FFR Hacked.

Re: FFR Hacked.

Development site = site we can go to and view and comment and help with the development of FFR??

Am I dreaming

Jk I realize now you just mean create a test environment so you can make changes without it affecting the main site

As long as there's no code in it that causes it to crash when you try to change from debug -> release lol (I'm lookin at you, FFR engine...)

Edit: also lol somehow didn't get pwned which is funny to me.. Honestly I'm not worried if they just have md5 hashes lol, hell if they get passwords from those I'll actually be happy, maybe then I can learn how lolz cause as far as I'm concerned it's impossible.

Edit2: alright maybe not "impossible" but it's pretty likely nothing would come of it.. Lol makes me wonder why they even use md5 for passwords, oh well

Re: FFR Hacked.

february? ive changed my password twice since then lol. spose i shouldnt be too worried then.

Re: FFR Hacked.

Dam, hopefully they AAA things for me.

Re: FFR Hacked.

MD5 is broken. There are rainbow tables available that will instantly reverse many passwords, and because the hash function is so cheap, tools like hashcat will rape MD5 even with salt. Say your password is "xsoekcnm" - random characters. But it's too short and can be instantly reversed, just search for md5 reverse and enter 4ecf096b453a0760b02bd0aa0f3740fa.

Re: FFR Hacked.

Well, the whole point of the salt is really to just slow down the rainbow tables that hash cat uses, or make it not work.

For example, lets get a real example in here for what we want to do:

Lets say we have a database of 1,954,977 members. If the password isn't salted, it's literally a matter of running your tool or whatnot, iterating through the list for each "word", and see if any passwords match.. Sure, we need to check almost 2 million data entries like 70 million times, but I mean, it's not TOO bad.. Not only that, since the passwords are represented in our table, we actually don't need to hash anything or call anything to check it -> we just access the table and make our comparisions

Essentially, imagine: we check the first word in the table, scan the "leak" for matches in the list of hashes, if so, boom, easy.

If the password is salted however, NOTHING in that table is going to match anymore. Obviously, we know the salt - it's written right in the MD5 hash (since salted hash is just hash:salt or salt:hash or whatever), the person trying to crack knows the salt.. Despite this, the amount of work that has to be done is like freakin n^2 compared to n! lol.. If the passwords are salted, your table mapping "xsoekcnm" -> 4ecf096b453a0760b02bd0aa0f3740fa suddenly does not match - xsoekcnm doesn't hash to that anymore, so you would need to calculate md5($salt, $plaintextpw), and remake the table.

Regardless, it's gonna slow it the hell down.. Now suddenly instead of:

- for each word in the rainbow table
- Parse hashes for match

you are suddenly:

- for each word in the rainbow table
- calculate what hash would be generated using a given salt
---> (note, you might realise - in order to calculate what the hash would be for a given salt, they would need to know #1 a plaintext password and #2 the hash that is generated that corresponds to this plaintext password)
- parse hashes for matches

Regardless, I doubt anyone would bother doing this for this game.. there is literally no motivation behind trying to access anyone account here, to be honest. I can see if someone would want to hack the admins password or something, but even so, there really isn't a gain to that - what you should be worried about is using the same password for different websites, registered with that username/email.

To be honest, I don't even think the leak was specifically regarding flashflashrevolution, but obviously I don't know for sure - probably related to this:



EDIT: lol nvm theres a specific section for just FFR


INTERNET FAMOUS BOIZ

Re: FFR Hacked.

I'm CS so all this IA talk is making my head spin. Do I need to set my account on fire or not?

Re: FFR Hacked.

I was compromised but I changed all my passwords and made them all stronger so bleh.

Re: FFR Hacked.

Good thing I've not changed this password since way back when people were randomly logging into eachother's accounts back in like 2014.
I should be fine in other places since I regularly change those passwords every couple months.

Re: FFR Hacked.

Eh I'd consider cryptography part of CS



(It's just forum with people begging for random leaks I found.. however, from this you can see that I guess people have known about it for a while?)

If you are worried about some chinese gold farmer maybe lol.. as far as I could find, it's a private database (l0l this makes me sound like im trying to find the list of password o_O Mark my words someday I will BECOME ETIENNE), so I don't know if anything would even come of it.

Should be fine tbh, worse leaks have happened to be fair.. I'd say yeah just change your password or w/e.

I'm just curious how it happened and why lol.. I swear, someone probably just tried to steal tons of random vB databases...

By the way, I also saw a website that was saying that of the accounts hacked, 300k~ of the passwords were actually encrypted and the rest were plaintext l0l gg, probably bs.

Re: FFR Hacked.

I did take a cryptography course... with the math department lmao. CS definitely does not go as in-depth as you would expect on the security protocols side of things.

Re: FFR Hacked.

if you enter your email and it says pwned twice, is there a way to see what the 2 sites were, or is it just to guess from the list they provide. clicking the 2 times or whatever doesnt show that

Re: FFR Hacked.

it should tell you below with descriptions of the leaks, like so:

Re: FFR Hacked.

Hard to take seriously a site that describes your information as having been pwned.

So the site tells me my email has been pwned 4 times in the past 8 years, and yet all four sites, that email address was tied to the same username, which it informs me has been pwned 0 times.

So I should panic because they got my email and username, except they've never gotten my username. Seems legit.

Re: FFR Hacked.

Pwned on here, MySpace, and tumblr, oh well.

Re: FFR Hacked.

oh woops im dumb ok thank you