Month's top: Nobody yet!
Want LAH to translate a manga for you?
Little Angels Hentai Forum Index
Happy new year!
×
The notification boxes have arrived! Read for more info!
1 Unread Announcement
New password security

 
Compose reply Little Angels Hentai Forum Index » Announcements View previous thread
View next thread
DMCA
New password security
Author Message
Sat
Star Angel
Warnings:
Posts: 7357

Post New password security Quote
Due to the recent changes in the encoding, we have also increased the password hash
security. Because we obviously do not have your old passwords, the old security
is still enabled, until you change your password.

People who registered after May 14th, 2013 already have the new security.

To switch, all you have to do is enter your profile and change your password once.
You can pick the same password as your previous one, but you have to change it.


That's it! Your account is now much better protected!
The old scheme will still be active, but we strongly recommend that you do this.

Help us keep your data safer Smile


_________________

Some people say, universe is a Star Ocean!
Latest LAH Blog post: In need of a cleanup from 29th June

Can't use Moneybookers or Payza? PM me for alternative donation ways
We now also accept Bitcoin.

Got a suggestion on how we can improve LAH? Post it here or vote for other people's suggestions!
Tue May 14, 2013 8:20 pm Profile PM WWW Skype
Laroubane
Beginner Angel
Warnings:
Posts: 12

Post Quote
It is good to know that maintenance is performed contsntly in order to keep things well on this foum.

Wed May 15, 2013 5:08 pm Profile PM
Sat
Star Angel
Warnings:
Posts: 7357

Post Quote
We are doing out best Smile
Though this was the first maintenance that took this long Razz


_________________

Some people say, universe is a Star Ocean!
Latest LAH Blog post: In need of a cleanup from 29th June

Can't use Moneybookers or Payza? PM me for alternative donation ways
We now also accept Bitcoin.

Got a suggestion on how we can improve LAH? Post it here or vote for other people's suggestions!
Wed May 15, 2013 5:16 pm Profile PM WWW Skype
200slenderman
Beginner Angel
Warnings:
Posts: 4

Post Quote
Great job being secure Sat! I appriciate it

Tue Jun 11, 2013 1:52 am Profile PM
psionx
Beginner Angel
Warnings:
Posts: 11

Post Quote
are the passwords on this site salted or did you just change the encryption type. though I don't think it matters much since no one is storing information thats too personal on this site.

Sun Jul 21, 2013 3:39 am Profile PM
Sat
Star Angel
Warnings:
Posts: 7357

Post Quote
@psionx:
They new type is salted and also has a new encryption.


_________________

Some people say, universe is a Star Ocean!
Latest LAH Blog post: In need of a cleanup from 29th June

Can't use Moneybookers or Payza? PM me for alternative donation ways
We now also accept Bitcoin.

Got a suggestion on how we can improve LAH? Post it here or vote for other people's suggestions!
Sun Jul 21, 2013 9:42 am Profile PM WWW Skype
ult_combo
Matrix Angel
Warnings:
Posts: 1237

Post Quote
psionx:
are the passwords on this site salted or did you just change the encryption type.
As Sat mentioned, it is not only salted but the salt is unique for each hash. Also, I don't think "encryption" is a suitable word, as encryption usually means a 2-way algorithm which can be unencrypted. Both old and new systems use single-way cryptographic hashing algorithms.

We've replaced an old integrity-checking hashing algorithm (focused in speed) by a proper password hashing algorithm, that is, it has an extra workload in accordance with Moore's Law which makes brute-forcing literally millions of times slower, but not too slow that'd expose us to DDoS attacks. While the old hashing system would take very few microseconds to compute, the new one takes a small fraction of second which, as I've said, slows down brute-forcing drastically.

psionx:
though I don't think it matters much since no one is storing information thats too personal on this site.
Yes, you're correct stating that we do not have much of your info to protect in this site. However, this security improvement is very important because:

1. People tend to use the same pass over different sites. It is not people's fault, it is to be expected and it is our duty to keep these passes safe. With our increased security, hackers won't get these passes so easily.

