Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 02-11-2016, 07:05 AM   #51
Penny24Seven
So Fucking What
 
Penny24Seven's Avatar
 
Industry Role:
Join Date: Jun 2007
Location: USA
Posts: 6,289
Fiddy people who were not hacked but some thought they were so a thread was made and the votes were cast and the winner is....... YOU
__________________
Our site is coming soon. It will be one of the best ever! I know so. Brian and Penny
Penny24Seven is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-11-2016, 02:37 PM   #52
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Well we found out they have a good hash decryption+ salt solution, which many companies would buy
__________________
agentGFY *at* gmail.com
ladida is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-11-2016, 02:49 PM   #53
Google Expert
Webmaster
 
Google Expert's Avatar
 
Industry Role:
Join Date: Jun 2004
Posts: 14,295
Quote:
Originally Posted by Brian837 View Post
So were they hacked? Still not sure
Google Expert is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-11-2016, 03:11 PM   #54
CurrentlySober
Too lazy to wipe my ass
 
CurrentlySober's Avatar
 
Industry Role:
Join Date: Aug 2002
Location: A Public Bathroom
Posts: 38,212
what is salt?
__________________


👁️ 👍️ 💩
CurrentlySober is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-13-2016, 06:37 AM   #55
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Bumparooni for crack.
__________________
agentGFY *at* gmail.com
ladida is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-15-2016, 04:35 AM   #56
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
2 fiddy for hash decryption + salt solution!

going once.
__________________
agentGFY *at* gmail.com
ladida is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-15-2016, 02:12 PM   #57
#23
So Fucking Banned
 
Industry Role:
Join Date: Jan 2016
Posts: 555
nobody got hacked
#23 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-17-2016, 11:53 AM   #58
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
We don't know that.

But we do know there is an epic groundbreaking solution for hash decryption + salt!!!
__________________
agentGFY *at* gmail.com
ladida is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-17-2016, 06:29 PM   #59
RandazzoXXX
Confirmed User
 
Industry Role:
Join Date: Mar 2008
Posts: 141
So basically what we discovered is that if you're using crakrevenue your passwords are stored in plain text? Copy.
RandazzoXXX is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-19-2016, 06:48 AM   #60
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
This went on the ignore list quick by crak
__________________
agentGFY *at* gmail.com
ladida is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-20-2016, 06:49 AM   #61
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Another bump for perfect "hash decryption + salt" solution!
__________________
agentGFY *at* gmail.com
ladida is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-23-2016, 04:20 PM   #62
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Busy for a bump, not busy for a great solution!
__________________
agentGFY *at* gmail.com
ladida is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-26-2016, 09:21 AM   #63
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Hi + salt here
__________________
agentGFY *at* gmail.com
ladida is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-29-2016, 05:54 AM   #64
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Another day, another great solution
__________________
agentGFY *at* gmail.com
ladida is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-29-2016, 10:22 AM   #65
rowan
Too lazy to set a custom title
 
Join Date: Mar 2002
Location: Australia
Posts: 17,394
Reminds me a little of my bank.

Password length must be 6 characters exactly, letters and numbers only.

A few years ago they changed from a standard web field to an "onscreen keyboard" that you have to click to enter the password. It only lets you enter upper case, but there were no problems with logging me in, even though my password (previously entered with the keyboard) was mixed case. If they were using hashes, there's no way that the uppercase version I entered would match the stored mixed case password. Wouldn't be unreasonable to guess they could be storing the pass in plain text format. Then again, maybe they have some o' dat special decryption algorithm + salt
rowan is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-29-2016, 01:08 PM   #66
CPA-Rush
small trip to underworld
 
Industry Role:
Join Date: Mar 2012
Location: first gen intel 80386/nintendo-gb/arcade/ps1/internet person
Posts: 4,927
Quote:
Originally Posted by Muad'Dib View Post
__________________

automatic exchange - paxum , bitcoin,pm, payza

. daizzzy signbucks caution will black-hat black-hat your traffic

ignored forever :zuzana designs
CPA-Rush is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-29-2016, 03:11 PM   #67
dynastoned
mmm yeah!
 
