time, as Bloopy says.

Zogger!$1notes there is also a thread about this at CL2k

YBY was unbanned because he's generally been less annoying than SargeTron in the past...

thx

change it to a different language.