Next Generation Emulation banner
1 - 20 of 24 Posts

·
Emunext fanboy
Joined
·
4,241 Posts
Discussion Starter · #1 ·
I've just checked my mail and find that message posted from my mail to the same account.


"I hacked this account using MD5 hashes registered into my forum. I WILL LET U GO THIS TIME, DONT DO IT AGIAN .. NEXT TIME.
YOUR PASSWORD IS AS THE FOLLOWING, I HAVE READ MOST OF YOUR MESSAGES IN THIS EMAIL AND HACKED A FEW:

**********"

Where the "***" is my real password. What do you think I can do beside changing my password ofcourse which I've already done?

I'm interested in knowing also what would stop him from knowing my password again. Right now I'm trying to know what's MD5 exactly.
 

·
Premium Member
bsnes, ePSXe
Joined
·
21,982 Posts
haha they spelled "again" wrong.

anyway maybe it is some forum administrator giving you grief because you used the same password for your email as your forum signup :nono:

and the MD5 is one of many hash checking tools, it verifies the content of another file.
 

·
Registered
Joined
·
212 Posts
what u can do? :) more like what host can do... md5's are encyrpted, however not very strong, as such can be "converted" into the original, plain text format


besides u shouldnt use ur password, for several sites, each site individual.. should be, and regards forums, theirs a "hack/mod" whatever u call it, which sets the passy, plaintext, rather than encrypted for most forums, u should also use random chars/numbers for a "stronger" password, not things like "imagod" "passwordhere" "irememberthis" or football teams or whatever else :D


btw change passwords for all forums and/or whatever else u use that password for.. and different for each!!
 

·
Emunext fanboy
Joined
·
4,241 Posts
Discussion Starter · #4 ·
Well, I don't think it's one of the admins anyway :p . Since they wouldn't want to look stupid when they get caught ;) , our staff is smarter than that, don't you think :evil: ?

Anyway, I thought only Flare could check our passwords. But again he can't get my email password by trying the ngemu account password since they are different :p .

Well seems like he (the hacker) was trying to prove his superiority on me. Maybe he knows me. And with search I found that MD5 is a really complex algorithm to use Oo . Made on 1991 too. That didn't help much though :p .
 

·
Premium Member
Joined
·
8,201 Posts
the password you use for email should always be different then the ones you use for Forums. anyone with access to a forums database can get your password.

i have always used a different password for forums just because of that. anyway, you can be sure its not someone from Emuforums that did this, im pretty sure most admins here dont have access to the database. (except Bobbi and dixon i guess)
 

·
Registered
Joined
·
2,583 Posts
Chrono Archangel said:
the password you use for email should always be different then the ones you use for Forums. anyone with access to a forums database can get your password.

i have always used a different password for forums just because of that. anyway, you can be sure its not someone from Emuforums that did this, im pretty sure most admins here dont have access to the database. (except Bobbi and dixon i guess)
Uh, you realize that most forum software, such as vB, phpBB, and IPB all just store an MD5 hash of the password, right? It then makes a hash of your password attempt and compares the two to see if they match. Two identical passwords will produce the exact same MD5 hash. So, if they match, the password must be correct.

I'll admit, MD5 isn't perfect, but it's pretty damn hard to crack.
 

·
Premium Member
Joined
·
8,201 Posts
FLaRe85 said:
Uh, you realize that most forum software, such as vB, phpBB, and IPB all just store an MD5 hash of the password, right? It then makes a hash of your password attempt and compares the two to see if they match. Two identical passwords will produce the exact same MD5 hash. So, if they match, the password must be correct.

I'll admit, MD5 isn't perfect, but it's pretty damn hard to crack.
but IINM there are some tools that are available to crack them. im not too sure since i didnt really try and crack an md5 before lol
think Cain had such tool in it... id have to check, its been a while since ive used it (i had lots of fun on the school network with that :evil: )
 

·
Canadian Spaceman
Joined
·
8,767 Posts
I HIGHLY doubt the md5 was broken.

Brute-force attack:
Word: meow
MD5: 4a4be40c96ac6314e91d93f38043a634
 

·
Registered
Joined
·
2,583 Posts
Player-X said:
normally I was expecting something like "LOL Own3d!"
Everyday you learn something new in this case I just learned that MD5 can be used to crack passwords and cloud just learned to not use a single password
You're an idiot. MD5 is a password hashing algorithm. It is not used to "crack" passwords.

Also notice how Reich isn't throwing special chars into the mix. It's just bruteforcing under the assumption that the password is entirely alpha-numeric.

So, no...you can't just plug an MD5 hash into a piece of software and get a password out of it.
 

·
Registered
Joined
·
378 Posts
is it possible he's got spyware or a keylogger on his PC and that's how the hacker got his PW? if I got my PW ripped that'd be the first thing on my mind.
 

·
Registered
Joined
·
212 Posts
Reichfuher said:
I HIGHLY doubt the md5 was broken.

Brute-force attack:
Word: meow
MD5: 4a4be40c96ac6314e91d93f38043a634
i hate to say this, their is md5 tables available...

so no requirence to "brute force" theirs even sites, which allow you to chck a md5 giving you the "proper" password, as long as its in their db, (dictionary tables + easy to guess..)
 

·
Registered
Joined
·
212 Posts
FLaRe85 said:
Use strong passwords. Christ. Don't they teach you that in grade school, now?
heh

u'd be surprised, how many peeps used their nick as their password a few years ago, when i run a small board ;) check pw's every couple of months, any that were "easily guessable" 1 quick warning, 1 strike, if they changed back to another easy to guess, i banned them
 

·
Transcended
Joined
·
1,416 Posts
I just HAVE to comment. Need to clarify a few points scattered in the thread.

MD5 is still used today precisely because it's effective. It's been mathematically proven to be strong enough for most uses today. So it means it's still impractical to crack it blindly, as well as impossible to reverse.

Having pre-hashed tables does not make MD5 any less secure. It's like saying I can break your asymmetric system because I have a table of private keys. Any system can be broken if you can guess the key. Pre-hashed tables only shave time because you don't have to run the hash algo for comparison. In other words... don't use easily guessable keys.

Hashes are one-way. They are by nature irreversible, since you actually lose part (if not almost the whole) of the original data used to make the hash. So you technically can't reverse it and get the exact key. It IS possible for 2 or more quantities to produce the exact same hash, but as with everything in cryptography, the math geniuses reckon that the probability is so small, it's very likely to not happen.

By the way, a lot of boards today still keep the original passwords. There are times that I sign up and get my password handed back to me in my confirmation email, including the "lost my password" features.
 

·
Emunext fanboy
Joined
·
4,241 Posts
Discussion Starter · #18 ·
Do you ppl read my posts, I stated that they aren't the same password used anyway :p . And I didn't say he was from emuforums, I just said that the hacker might know me. Anyway, I changed all my used passwords every where. Let's see if I can play that for a long tme ;) .

Yeah MD5 is effective, I was searching about it yesterday and found some stuff about it. At least for a 14 years old technique.
 

·
It’s Me .. I still Exist
Joined
·
1,225 Posts
He sent it from your own e-mail address? Who is to say they just didn't spoof your e-mail address. Heck I can make my e-mails say they were sent from [email protected] if I wanted to.

You should actually check to see if the mail was actually sent from your e-mail account. Most online e-mail providers and software programs for e-mail track sent mail.
 
1 - 20 of 24 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top