2010-01-16, 06:53 PM
Eosian Wrote:Those hashes are the same format as Nexon's DB stores protected passwords in, and PINs are stored in plain text in the same table.
If all the people who were just walked through like I was also just happen to have their password in those cross reference/decrypt tables at rednoize (which mine apparently was as well, surprisingly) it increases the likelihood that the hacker had/has some way of retrieving all the password hashes and PINs. Granted there are sites other than rednoize, and independent rainbow tables also exist, but it's as good of a "quick sanity check" as we have available to us.
The more people who aren't in those tables, the better the odds that the hacker has some other method that didn't involve access to the database.
At the very least it gives a good idea how secure current/previous passwords are in the event of a DB breach. Anything that can be instantly looked up = zero security.
So do you suggest everyone (even the uncompromised currently) check to see if their passwords are on that site and if so can you give us sort of step by step walkthrough so that we don't accidentally get our passwords added to the list (you said that doing something would cause that but I'm a little to frightened to think clearly about such things)

