vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   database hacked > know users passwords (https://vborg.vbsupport.ru/showthread.php?t=199138)

el_capiton 12-17-2008 11:48 PM
database hacked > know users passwords
 
hello

if someone gains access to the vbulletin database, is it possible for the hacker to know the users pass? i mean they are in hash format could they retrieve the passwords from the hash? how long would it take to perform this task, if possible

SEOvB 12-17-2008 11:52 PM
It would take ages to perform for each individual password

el_capiton 12-17-2008 11:59 PM
Quote:
Originally Posted by FRDS (Post 1687697)
It would take ages to perform for each individual password
for ages you mean days, weeks, months?
even with the salt thing i think vbulletin has in the passwords?

phantom15 12-18-2008 12:04 AM
md5 salted... to bruteforce would take years I think

SEOvB 12-18-2008 12:30 AM
Quote:
Originally Posted by el_capiton (Post 1687708)
for ages you mean days, weeks, months?
even with the salt thing i think vbulletin has in the passwords?
By ages I mean, a lot longer than it'd ever be worth

Dismounted 12-18-2008 10:15 AM
There are no known rainbow table attacks for this type of hash. The only method would be to brute force, and that would take years. After brute forcing the hash, you would need to brute force the actual password's hash, which would take less time, but still time (although this time, rainbow tables are possible).

el_capiton 12-19-2008 12:57 AM
thanks for your answers

Medtech 12-19-2008 01:09 AM
Quote:
Originally Posted by phantom15 (Post 1687713)
md5 salted... to bruteforce would take years I think
Actually with salt and the latest dictionaries, it is done in about 20 seconds.. if the perp knows what the salt is.

Quote:
Originally Posted by FRDS (Post 1687697)
It would take ages to perform for each individual password
Actually Admins are the targets, what good would it do to hack a mod or member?

You want a secure password? use 4 to 5 words with spaces and a couple symbols. That is impossible to decode for even the best hackers. I use 1024 bit encryption in my passwords.. even the feds can't decode that, lol

Dismounted 12-19-2008 03:34 AM
How about we go all out and use Whirlpool? :)

el_capiton 12-21-2008 06:03 PM
Quote:
Originally Posted by Medtech (Post 1688377)
Actually with salt and the latest dictionaries, it is done in about 20 seconds.. if the perp knows what the salt is.



Actually Admins are the targets, what good would it do to hack a mod or member?

You want a secure password? use 4 to 5 words with spaces and a couple symbols. That is impossible to decode for even the best hackers. I use 1024 bit encryption in my passwords.. even the feds can't decode that, lol
i've a guy claiming it accessed the database and got one mod pass and logged in with it.
he has made a screenshot of mods and admin area to prove he was there.
the mod pass was 10 chars long and it was portuguese, its still easy to be discovered?


All times are GMT. The time now is 02:39 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01441 seconds
  • Memory Usage 1,736KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete