2010-02-03, 12:44 PM
Jellyflower Wrote:I'm not sure what your exposure unit is, is it 1 billion hashes per computer or organized network or what? Let's just say you're right 72^9/10^9 = time to crack a specific passsword, which is around 520 million second (not sure where you get 3.13e16 at), translated to 1.65 years. You're forgetting the fact that they have more than one specific target. If passwords are uniformally and identically distributed and say 2000 users have 9-letter long passwords, so divide that by 2000 and you get 7.22 hours per successful crack. Suddenly it doesn't look as nice. You can also argue that my method will incorporate multiple checkings so in the end it's still as many comparisons as like targetting one target, but using quicksort or whatever efficient method, you can end up with log n or less comparsions instead of n. (Let's say log 2000/log 2) = 11, multiply this to 7.22 hours and you get 79.42 hours, I sure wouldn't feel safe. But each subsequent letter will increase the average crack time by 72x of previous.Okay, I'll accept the long password theory this time because it's hashes were talking about and not bruteforce over the internet.
10-letter -> 238.26 days
11-letter -> 47 years
12-letter -> 3384 years
Bottom-line is, it's 'safer' to have longer passwords and what's stopping you to having them? An old guildmate of mine is presumed hacked as well just today and she hasn't logged on for 7 or 8 months now.
Fumni Wrote:I really wish I knew how these hackers are doing this...Probably the good ol' method of 1.find an exploit 2.abuse it in every possible way.
Also, if Nexon aren't getting these guys' asses into jail ASAP they are retarded. It's not that fucking hard to notice you are being hacked and find out how to fix it and find who did it, really.

