Welcome to TangoWorldWide!
You are a Guest, which means you cannot use
all possible features on this forum.
Sign in or Register, to enjoy full functionality. It'll only take 2 seconds!
61 Players in 40 Servers

Author Topic: PSA: ESEA Leaked  (Read 454 times)

0 Members and 1 Guest are viewing this topic.

Offline Oscar

  • Contact @ https://discord.me/TangoWorldWide
  • Registered Users
  • Forum Addict
  • *
  • Topic Author
  • Posts: 2359
    • View Profile
  • User Avatar

    Oscar @ THE REVIVAL

    Offline


  • Total Badges: 24
    Badges: (View All)
    100 Poll Votes Christmas 2016 Halloween 2016 Badge Collector (20) 2 Year Coin Summer 2016 Black-Star Invisible Badge Collector (15) aPn's Award 12 Days of Christmas Spammer-50 Christmas 2015 Badge Collector (10) Thanksgiving 2015 Halloween 2015 1 Year Coin 1000 Posts Badge Collector (5) Spammer-25 Quick Poster Mobile User 500 Posts 100 Posts
PSA: ESEA Leaked
« on: January 09, 2017, 03:00:43 pm »
If you've ever registered to this site and use the same password, change all your passwords please, for Christ Sake. Apparently due to a Ransom Attempt[1] Use LastPass :teehee:

[1]: http://gadgets.ndtv.com/games/news/esea-hack-over-1-5-million-player-profiles-reportedly-leaked-in-ransom-attempt-1646864
« Last Edit: January 17, 2017, 10:56:09 am by dr.friday »
CEO | villagebees.co.uk
https://twitter.com/villagebees


Offline aqua

  • Regular Member
  • Forum Regular
  • *
  • Posts: 404
    • View Profile
  • User Avatar

    t.w² // AQUA

    Offline


  • Total Badges: 12
    Badges: (View All)
    Christmas 2016 Badge Collector (10) Halloween 2016 Summer 2016 1 Year Coin Christmas 2015 Badge Collector (5) Thanksgiving 2015 100 Posts Halloween 2015 Quick Poster Mobile User
Re: PSA: ESEA Leaked
« Reply #1 on: January 09, 2017, 03:15:24 pm »
 :-X ESEA can't catch a break. Bitcoin mining, using an can't talk to his pals ;O; kid to represent FaceIt in one of their ads,  and now this. Good thing I don't use the same pword for everything.
7:21 PM - T.w² | #Scoped4Co .cLм: im not gonna ban, im saying ur lucky i didnt ban u

Offline balon

  • Director of Operations
  • 5k Poster
  • *
  • *
  • *
  • *
  • Posts: 5406
  • SERT{Wow_You_Found_A_Flag}
    • http://steamcommunity.com/id/balon21
    • http://www.twitch.tv/balonfx
    • https://twitter.com/TangoWorldWide
    • View Profile
  • User Avatar

    T.w² | balon@dnd/away

    Online


  • Total Badges: 31
    Badges: (View All)
    3 Year Coin Christmas 2016 5000 Posts Thanksgiving 2016 Mobz Award Halloween 2016 The Rich Bitch Summer 2016 Drunk Award 12 Days of Christmas Badge Collector (20) 2 Year Coin aPn's Award Christmas 2015 Spammer-25 Badge Collector (15) Thanksgiving 2015 Halloween 2015 Quick Collector (10) Badge Collector (10) Invisible Quick Poster Mobile User Quick Collector (5) 100 Poll Votes Badge Collector (5) 2500 Posts 1000 Posts 500 Posts 100 Posts 1 Year Coin
Re: PSA: ESEA Leaked
« Reply #2 on: January 09, 2017, 03:42:17 pm »
Well announced.



