webcamnews

I got this email today:
Our system has detected that your current CrakRevenue password is rather long.
.......

We contact you today, respectfully and kindly, asking you for your cooperation on this. Please kindly change your password when you have a free moment to ensure no future issues!

=========
Now, why should i change my pass since is long enough? Was CrakRevenue database compromised?

__________________
webcam.news [@] gmail . com

Follow WEBCAMNEWS On Twitter

www.webcamnews.com - Latest XXX News

MFCT

I don't think they've been hacked. My understanding is they're migrating to new software or a new system. And the password length limit for this new system is 16 characters. If your password is longer than that (mine was), you'll have to change it to a 16-character one in order for them to transfer your record. Nothing to worry about.

__________________
Keeping you abreast of the teens that get undressed.
Girls By Location - Couples By Location - Guys By Location - Trans By Location

EddyTheDog

I hate it when people put that sort of thing in correspondence - So creepy...

In fact it's a really bad email.....

ravo

Sounds like a phishing attempt, from someone in Nigeria or Indonesia.

__________________
AdultAdBroker - Buy and Sell Your Flat Rate Banners, Links, Tabs, Pops, Email Clicks and Members' Area Traffic - updated May 2024

ladida

You do realise that the system can't know how long your password is right? The hashing algorithms used dont store the lenght of the password, although they do have limitations of the maximum lenght that it can store. So, whatever the hashing algorithm they used, the length of the hash is THE SAME for a password of 1 char and 100 char.
So in essence, your assumption is stupid.
The OP assumption has more merit.

__________________
agentGFY *at* gmail.com

ottopottomouse

Anything beginning like that I would be expecting to come from Mr Blessing Mkimbo off of Nigeria.

__________________
↑ see post ↑
13101

kkkkkk

ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ

adultmobile

Anyone checked if the link is nigerian phishing or or crackrev legit?

__________________

TubeCamGirl.com

ITraffic

Maybe they hired Mr Konta Tama MANAGER AUDIT AND ACCOUNTANCY DEPARTMENT to run their tech support?

freecartoonporn

this

__________________

SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean

olivierx

If they know lenght of your password then their database is not crypted..... i hope your password with them is unique in case someone get their hand on database would see your password with decoding anything..

CurrentlySober

i lik short passwords

__________________

My Dream Gal... XXX

CPA-Rush

lol hopefully .

__________________

. daizzzy signbucks caution will black-hat black-hat your traffic

CaptainHowdy

__________________
Enroll in the SWAG Affiliate Asian Live Cam Program and get 9 free quality link-backs!
Get those links up ASAP! --> TJEEZERS.Cam. Setup in 48 Hours max.

Crak_Eric

Hi guys,

No, we weren't hacked, and we're sorry if there was any confusion relating to this e-mail.

We feared some might think 'phishing' so we did make it a point to say we didn't want you to respond with your password, that we weren't asking your password, and we even gave official instructions on how to make the change via CrakRevenue's official website rather than doing it through a link, for those exact reasons.

----------------------------------------------------------------------------------------
Here's the e-mail you received (in original, full context)
----------------------------------------------------------------------------------------

Well, this is embarrassing.

Our system has detected that your current CrakRevenue password is rather long.

We are working on modifying some technical things behind CrakRevenue, mainly on how we store data. And the thing is, your current CrakRevenue passwords exceeds the new allowed password char limit.

We contact you today, respectfully and kindly, asking you for your cooperation on this.
Please kindly change your password when you have a free moment to ensure no future issues!

New passwords must be between 4 - 16 characters max.

Please note, we are NOT asking you for your password.

Please do not respond with your password.

We ask that you head on over to your CrakRevenue Profile (crakrevenue.com/account) and change your password to something shorter. That’s all!

Thanks for your help on this!
----------------------------------------------------------------------------------------

But yep, if you have a longggg password — the "dude don't hack me bro" defcon level-1 kind — you received this e-mail. Passwords exceeding 16 chars will become problematic in a future update. Think of it this way: it's really no different than any other site dictating how long your password must be when you first sign up.

Anyway, sorry for the scare!