Industry Role:
Join Date: Feb 2005
Location: roseville, ca
Posts: 5,061
i don't know why they have limitations on password length anyway
dynastoned is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-29-2016, 03:19 PM   #68
rowan
Too lazy to set a custom title
 
Join Date: Mar 2002
Location: Australia
Posts: 17,394
Quote:
Originally Posted by dynastoned View Post
could they have written something up for when people login it counts the characters of the password before it's encrypted/decrypted or however the login process works and once login page has finished it carries the true or false of $pw > 16 character information to your account. then if it's true that you have a password that is greater than 16 chars it sends the OP's email to your email addy they have for u in the db? or would that somehow compromise your password?

im not sure how a login page works exactly so i don't know but it seems possible.
Yes, this is possible, because even if the system uses hashes internally, you submit the password to the login page in cleartext. So it would certainly be possible for a program to do a once-off check and notify if it sees the password is too long.

Question is WHY is there the limit in the first place for crak? Password prompts can be made fixed size on a page - they'll just scroll sideways - and there's no real performance difference between sending 5 characters or 500 characters. So why are passwords limited to this length? Even if crak are encrypting them (special decryption algorithm + salt) that means they can be decrypted. Why would a program ever need to access your cleartext password?
rowan is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-29-2016, 03:34 PM   #69
klinton
So Fucking Banned
 
Industry Role:
Join Date: Apr 2003
Location: online
Posts: 8,766

Quote:
Originally Posted by Brian837 View Post
So were they hacked? Still not sure
klinton is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-29-2016, 03:35 PM   #70
klinton
So Fucking Banned
 
Industry Role:
Join Date: Apr 2003
Location: online
Posts: 8,766

Quote:
Originally Posted by ladida View Post
Another bump for perfect "hash decryption + salt" solution!
klinton is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-29-2016, 05:43 PM   #71
dynastoned
mmm yeah!
 
Industry Role:
Join Date: Feb 2005
Location: roseville, ca
Posts: 5,061
Quote:
Originally Posted by rowan View Post
Yes, this is possible, because even if the system uses hashes internally, you submit the password to the login page in cleartext. So it would certainly be possible for a program to do a once-off check and notify if it sees the password is too long.

Question is WHY is there the limit in the first place for crak? Password prompts can be made fixed size on a page - they'll just scroll sideways - and there's no real performance difference between sending 5 characters or 500 characters. So why are passwords limited to this length? Even if crak are encrypting them (special decryption algorithm + salt) that means they can be decrypted. Why would a program ever need to access your cleartext password?
lol good thing u caught my post i tried to add to the post n somehow edited it out. doing too many things at once.

but yeah things that make you go hmm...
dynastoned is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-29-2016, 07:47 PM   #72
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,149
Quote:
Originally Posted by rowan View Post
Reminds me a little of my bank.

Password length must be 6 characters exactly, letters and numbers only.

A few years ago they changed from a standard web field to an "onscreen keyboard" that you have to click to enter the password. It only lets you enter upper case, but there were no problems with logging me in, even though my password (previously entered with the keyboard) was mixed case. If they were using hashes, there's no way that the uppercase version I entered would match the stored mixed case password. Wouldn't be unreasonable to guess they could be storing the pass in plain text format. Then again, maybe they have some o' dat special decryption algorithm + salt
No. They just stored it without case. Banks have specific limitations, and yours were letters and numbers only, so they "threw" your pass through something of an regex that would check if the pass had any of those and either block it (if it had special chars) or lowercase/uppercase all letters that were initially input. Thats why not it doesnt matter what u enter.
__________________
agentGFY *at* gmail.com
ladida is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks

Tags
change, crakrevenue, kindly, password, hacked



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.