Offline papi

  • Development Team
  • Forum Starter
  • *
  • Posts: 73
  • h̶̋̃̒́̈́̇̓͂̃̆̋̏̒͗̀͒͊̈́͐͑͐̈́͐͋̍̃̈́͂̇̋̓̿̔͌̋͐̏̅̽͂̕̚̚͘̕͠͠͠
    • http://steamcommunity.com/id/papei/
    • View Profile
  • User Avatar

    T.w² | papi

    Offline


  • Total Badges: 1
    Badges: (View All)
    Quick Poster
Re: PSA: ESEA Leaked
« Reply #3 on: January 17, 2017, 10:50:17 am »
I don't do ESEA due to their intrusive software, but I would be completely fine with not changing my password simply due to the fact they use bcrypt to hash their passwords. Good luck cracking that!

Offline Mistaken

  • Alaskans Only True Friend
  • Regular Member
  • Forum Regular
  • *
  • *
  • *
  • *
  • *
  • *
  • *
  • Posts: 364
  • Hey guys :)
    • http://steamcommunity.com/id/mistaken_tv
    • View Profile
  • User Avatar

    T.w² | Mistaken .cL м

    Online


  • Total Badges: 9
    Badges: (View All)
    I Triggered LemonFridge Quick Poster 100 Posts Badge Collector (5) 1 Year Coin Christmas 2016 Halloween 2016 Summer 2016 Mobile User
Re: PSA: ESEA Leaked
« Reply #4 on: January 17, 2017, 12:07:59 pm »
Rip esea lmao people still gonna play there cuz better then mm

Offline Oscar

  • Contact @ https://discord.me/TangoWorldWide
  • Registered Users
  • Forum Addict
  • *
  • Topic Author
  • Posts: 2359
    • View Profile
  • User Avatar

    Oscar @ THE REVIVAL

    Offline


  • Total Badges: 24
    Badges: (View All)
    100 Poll Votes Christmas 2016 Halloween 2016 Badge Collector (20) 2 Year Coin Summer 2016 Black-Star Invisible Badge Collector (15) aPn's Award 12 Days of Christmas Spammer-50 Christmas 2015 Badge Collector (10) Thanksgiving 2015 Halloween 2015 1 Year Coin 1000 Posts Badge Collector (5) Spammer-25 Quick Poster Mobile User 500 Posts 100 Posts
Re: PSA: ESEA Leaked
« Reply #5 on: January 17, 2017, 12:19:04 pm »
I don't do ESEA due to their intrusive software, but I would be completely fine with not changing my password simply due to the fact they use bcrypt to hash their passwords. Good luck cracking that!
I wouldn't be so sure, they only have 6 iterations of the key derivation function.

Shown here:

$2y$06

Which is terrible. Bruce forces are easier compared to a 12 iteration, which is the "minimum" people suggest.
CEO | villagebees.co.uk
https://twitter.com/villagebees


Offline papi

  • Development Team
  • Forum Starter
  • *
  • Posts: 73
  • h̶̋̃̒́̈́̇̓͂̃̆̋̏̒͗̀͒͊̈́͐͑͐̈́͐͋̍̃̈́͂̇̋̓̿̔͌̋͐̏̅̽͂̕̚̚͘̕͠͠͠
    • http://steamcommunity.com/id/papei/
    • View Profile
  • User Avatar

    T.w² | papi

    Offline


  • Total Badges: 1
    Badges: (View All)
    Quick Poster
Re: PSA: ESEA Leaked
« Reply #6 on: January 17, 2017, 12:59:28 pm »
I did some math using this stackoverflow: http://security.stackexchange.com/a/83382/128399, and I estimate that when bcrypt has 6 rounds (64 iterations) it takes around ~9.5 milliseconds per password. This means about ~105 passwords being checked per second. I don't know about you, but unless you have a simple/not unique password you should be fine. Bruteforcing 105 checks per second would take forever.