__________________

kkkkkk

ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ

MFCT

You were saying, bro?

__________________
Keeping you abreast of the teens that get undressed.
Girls By Location - Couples By Location - Guys By Location - Trans By Location

plaster

What a weird email.

Yo crak... you realize that in this thread you shouldn't know the length of password unless you store them insecure. . Right?

ladida

I was saying what is true and still is.
There is no way for them to know the length of your password in a hashed form. The explanation also makes no sense because the hashing algorithm will just truncate the rest of the chars, if for example it has an input limit (which im not sure which one does other then the old 3DES from the htpasswd days) it just truncates the rest.

For example, if you try to hash a password "12345678901234567890" but it has a limit of 16 input chars, it will hash only first 16 and you can log in with "1234567890123456gjflsagjfksalfjdsaklfjdsaklfjdsak lfsa" if you want, because it will only check for the first 16 chars.

Regarding the email, only other thing that could prompt this is if their input form on website now has a limit of max 16 chars, but it was not like that before. So they have your password hashed with >16 chars, and if you tried to login with the >16 chars password now, the input form would truncate it and send it truncated to the database, which obviously would produce a different hash now then the one stored already in the database and you would not be able to log in.
So yea, they can't know the length of your pass when its hashed.

Ofc, this is if they are hashing them and not storing plaintext

__________________
agentGFY *at* gmail.com

LizardKing

"penis" - hope its not too short!

__________________
Get your site reviewed and listed at Porn Sites XXX

j3rkules

Thanks god it is not the Nigerian Prince.

__________________

adultmobile

__________________

TubeCamGirl.com

webcamnews

Crak_Eric i know the original, full context email i got few days ago. I was asking something else in this thread:was database compromised? And now there is a new question: are passwords stored insecure? I mean do you really know the length of my pass? Is it true that if you know the length of my pass, the password is not encrypted in your system?
[later edit] P.S.: Nevermind....

__________________
webcam.news [@] gmail . com

Follow WEBCAMNEWS On Twitter

www.webcamnews.com - Latest XXX News

JamesDrews

Yep they will switch to a new dashboard system! I heard this from my AM.

freecartoonporn

this

majority are using md5 encryption with/without salt these days so imho theres not much issue about password length here, as the md5 encrption can take any amounts of characters as input and throws 32 char long string.

__________________

SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean

NoWhErE

Hi guys!

As some of you already know, we're currently migrating to a new a platform. The message you received was indeed from us and NOT a hack.

No security has been compromised. We are working on making our old system compatible with the new one and one of the steps is to migrate user credentials into a new setup that has a character limit on the password length.

We have a special decryption algorithm + salt that is transferring all of the information and flagging accounts that have passwords over the new limit.

At no time has your password been compromised or vulnerable.

We're sorry if this scared any of you. The emails went out quicker than expected and our comm team didn't have the time to warn you guys about the upcoming changes.

Remained assured that everything is still koscher.

Cheers!

__________________
skype: lordofthecameltoe

ruff

A whole lot of drama for exactly what now? This is the kind of crap you get when you have so many surfers in a webmaster forum.

__________________
CryptoFeeds

LetterTwenty7

So... Your password is?

__________________
Trusted by the best porn sites in the world
Get in touch with the most experienced writers here.
[email protected] | Skype: lettertwenty7 | Telegram: https://t.me/LT7_Digital

Relic

ladida

Ok, now this is total bullshit
There's no "special decryption algorithms" and the +salt thing also means nothing. You are now just digging whatever you write even more

Let me explain you one more thing
Hash = something that can't be decrypted. There is no "special algorithm" on that because it's just that, a hash. It can't be reversed. What it can be done is duplicated. Which would mean that you "duplicated" and hashed words of 16+ password lenght, which is so farfetched its insane to even think about. List of Rainbow Tables shows you the size of a rainbow table that has 1 to 10 char lengths. Im pretty sure you dont have the disk space to store rainbow table for passwords with 16+ chars.
Furthermore, if you were to try to "crack" the hash of a password for a 16+ chars, im also sure you would never ever hit it.

