Change your passwords.

[Baron Sprite]

Due to changes in the database all passwords will need to be updated by 2 weeks from today.


Please choose long, strong passwords.

Examples of which are (do not actually use these):
cA!hA6a@haS2
2ubev_G8pa2u
pruv#qastu-a


Please visit http://www.winguides.com/security/password.php if you have any trouble thinking up good passwords.

[animepimp]

Just a side note from more info I saw posted on a forum for one of the servers, you have to change to a different password, you can't just change your password and then change it back to the one you use now.

[Monrezz]

I believe someone got hold of the forum database, so they have all our passwords in hashed form.

The idea behind changing it is so if they do manage to decrypt the hash you've changed your password anyway :P

[animepimp]

Exactly what I wanted to say, but I wasn't sure if the forum moderators wanted us to say that since they have been very cryptic on exactly what is going on with it in their posts. But thats the reason I said to change your password completely because the way the moderator posted the news it sounds like all you have to do is update it to anything even the old value becuase of a databse change. So it needs to be changed to something different or else the hash will be exactly the same and some one can still log in as you.

[Baron Sprite]

We're changing pw style in the database. Feel free to change back to your old password if you want. Several md5 password hashes were gotten, but unless you're an admin, I doubt anyone would take the time to crack it. :P

[jdankanyin]

Well sprite im taking a computer forensics class and one of the tools we use is md5 and also we learn all of the algorythems to crack it. So unless we use stronger encryption which there isnt any that i know of that cant be broken we wont be safe

[jbb]

Nobody has "cracked" MD5. There are certain known weaknesses in it which mean that it's easier to crack than it ought to be but it still can be considered secure at the moment.

The danger of course is that people will have used dictionary words of simple variations which can be guessed.

[Tertiary]

One of the issues is that everyone knows phpBB uses md5 to 'encrypt' the passwords, so if you can get someones password by an sql injection exploit, you know how to brute force it (using mdcrack for example).

If the admins alter the php code to change the encryption algorithm, then a would be hacker would have a lot harder time trying to crack it.

Even with MD5, if you choose a password >9 characters with a mix of upper/lower case, numbers and non-alpha characters, brute forcing it using a PC would be extremely time consuming.

[Mawlcisum]

You spell things out in hash? Sweet glory, hook a brotha up.

[jdankanyin]

All im saying is that any good hacker uses a mathmematical forula to crack then encryption you dont need a program to do it like md5 as long as you figure out the math forula they use for that type of encryption you can hack anything you want

[eq_starbob]

hey all

the only problem with me is tht i have had to go back to the free e-mail sites and the one i am using now isnt supported by your system... now what do i do??? i dont want to get locked out because i am going to post a server and all... so waht do i do????

[samandhi]

Why cant you use the email account that comes with your ISP?

[Baron Sprite]

If you're stupid enough to have your password be a word in the dictionary and not have any numbers, then it's your own fault.


7d8c1e812e4cb5d6d64cde9cca41a349 crack away ^_^

[eq_starbob]

well the only thing for that is i dont use the same isp.... i use a friends high speed account and he also uses a free e-mail hosting as well... should i e-mail a admin for permission or what???

[RexChaos]

my password is

superultramegagiganticpowerfultough

that sounds strong to me.

and it's a ridiculously long password.

i mean it don't get much more stronger than "superultramegagiganticpowerfultough"