Offline Oscar

  • Contact @ https://discord.me/TangoWorldWide
  • Registered Users
  • Forum Addict
  • *
  • Topic Author
  • Posts: 2359
    • View Profile
  • User Avatar

    Oscar @ THE REVIVAL

    Offline


  • Total Badges: 24
    Badges: (View All)
    100 Poll Votes Christmas 2016 Halloween 2016 Badge Collector (20) 2 Year Coin Summer 2016 Black-Star Invisible Badge Collector (15) aPn's Award 12 Days of Christmas Spammer-50 Christmas 2015 Badge Collector (10) Thanksgiving 2015 Halloween 2015 1 Year Coin 1000 Posts Badge Collector (5) Spammer-25 Quick Poster Mobile User 500 Posts 100 Posts
Re: PSA: ESEA Leaked
« Reply #7 on: January 17, 2017, 01:07:21 pm »
I did some math using this stackoverflow: http://security.stackexchange.com/a/83382/128399, and I estimate that when bcrypt has 6 rounds (64 iterations) it takes around ~9.5 milliseconds per password. This means about ~105 passwords being checked per second. I don't know about you, but unless you have a simple/not unique password you should be fine. Bruteforcing 105 checks per second would take forever.
Intel Core i7-2700K CPU @ 3.50 GHz
CEO | villagebees.co.uk
https://twitter.com/villagebees


Offline papi

  • Development Team
  • Forum Starter
  • *
  • Posts: 73
  • h̶̋̃̒́̈́̇̓͂̃̆̋̏̒͗̀͒͊̈́͐͑͐̈́͐͋̍̃̈́͂̇̋̓̿̔͌̋͐̏̅̽͂̕̚̚͘̕͠͠͠
    • http://steamcommunity.com/id/papei/
    • View Profile
  • User Avatar

    T.w² | papi

    Offline


  • Total Badges: 1
    Badges: (View All)
    Quick Poster
Re: PSA: ESEA Leaked
« Reply #8 on: January 17, 2017, 01:10:16 pm »
The speed could vary but would never be as fast as for example MD5 (assuming one computer). Really dictionary attacks would be the only thing I would worry about. Bruteforcing against bcrypt with a reasonable password length is extremely ineffective. Personally, I wouldn't be concerned because I use long passwords with a lot of randomization involved but I can see your average joe having a 6 character password being cracked.

Offline Oscar

  • Contact @ https://discord.me/TangoWorldWide
  • Registered Users
  • Forum Addict
  • *
  • Topic Author
  • Posts: 2359
    • View Profile
  • User Avatar

    Oscar @ THE REVIVAL

    Offline


  • Total Badges: 24
    Badges: (View All)
    100 Poll Votes Christmas 2016 Halloween 2016 Badge Collector (20) 2 Year Coin Summer 2016 Black-Star Invisible Badge Collector (15) aPn's Award 12 Days of Christmas Spammer-50 Christmas 2015 Badge Collector (10) Thanksgiving 2015 Halloween 2015 1 Year Coin 1000 Posts Badge Collector (5) Spammer-25 Quick Poster Mobile User 500 Posts 100 Posts
Re: PSA: ESEA Leaked
« Reply #9 on: January 17, 2017, 01:11:05 pm »
The speed could vary but would never be as fast as for example MD5 (assuming one computer). Really dictionary attacks would be the only thing I would worry about. Bruteforcing against bcrypt with a reasonable password length is extremely ineffective. Personally, I wouldn't be concerned because I use long passwords with a lot of randomization involved but I can see your average joe having a 6 character password being cracked.
gimme ur real email and ill be sure to hand you your password :)
CEO | villagebees.co.uk
https://twitter.com/villagebees


Offline papi

  • Development Team
  • Forum Starter
  • *
  • Posts: 73
  • h̶̋̃̒́̈́̇̓͂̃̆̋̏̒͗̀͒͊̈́͐͑͐̈́͐͋̍̃̈́͂̇̋̓̿̔͌̋͐̏̅̽͂̕̚̚͘̕͠͠͠
    • http://steamcommunity.com/id/papei/
    • View Profile
  • User Avatar