Your remark of "+ salt" also makes no sense. Would have been better if you didnt say anything.

__________________
agentGFY *at* gmail.com

ladida

Here's md5 of a password with 21 chars
2061bf778a5cb9d7f72c55b09c46ba87

It's not even salted. Should be no problem no? You can do it fast since you probably have thousands of members when you were able to evaluate how big everyone's password is
From your answer i see you dont even understand what a salt is, or what is it's purpose.
Salt is used to make the redundancy on hashes even bigger. For example. "A" will always give a hash of 7fc56270e7a70fa81a5935b72eacbe29, so someone somewhere might have stored that same hash and saved it as "A", and someone might be able to reverse it by finding it, let's say, on google, or running it through hash breaking algorithms. Salt is invented so that each vendor/software platform could make up their own "salt" that could produce a different hash for "A", so that without knowing the salt, you can't replicate the hashing algorithm.
But still, password hashed with or without salt, you CANT KNOW ITS LENGTH.

so you were storing them plaintext?

__________________
agentGFY *at* gmail.com

plaster

A good excuse would be to say that on initial choosing of password the system stored the number of digits chosen.

Does it really matter though? This isn't your bank... it's an affiliate program. Crak should just say "sorry"... new system won't store passwords going forward.

ladida

I don't care since i did nothing with them, it's just funny how from a simple question they dug themselves with this. The more they write, the more you see something's just not right there.

However, if you think there's no problem with someone knowing your affiliate password, you'd be dead wrong. Maybe not if you're 0 hit affiliate. But someone doing xxx$ weekly would definitely care. From knowing your traffic sources, from possible email intrusion, to switching payment methods.

__________________
agentGFY *at* gmail.com

Relic

run the sky is falling

Google Expert

Damage control mode: ON

LizardKing

You just should not start harmless mails with this.

__________________
Get your site reviewed and listed at Porn Sites XXX

ladida

Heh, they saw it's better to let it die.

__________________
agentGFY *at* gmail.com

olivierx

md5 of 64 character password: 44b0786e70c3c1ce5c8edc4ca77f9819
md5 of 255 char password :e3491d81b6b929e6e45c042cbefc212b
md5 of 16 char password: a74298e4a259759687e3a5acb2e7ae12

Is crakrevenue storing unsecure password?

potter

On the contrary actually.

Crack has stated that they know how long the passwords are (which means they either are storing passwords as plain text in their database, or they have a database schema with a huge security hole). Either way it means their form of password storage is compromised.

They've also now said they have a "de-cryption" method which is complete horse shit. If they're storing passwords with a hash method there's no way to de-crypt them. You can figure out what a password is from the hashed version - but it isn't de-cryption - it's a dedicated "guessing machine" that runs the billions of combinations through the hash function until it finds the match. That's not something they'd have the capacity for.

__________________

Google Expert

This, tbh.

Programs DBs get hacked on a daily basis, no matter how big you are.

The question is what they did with it. Just dumped the email list, login infos or injected some custom written shells into the system for future use.

ladida

Crickets.

__________________
agentGFY *at* gmail.com

ladida

Bump for new age hash decryption+salt!

__________________
agentGFY *at* gmail.com

patadeperro

Another bump for the great phrase:"hash decryption+salt" hahahahahahah

__________________


email me at support (at) adultvideoblaster (dot) com

ladida

Hi. Can i buy your special hash decryption + salt algorithm? I'd resell to NSA if possible.

__________________
agentGFY *at* gmail.com

ladida

Bump for perfect "hash decryption + salt" solution!

__________________
agentGFY *at* gmail.com

Penny24Seven

E=MC with a little 2 above the C

__________________
Our site is coming soon. It will be one of the best ever! I know so. Brian and Penny

tammix

hi eric do you have icq?

ladida

Imagine this, they are no longer responding :P

__________________
agentGFY *at* gmail.com

ladida

You could make a fortune on this guys. Sell the hash decryption+salt thing!

__________________
agentGFY *at* gmail.com

Penny24Seven

So were they hacked? Still not sure

__________________
Our site is coming soon. It will be one of the best ever! I know so. Brian and Penny