Maybe someone should waste their time highlighting that you just wasted your time by writing a post that makes hardly any sense and the parts that do are just plain stupid. Why don't you go ask the people that got LBSG and leets databases? I think you should seriously read over what you post before you hit that post reply button or you might end up with people not trusting you, especially when you publicly say stupid stuff like suggesting people use an ancient hashing algorithm that you can crack with a simple google search. Yet another pointless negative comment
I just don't get it Read slowly Jack. It's just a game. How many actual attempts of cracking these databases are at all? Okay, let's assume that someone did crack large network and got password hashes. If it's md5, yea it can be cracked up pretty easily and for this example the Hacker Steve got Alex plain password. What's next? If Alex didn't follow basic precaution, it's his fault. So really that password is worth nothing. I don't know anyone yet who wants to steal a favorite game profile from 7 year old kid. You were so mean to mean. So much negativity. Let me send something back: "I'm more handsome than You are". That means negative and negative is positive. Such a bright thread. I hope that you get that Lego brick very safe, because some very very mad old bastard might want to steal it. Edit: First of all, how did I miss this? Hence the name 'even' it doesn't matter how strong your hash is. Even md5 can do hashing. @SOFe has strong argument of why you shouldn't be worried about hash as there is many other ways the password could be compromised.
Getting a bit off-topic: I have my own algorithm of how I create passwords which is easy to remember. This is not my algorithm, but an example of how I create passwords Code: ChrisPassword@atPMMP-Forums ChrisPIN@atTELE2
yeah, but let's face it... how many people actually use different passwords for everything? not very many at all. It's like saying any service doesn't need to be careful with its users' data, because if the data can then be used to access other accounts "it's their own fault". That doesn't really cut it. Take that into account and also the fact that anyone with some basic tools can decode the text packets used to send those passwords to the server because PocketMine doesn't support encrypted connections. PocketMine is a cesspool of security vulnerabilities. A chain is only as strong as its weakest link, and right now PocketMine is that weak link.
It doesn't matter how you save the data, it's entirely up you and I honestly don't care how you do it. If you keep your database and API endpoints secure then you won't have any problems with your database being leaked which would make your hashing algorithm irrelevant. However, I'd suggest you choose a strong hashing algorithm just in case, nobody plans to be hacked. You just need to remember people are trusting you with their data, so be smart about it.
Bad idea to use the same sort of format with so many common characters. If one password of your passwords gets leaked a brute force on one of your other passwords just got sped up.
Agree, but kinda better than using equal passwords everywhere. Of course I use a bit more advanced way to create unique and not-so-close-to-other passwords.
An interesting phenomenon is that humans always try to lock their doors well to prevent burglars, neglecting the fact that they lose much more money in their everyday life than the expected value (probability) lost by burgling, and that a professional burglar can break into your home in at least a hundred ways. There is a lot more meaningful to the human race to talk about, such as how to educate people so that they are responsible for the databases they manage. Sounds distant, but other things are really worthless in the long term. Believe me or not, I use my bank password, because nobody knows who I am in real life anyway, much less my bank account. Just in case the server owner is malicious in the first place... What should I do? Like this? Code: $ php -r '$mypass = $argv[1]; $ip = $argv[2]; for($i=0;$i<strlen($ip);$i+=strlen($mypass)){ for($j=0;$j<strlen($mypass);$j++){ if($i * strlen($mypass) + $j >= strlen($ip)) break 2; $ip{$i * strlen($mypass) + $j} = $mypass{$j}; } } echo base64_encode($ip);' 123456 example.net MTIzNDU2ZS5uZXQ=
I find that password apps like 1Password are great tools for managing 100s of passwords and suggesting new highly-complex passwords. I've got no financial (or other) interest in 1password, but I'll just throw it out there. and of course SOFe already posted my favorite xkcd comic on the matter.