how to stop the cracking of a hash (selling/buying/community alt)

[nosfirebird 193]

copy paste these symbols into a new password ► ô Ä ╠ ▓ • place them throughout the password and save the string to your google drive so you dont lose them this will make it fairly hard to decode.

your welcome!

 

EDIT: example of password meta▓gÄming►mônster╠

Edited March 20, 2014 by nosfirebird

[Sklo:D 2,210]

Usually a good brute force program also considers these ASCII symbols, so entering a #!"§$%&/()=? or other symbols on your keyboard is enough security. My password can't be cracked by a brute force attack using a desktop PC within 22 quindecillion years. At least not with the computers we have atm.

Edited March 20, 2014 by Sklo:D

[nosfirebird 193]

Usually a good brute force program also considers these ASCII symbols, so entering a #!"§$%&/()=? or other symbols on your keyboard is enough security. My password can't be cracked by a brute force attack using a desktop PC within 22 quindecillion years. At least not with the computers we have atm.

your using brute force its a waste of computer processor you can easily crack it by hand in about 30 mins if you know what ur doing it takes 15-20 mins with 8-10 character password all the symbols on the keyboard give the same encryption pattern using the symbols i provided it "breaks" the hash and makes the pattern mute while still allowing others to enter onto the toon knowing that your toon will never get stolen

[Zwei 210]

The fact you, or someone are giving hashs out in the first place, and getting them stolen or anything of that matter is not something to post a thread about, but rather a problem that needs to be talked out with Rolf.

[BrQQQ 2,854]

This is not safe at all. Your password is not a hash, and due to how things work, it isn't even necessary to bruteforce it. People with knowledge in Java and some other things can easily extract your password from the encrypted string and this method does not change that.

If you're sharing an account for your community, you're taking the risk that it can be stolen. The password "hash" reduces the risk, but doesn't completely remove the risk. Little tricks like OP's only partially prevent people who will try to bruteforce passwords by hand.

[MamaDarkness 880]

FYI, the hash is not encrypted or protected AT ALL.  You can crack it with pen and paper in 2 minutes or less....

 

If you think giving someone your hash is safe, you are very very wrong.

[Sklo:D 2,210]

I wasn't talking about the code stored in the password.txt file. This isn't even a hashcode. It is just a poor try to give security

Edited March 20, 2014 by Sklo:D

[Klaa 4,872]

Meh it boils down to the same guideline... better trust the person you are giving access to your char.

 

Hence the intrinsic value of trust and the stupidity of breaking it.

 

EDIT: Unfortunately the OP doesn't really help. Anyone who understands the math and technology enough to deal with hashes wouldn't even be phased.

Edited March 20, 2014 by Klaa

[Gaeron 551]

As for the initial idea itself ..... obligatory xkcd reference here : http://xkcd.com/936/

 

also have a read about hash collisions. You don't need the password to have full access to the account, just any password which results in the same hash which leads you to rainbow tables which leads to the need for salting which leads on to nosfirebirds claim, it all depends on the hash generation algorithm, some are indeed weak, some are very strong, doing any reasonable algorithm by hand in 30 minutes? not a chance.

 

@Mamadarkness  The hash is not encrypted or protected because it IS the encryption and protection and lol @ 2mins.

[Klaa 4,872]

I fully endorse the stapling of batteries.

[MamaDarkness 880]

As for the initial idea itself ..... obligatory xkcd reference here : http://xkcd.com/936/

 

also have a read about hash collisions. You don't need the password to have full access to the account, just any password which results in the same hash which leads you to rainbow tables which leads to the need for salting which leads on to nosfirebirds claim, it all depends on the hash generation algorithm, some are indeed weak, some are very strong, doing any reasonable algorithm by hand in 30 minutes? not a chance.

 

@Mamadarkness  The hash is not encrypted or protected because it IS the encryption and protection and lol @ 2mins.

 

you are poorly mistaken.  the hash is not a protection or an encryptyion.  It is just a simple coding mechanic.

 

(upon reflection i have removed my example).

 

I'll simply state instead that players mistakenly assume it is a 'hash' and has security like a hash would.  It is in fact not a hash at all, and I'll leave it at that.

[AnarchistRise 320]

Sooo, who gets to handle all the stolen account tears in the near future?           

[MamaDarkness 880]

example removed.

[MamaDarkness 880]

Sooo, who gets to handle all the stolen account tears in the near future?           

 

no one.  Players have been advised from day one, you share your account, you take those risks.  Account sharing is not endorsed or supported by wurm.

[Issle 793]

What encoding algorithm did you use in your previous post mamadarkness ? Wait isn't that just HEX representation of the ASCII characters o0 ?

 

I'm confused you guys talk about hashing but there's no hashing there ...

Edited March 20, 2014 by Issle

[AnarchistRise 320]

no one.  Players have been advised from day one, you share your account, you take those risks.  Account sharing is not endorsed or supported by wurm.

 

But a GM not only saying "This is not secure" but Depicting exactly how to do it, just to prove they are right is ............... Silly to say the least.

[MamaDarkness 880]

it is a good point, so I have removed my example.  and just state instead that it is not a 'hash' as everyone seems to want to assume.

[Issle 793]

Nobody assumed its a hash ... His post doesn't even make sense ... I'm still trying to understand what he means

Edited March 20, 2014 by Issle

[Seara 686]

It's just a cipher of the password, that allows the password to be saved on your hard-drive, without it being in the clear.

 

It was *never* designed to be shared, or to be a secure method of sharing accounts. 

 

Never share an account that has access to anything you would not be willing to lose (including the account itself) !