2009-01-27, 01:39 AM
KajitiSouls Wrote:Damn, MSEA's pw hash function must really suck or something (if they didn't use a one-way function at all, MSEA needs to reconsider their security). A dictionary attack should really only be able to recover roughly 70% of the passwords at best.
I think they were able to obtain MSEA passwords because their rankings page was exploitable to display the characters log-in info or something. (That explains why their Rankings page is unavailable.)

