GoFuckYourself.com - Adult Webmaster Forum
Page 2 of 2 < 1 2
Show 40 post(s) from this thread on one page

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Was CrakRevenue Hacked? (https://gfy.com/showthread.php?t=1183829)

ladida 02-04-2016 03:00 AM
Crickets.

ladida 02-04-2016 06:12 PM
Bump for new age hash decryption+salt! :)

patadeperro 02-04-2016 06:51 PM
Another bump for the great phrase:"hash decryption+salt" hahahahahahah

ladida 02-05-2016 02:07 PM
Quote:
Originally Posted by NoWhErE (Post 20717211)
We have a special decryption algorithm + salt
Hi. Can i buy your special hash decryption + salt algorithm? I'd resell to NSA if possible.

ladida 02-08-2016 05:56 AM
Bump for perfect "hash decryption + salt" solution!

Penny24Seven 02-08-2016 06:16 AM
Quote:
Originally Posted by ladida (Post 20723885)
Bump for perfect "hash decryption + salt" solution!
E=MC with a little 2 above the C

tammix 02-08-2016 08:13 AM
hi eric do you have icq?

ladida 02-08-2016 05:07 PM
Imagine this, they are no longer responding :P

ladida 02-10-2016 11:24 AM
You could make a fortune on this guys. Sell the hash decryption+salt thing!

Penny24Seven 02-11-2016 07:04 AM
So were they hacked? Still not sure

Penny24Seven 02-11-2016 07:05 AM
Fiddy people who were not hacked but some thought they were so a thread was made and the votes were cast and the winner is....... YOU

ladida 02-11-2016 02:37 PM
Well we found out they have a good hash decryption+ salt solution, which many companies would buy

Google Expert 02-11-2016 02:49 PM
Quote:
Originally Posted by Brian837 (Post 20726904)
So were they hacked? Still not sure

CurrentlySober 02-11-2016 03:11 PM
what is salt?

ladida 02-13-2016 06:37 AM
Bumparooni for crack.

ladida 02-15-2016 04:35 AM
2 fiddy for hash decryption + salt solution!

going once.

#23 02-15-2016 02:12 PM
nobody got hacked

ladida 02-17-2016 11:53 AM
We don't know that.

But we do know there is an epic groundbreaking solution for hash decryption + salt!!!

RandazzoXXX 02-17-2016 06:29 PM
So basically what we discovered is that if you're using crakrevenue your passwords are stored in plain text? Copy.

ladida 02-19-2016 06:48 AM
This went on the ignore list quick by crak

ladida 02-20-2016 06:49 AM
Another bump for perfect "hash decryption + salt" solution!

ladida 02-23-2016 04:20 PM
Busy for a bump, not busy for a great solution!

ladida 02-26-2016 09:21 AM
Hi + salt here

ladida 02-29-2016 05:54 AM
Another day, another great solution

rowan 02-29-2016 10:22 AM
Reminds me a little of my bank.

Password length must be 6 characters exactly, letters and numbers only.

A few years ago they changed from a standard web field to an "onscreen keyboard" that you have to click to enter the password. It only lets you enter upper case, but there were no problems with logging me in, even though my password (previously entered with the keyboard) was mixed case. If they were using hashes, there's no way that the uppercase version I entered would match the stored mixed case password. Wouldn't be unreasonable to guess they could be storing the pass in plain text format. Then again, maybe they have some o' dat special decryption algorithm + salt

CPA-Rush 02-29-2016 01:08 PM
Quote:
Originally Posted by Muad'Dib (Post 20727286)
:pimp:pimp

dynastoned 02-29-2016 03:11 PM
i don't know why they have limitations on password length anyway

rowan 02-29-2016 03:19 PM
Quote:
Originally Posted by dynastoned (Post 20742058)
could they have written something up for when people login it counts the characters of the password before it's encrypted/decrypted or however the login process works and once login page has finished it carries the true or false of $pw > 16 character information to your account. then if it's true that you have a password that is greater than 16 chars it sends the OP's email to your email addy they have for u in the db? or would that somehow compromise your password?

im not sure how a login page works exactly so i don't know but it seems possible.
Yes, this is possible, because even if the system uses hashes internally, you submit the password to the login page in cleartext. So it would certainly be possible for a program to do a once-off check and notify if it sees the password is too long.

Question is WHY is there the limit in the first place for crak? Password prompts can be made fixed size on a page - they'll just scroll sideways - and there's no real performance difference between sending 5 characters or 500 characters. So why are passwords limited to this length? Even if crak are encrypting them (special decryption algorithm + salt) that means they can be decrypted. Why would a program ever need to access your cleartext password?

klinton 02-29-2016 03:34 PM
:1orglaugh:1orglaugh:1orglaugh:1orglaugh:1orglaugh
Quote:
Originally Posted by Brian837 (Post 20726904)
So were they hacked? Still not sure

klinton 02-29-2016 03:35 PM
:winkwink::winkwink::winkwink:
Quote:
Originally Posted by ladida (Post 20733798)
Another bump for perfect "hash decryption + salt" solution!

dynastoned 02-29-2016 05:43 PM
Quote:
Originally Posted by rowan (Post 20742075)
Yes, this is possible, because even if the system uses hashes internally, you submit the password to the login page in cleartext. So it would certainly be possible for a program to do a once-off check and notify if it sees the password is too long.

Question is WHY is there the limit in the first place for crak? Password prompts can be made fixed size on a page - they'll just scroll sideways - and there's no real performance difference between sending 5 characters or 500 characters. So why are passwords limited to this length? Even if crak are encrypting them (special decryption algorithm + salt) that means they can be decrypted. Why would a program ever need to access your cleartext password?
lol good thing u caught my post i tried to add to the post n somehow edited it out. doing too many things at once.

but yeah things that make you go hmm...

ladida 02-29-2016 07:47 PM
Quote:
Originally Posted by rowan (Post 20741787)
Reminds me a little of my bank.

Password length must be 6 characters exactly, letters and numbers only.

A few years ago they changed from a standard web field to an "onscreen keyboard" that you have to click to enter the password. It only lets you enter upper case, but there were no problems with logging me in, even though my password (previously entered with the keyboard) was mixed case. If they were using hashes, there's no way that the uppercase version I entered would match the stored mixed case password. Wouldn't be unreasonable to guess they could be storing the pass in plain text format. Then again, maybe they have some o' dat special decryption algorithm + salt
No. They just stored it without case. Banks have specific limitations, and yours were letters and numbers only, so they "threw" your pass through something of an regex that would check if the pass had any of those and either block it (if it had special chars) or lowercase/uppercase all letters that were initially input. Thats why not it doesnt matter what u enter.


All times are GMT -7. The time now is 03:28 PM.
Page 2 of 2 < 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc