this post was submitted on 10 Oct 2024
130 points (98.5% liked)

PC Gaming

8651 readers
483 users here now

For PC gaming news and discussion. PCGamingWiki

Rules:

  1. Be Respectful.
  2. No Spam or Porn.
  3. No Advertising.
  4. No Memes.
  5. No Tech Support.
  6. No questions about buying/building computers.
  7. No game suggestions, friend requests, surveys, or begging.
  8. No Let's Plays, streams, highlight reels/montages, random videos or shorts.
  9. No off-topic posts/comments, within reason.
  10. Use the original source, no clickbait titles, no duplicates. (Submissions should be from the original source if possible, unless from paywalled or non-english sources. If the title is clickbait or lacks context you may lightly edit the title.)

founded 1 year ago
MODERATORS
EXiLExJD@lemmy.ca
UncleBadTouch@lemmy.ca
KairuByte@lemmy.dbzer0.com
130
Change your passwords: Attackers claim a 'catastrophic security breach' of the Internet Archive, with 31 million emails and hashed passwords captured [also Archive.org under DDoS] (www.pcgamer.com)
submitted 1 month ago by alessandro@lemmy.ca to c/pcgaming@lemmy.ca
24 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] floofloof@lemmy.ca 8 points 1 month ago* (last edited 1 month ago) (7 children)

I managed to get in and change mine last night. So you just have to keep hammering that refresh button until you overcome whoever this asshole is that's DOSing the site. Maybe even do it on several computers, and write a script to help.

Edit: Joke, don't do.

[–] ChaoticNeutralCzech 14 points 1 month ago (6 children)

You're contributing to the DDoS attack. Just wait, if your password is good enough and not in use elsewhere it should take a while to crack the hash.

[–] imPastaSyndrome@lemm.ee 2 points 1 month ago* (last edited 1 month ago) (3 children)

This might be a silly question but it might not - if let's say 5 (or even 50) people use the same username and password in multiple sites, and they have another site's leak. Would they be able to easily crack the hash?

[–] ChaoticNeutralCzech 5 points 1 month ago (1 children)

They will start a dictionary attack on the most common passwords and check their hashes against the stolen database. The speed depends on whether the password hashes obtained are salted in a known method (or not at all). If so, they can perform the dictionary search or brute force locally and VERY quickly.

Take these charts with a grain of salt, they always depend on the attacker's computing power. My password was generated with a password manager and it will take millenia to crack with a reasonable number of modern GPUs so I'll be able to change it in time.

If the method is not known, they will need to go through the servers, which have rate limits.

The passwords are probably hashed with usernames so they can only attack one person at once but of course, once they have the plaintext password, they can use it anywhere else the user reused it or a variation of it.

[–] psud@aussie.zone 1 points 1 month ago

If the password hashes aren't salted they can be cracked with a rainbow table - every password up to (whatever length the rainbow tables go up to now - 10 chars?) is easily cracked in seconds

I expect Internet archive salts their password hashes.

It doesn't matter if the salting method is known, all salting methods are known and it's easy to see what salt a password is hashed with as you need to know so you can hash a received password the same way for validation

load more comments (1 replies)
load more comments (3 replies)
load more comments (3 replies)