    T.w² | papi

    Offline


  • Total Badges: 1
    Badges: (View All)
    Quick Poster
Re: PSA: ESEA Leaked
« Reply #10 on: January 17, 2017, 01:18:06 pm »
The speed could vary but would never be as fast as for example MD5 (assuming one computer). Really dictionary attacks would be the only thing I would worry about. Bruteforcing against bcrypt with a reasonable password length is extremely ineffective. Personally, I wouldn't be concerned because I use long passwords with a lot of randomization involved but I can see your average joe having a 6 character password being cracked.
gimme ur real email and ill be sure to hand you your password :)

Code: PHP
  1. $2a$06$1ZI3ykhAg9H818LE4Sd2berNYV0kizOS5UTD0GkpuVldXcUQ0qaZ2

This isn't a hash of my real password (lol), but I used a similar password generating technique. Generated using bcrypt and 6 rounds.

Offline Oscar

  • Contact @ https://discord.me/TangoWorldWide
  • Registered Users
  • Forum Addict
  • *
  • Topic Author
  • Posts: 2359
    • View Profile
  • User Avatar

    Oscar @ THE REVIVAL

    Offline


  • Total Badges: 24
    Badges: (View All)
    100 Poll Votes Christmas 2016 Halloween 2016 Badge Collector (20) 2 Year Coin Summer 2016 Black-Star Invisible Badge Collector (15) aPn's Award 12 Days of Christmas Spammer-50 Christmas 2015 Badge Collector (10) Thanksgiving 2015 Halloween 2015 1 Year Coin 1000 Posts Badge Collector (5) Spammer-25 Quick Poster Mobile User 500 Posts 100 Posts
Re: PSA: ESEA Leaked
« Reply #11 on: January 17, 2017, 02:32:49 pm »
The speed could vary but would never be as fast as for example MD5 (assuming one computer). Really dictionary attacks would be the only thing I would worry about. Bruteforcing against bcrypt with a reasonable password length is extremely ineffective. Personally, I wouldn't be concerned because I use long passwords with a lot of randomization involved but I can see your average joe having a 6 character password being cracked.
gimme ur real email and ill be sure to hand you your password :)

Code: PHP
  1. $2a$06$1ZI3ykhAg9H818LE4Sd2berNYV0kizOS5UTD0GkpuVldXcUQ0qaZ2

This isn't a hash of my real password (lol), but I used a similar password generating technique. Generated using bcrypt and 6 rounds.
well if you shit out a 60 char pw then no, but if ur using the same amount of numbers / chars / length as original then i guess
CEO | villagebees.co.uk
https://twitter.com/villagebees


Offline balon

  • Director of Operations
  • 5k Poster
  • *
  • *
  • *
  • *
  • Posts: 5406
  • SERT{Wow_You_Found_A_Flag}
    • http://steamcommunity.com/id/balon21
    • http://www.twitch.tv/balonfx
    • https://twitter.com/TangoWorldWide
    • View Profile
  • User Avatar

    T.w² | balon@dnd/away

    Online


  • Total Badges: 31
    Badges: (View All)
    3 Year Coin Christmas 2016 5000 Posts Thanksgiving 2016 Mobz Award Halloween 2016 The Rich Bitch Summer 2016 Drunk Award 12 Days of Christmas Badge Collector (20) 2 Year Coin aPn's Award Christmas 2015 Spammer-25 Badge Collector (15) Thanksgiving 2015 Halloween 2015 Quick Collector (10) Badge Collector (10) Invisible Quick Poster Mobile User Quick Collector (5) 100 Poll Votes Badge Collector (5) 2500 Posts 1000 Posts 500 Posts 100 Posts 1 Year Coin
Re: PSA: ESEA Leaked
« Reply #12 on: January 17, 2017, 03:07:06 pm »
Take it to private you two, or the programming board. LOL, Thanks for the PSA again. Topic locked from further discussion.



 

G2A Sponsor Image
EOReality.com
Sinus Bot
TangoServersLLC Logo
AllTrapNation.com
G2A Sponsor Image
EOReality.com
Sinus Bot
TangoServersLLC Logo
AllTrapNation.com