Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Imgur Hacked, Thinks SHA-256 Brutable, No One Cares Because It's Just Imgur
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Imgur Hacked, Thinks SHA-256 Brutable, No One Cares Because It's Just Imgur

raindog308raindog308 Administrator, Veteran
edited November 2017 in General

image

Thanked by 1Saragoldfarb

Comments

  • RayhanRayhan Member
    edited November 2017

    OMG!

    Why did you create an imgur account?

    Thanked by 2WSS dedicados
  • "Rapist thinks womens underwear is self-undressing".

  • pikepike Veteran
    edited November 2017

    @Rayhan said:
    Why did you create an imgur account?

    Because people want to delete their posts after some time. Or add more pictures to a post, etc.

  • user54321user54321 Member
    edited November 2017

    sha256 without salt (SHA Secure Hash Algorithm, i don't get why they first write about encryption although they know that it is a hash algorithm). Yes they are right about that your password is now known with your email.

  • jarjar Patron Provider, Top Host, Veteran

    Well there goes the privacy of my publicly shared screenshots.

    Thanked by 1Maounique
  • YuraYura Member
    edited November 2017

    @jarland said:
    Well there goes the privacy of my neatly stashed away Taylor Swift's images

    ftfy

    Thanked by 4jar WSS Ympker Aluminat
  • Lol; privacy.

  • raindog308raindog308 Administrator, Veteran

    user54321 said: sha256 without salt (SHA Secure Hash Algorithm, i don't get why they first write about encryption although they know that it is a hash algorithm). Yes they are right about that your password is now known with your email.

    Yes, their phrasing is incompetent. They did not "encrypt my password" in their database so it can't be "cracked", etc.

    And how is it someone who has their database has my password? That could only be if

    • my password was stored in plain text
    • they implemented the system poorly (short max length, no salt, etc.)

    And how did rapists enter the picture?

    Yura said: @jarland said: Well there goes the privacy of my neatly stashed away Taylor Swift's images

    Jar, you should know that she did not really pose for Hustler and those pics are shopped.

    Thanked by 2Yura jar
  • jarjar Patron Provider, Top Host, Veteran

    raindog308 said: Jar, you should know that she did not really pose for Hustler and those pics are shopped.

    You take it back right now! I will ban someone every half hour until you do, starting with @jbiloh, and he won't like that.

    Thanked by 1Yura
  • nobody should care anyway is just a public images hosting.

    That will not stop the usual /r/tits user from using the service anyway.

  • deankdeank Member, Troll

    The end must be nigh.

  • I wonder who's mind it'll blow if I mention that Bcrypt is also brutable...

  • jarjar Patron Provider, Top Host, Veteran
    edited November 2017

    Meh who cares, not like anyone used a password there that they also used elsewhere.

    ... Right? ;)

    Actually think I used one that's in a public database already. Guess that means free uploads to whoever gets it!

  • @jarland said:
    Meh who cares, not like anyone used a password there that they also used elsewhere.

    ... Right? ;)

    Actually think I used one that's in a public database already. Guess that means free uploads to whoever gets it!

    FREE UPLOADS? THAT'S WELL WORTH WAITING IN LINE!

    Thanked by 1Hxxx
  • jackbjackb Member, Host Rep
    edited November 2017

    @raindog308 said:
    And how is it someone who has their database has my password? That could only be if

    • my password was stored in plain text
    • they implemented the system poorly (short max length, no salt, etc.)

    I'd disagree here. Salt will be contained in the database that was breaches.

    Even a strong hashing method with a good salt is only as strong as the password itself. Given time and CPU power, your password will eventually be discovered.

    The existence of unique salts does mean no rainbow tables, so it is probably not worthwhile (assuming a sensible number of iterations, time and cpu cost far > potential benefit) for an attacker to bother trying to get passwords, but certainly not impossible.

Sign In or Register to comment.