like alot of things, just takes time ;/
This is a discussion on usko database rehacked within the General Chat forums, part of the Knight Online (ko4life.com) category; like alot of things, just takes time ;/...
Page: 4
like alot of things, just takes time ;/
I am sad that it took 2 years to realized encrytion is good. TBH, any high school who taken 1 year of computer class could tell you to encrypt/hash your password file. I am pretty sure devile either assumed you did or told you.Originally posted by Festo
Well it used to be plain text but in january, a memo was sent to everyone. Which stated what desired additions we would like;
Desired Additions
• Expand game chat limit for game masters to 256.
• Add more levels of gm privileges. *
• Detailed GM command list
• Recompile Knight tools so that our version of our tool is unique only to USKO. *
• Encrypt the game database password and account ID fields.
• New boss - We need detailed requirements to design these boss’s ourselves. *
So *
B)
Just clarify one thing, encryption preserve order while hash does not. Normally hash is one way, which means once you hash something, there is little to noway to get it back. To bruteforce... let do a quick math. Let say your hash is constant time which means very fast. A 12 character pwd would be 12 * 8 bits = 96 bits. So it would take atmost 2^96 tries. Lets say you have fast computer, can do 1024 per second (2^10 per sec). 2^96 / 2^10 = 2^86 seconds. Which is about 2^86 / (3600 * 24 * 7 * 52) = 2,460,166,503,082,273,452.8 years. Lets assume that k2 is smart and concat password and ID#, (note this is called seeding and is used in linux systems). ID# is probably 32 bits integer so 96 + 32 = 128 bits.
Decyphering a MD5 hash isnt as hard as ppl think, dont forget that ppl have been working on doing this for years already.
is there any difference between a bank db and a game db, regarding the global internet protocols, laws,ethics.morals..etc?
Originally posted by Zulkir
is there any difference between a bank db and a game db, regarding the global internet protocols, laws,ethics.morals..etc?
i believe bank have better security than k2
lol u better hope they do otherwise im withdrawin all my moneyOriginally posted by Flippy+--><div class='quotetop'>QUOTE(Flippy)</div><!--QuoteBegin-Zulkiris there any difference between a bank db and a game db, regarding the global internet protocols, laws,ethics.morals..etc?
i believe bank have better security than k2[/b]
it is obvious..but once we talk about real money (and it is your own money in your bank account) people become serious..in the other hand we are talking about just a game. in fact there isnt anything under our ownership according to K2 policy...
You are right, it is not hard, just takes a few thousand eons. Infact, it is probably faster to create a fuctional time machines to travel into the future to get the pwd.Originally posted by Doc
Decyphering a MD5 hash isnt as hard as ppl think, dont forget that ppl have been working on doing this for years already.
Originally posted by Doc
Decyphering a MD5 hash isnt as hard as ppl think, dont forget that ppl have been working on doing this for years already.
decrypt md5? we cant even talk about decrypt cuz its not an encypted code but an hash...
Lets just say that I have already had look at certain pieces of software ( talking over 20gb's worth ) that contain already cracked MD5's simply enter the hash and bingo, for the more simple PW's it's already been done.
Simple solution now days is to make a pass phrase instead of word, you think a lot of ppl have done this????
Originally posted by Doc
Lets just say that I have already had look at certain pieces of software ( talking over 20gb's worth ) that contain already cracked MD5's simply enter the hash and bingo, for the more simple PW's it's already been done.
Simple solution now days is to make a pass phrase instead of word, you think a lot of ppl have done this????
i believe this prog is just a database with many easy password and their md5 hash then it try to look into the db if the pw is know , nothing more
and as i said ,its not decrypt
Just saying that it isnt as safe as ppl think it is + I agree with earlier point that K2 prolly keep a clr text format for PW's and ID's knowing them zzzzzzzz
Oke... see you ... man ...
And ffs i doubt k2 received email and answered on MSN...
C'mon guys
/delete
.... wait, you are saying, if you know the pwd, you can generate the md5 hash to get back the pwd.Originally posted by Doc
Lets just say that I have already had look at certain pieces of software ( talking over 20gb's worth ) that contain already cracked MD5's simply enter the hash and bingo, for the more simple PW's it's already been done.
Simple solution now days is to make a pass phrase instead of word, you think a lot of ppl have done this????
I think you are getting serial number mix up with MD5. Serial numbers are a proof of purchuse which is easy to fool. MD5 is a signiture of a string of bits. Every string has its own signiture. For sake of arguement, MD5 is one way. Once hashed, it stay hashed. Kind of food, after you digest food and take a shit. No matter how much shit you shove up your ass, it ain't come up out as food.
no i am saying that the hash can be broken down into plain text form. LMFAO with your shitty explanation though nice one
Yes it is a string of bits so is everything but it has to remain the same so that when it is read at other end it reads the same every time in plain text.
Bookmarks