2010-01-18, 08:00 PM
Here's something I've been thinking about. I'm still in the process in gathering data. Right now we're suspecting someone is cracking MD5 hashes, but this also applies to any encryption employing hashes. What you want is a 'strong' password. This is sort of ironic since the whole epidemic might have been prevented (but not forever) if the so called exploit is via hash match-up.
Maple allows passwords up to 12 characters long, so symbols are allowed as well. I'm not sure if it was changed somewhere along the line, but I know a lot of people only use letters and numbers, because some other corporations exclude the use of symbols to prevent possible SQL injection and loophole exploit because %, ', ", _, are used for operators in a lot of languages. I don't know which ones Nexon rejects, if any, but supposingly all are allowed, that's 47 keys + shift lock = 94 different possible character. Since 12 letters are maximum, that lead to 94^12 combinations ~ 2^78.655 (ln(94)/ln(2) x 12 = change of base) which rougly translates to 78 bits of protection. 11 letters will be 94^11 ~ 2^72.1, which is 72 bits. Each bit double the protection in basic bruteforce term because it takes twice as long to check all combinations. Of course this is assuming the bruteforce method uses all 94 ascii for checkups, which might not be the case so symbols are highly recommended as of now, unless there are dominant cases where passwords with symbols are cracked or bypassed. 128 bits security is slowly become unsecured, with maple only allowing maximum of 78 bit true protection, you want yours to be high as possible don't you? (This is all assuming passwords are stored as MD5 hashes)
You may also want to do a short hash lookup with your new password, since MD5 is not collision-free, meaning there might be more than one password/passphrase/key that will generate the same hash, even though the occasion is extremely rare. More is detailed on previous pages as to how to go on about checking. If you want a password that you can remember easily, you can simply concatenate random symbols somewhere within your existing password to make it full 12-character length. Except I would suggest changing it to a whole new one, and simply not rely on the avalanche effect that MD5 has.
Maple allows passwords up to 12 characters long, so symbols are allowed as well. I'm not sure if it was changed somewhere along the line, but I know a lot of people only use letters and numbers, because some other corporations exclude the use of symbols to prevent possible SQL injection and loophole exploit because %, ', ", _, are used for operators in a lot of languages. I don't know which ones Nexon rejects, if any, but supposingly all are allowed, that's 47 keys + shift lock = 94 different possible character. Since 12 letters are maximum, that lead to 94^12 combinations ~ 2^78.655 (ln(94)/ln(2) x 12 = change of base) which rougly translates to 78 bits of protection. 11 letters will be 94^11 ~ 2^72.1, which is 72 bits. Each bit double the protection in basic bruteforce term because it takes twice as long to check all combinations. Of course this is assuming the bruteforce method uses all 94 ascii for checkups, which might not be the case so symbols are highly recommended as of now, unless there are dominant cases where passwords with symbols are cracked or bypassed. 128 bits security is slowly become unsecured, with maple only allowing maximum of 78 bit true protection, you want yours to be high as possible don't you? (This is all assuming passwords are stored as MD5 hashes)
You may also want to do a short hash lookup with your new password, since MD5 is not collision-free, meaning there might be more than one password/passphrase/key that will generate the same hash, even though the occasion is extremely rare. More is detailed on previous pages as to how to go on about checking. If you want a password that you can remember easily, you can simply concatenate random symbols somewhere within your existing password to make it full 12-character length. Except I would suggest changing it to a whole new one, and simply not rely on the avalanche effect that MD5 has.