2. Even in the worst case, in case our passwords db got stolen, the new hashes are generated by a single-way algorithm with an unique salt for each, hence hackers would still have to brute-force each one of the passes rendering the passwords db not so useful.

3. Our moderators and admins have a lot of power within the site, if one of us were to be hacked then the effects on the site would be catastrophic. The new hashing algorithm plays a critical role here turning brute-force attacks infeasible.

Of course, this doesn't prevent hackers from guessing passwords and trying dictionary attacks, so as we do our part, users shall do theirs too choosing secure passwords to stay safe.


_________________
My main MF acc was suspended, use other mirrors until I re-up it all to a new host.



There is no knowledge that is not power.
Our only limitations are those we set up in our own minds.
Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.
Measuring software productivity by lines of code is like measuring progress on an airplane by how much it weighs.
Programming is an art form, whose real value can only be appreciated by another versed in the same arcane art.
Sun Jul 21, 2013 6:48 pm Profile PM MSN Skype
StreetNinjaZX6
Beginner Angel
Warnings:
Posts: 10

Post Uh.. Quote
@Ult_combo
I pretty much understood every other word, if that. But I'm sure it makes sense to somebody.

Thu Jul 25, 2013 5:04 am Profile PM
ult_combo
Matrix Angel
Warnings:
Posts: 1237

Post Quote
No worries, I'm pretty much used to talking to the forum's imaginary walls. Razz


_________________
My main MF acc was suspended, use other mirrors until I re-up it all to a new host.



There is no knowledge that is not power.
Our only limitations are those we set up in our own minds.
Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.
Measuring software productivity by lines of code is like measuring progress on an airplane by how much it weighs.
Programming is an art form, whose real value can only be appreciated by another versed in the same arcane art.
Thu Jul 25, 2013 5:10 am Profile PM MSN Skype
Zevs
Yandere Angel
Warnings:
Posts: 444

Post Quote
The walls are used to reading your posts.


_________________
Instead of getting a wife, I learned two languages to read loli doujinshi. FML
***
What do you believe in? How much time do you have?
***
Sex is no fun if sister doesn't get pregnant.
Fri Jul 26, 2013 2:39 pm Profile PM WWW
harryc
Bronze Angel
Warnings:
Posts: 22

Post Quote
A note to everyone: I help on a couple of adult forums, and the Chinese botnet has been doing a slow-speed dictionary attack on our sites for over a year now.

In short: when you change your password, don't use something that's prone to a dictionary attack. No names, no words: use a mix of garbage and your account will be safe from this latest round of attacks.

What I see in the logs is that someone that has logged in within the last couple of weeks gets targeted, and a single failed login shows in the admin logs. Each time is a different member, looks like someone chosen at random from the last 2 weeks worth of posts or online status.

This is *not* coming from a server farm, but rather from a huge array of zombied home PCs that were infected with rootkits or something similar. I see the attempts from garden-variety ISPs all over the planet, with the failed login attempt from an IP address that our members have never used.

Since it's hitting both of the forums I help on, I can only presume that it's happening here at LAH as well. Luckily it's such a slow-speed attack that the likelihood of the botnet ever breaking a password is very low. I only see one attempt every 10 to 30 minutes, on average.

Mon Aug 05, 2013 1:56 am Profile PM
Sat
Star Angel
Warnings:
Posts: 7357

Post Quote
We put in a captcha on every 3 wrong attempts, also I am curious as to how successful this "30 minute bruteforce" actually is Razz


_________________

Some people say, universe is a Star Ocean!
Latest LAH Blog post: In need of a cleanup from 29th June

Can't use Moneybookers or Payza? PM me for alternative donation ways
We now also accept Bitcoin.

Got a suggestion on how we can improve LAH? Post it here or vote for other people's suggestions!
Mon Aug 05, 2013 3:58 pm Profile PM WWW Skype
nyadare
VIP Angel
Warnings:
Posts: 46

Post Quote
ult_combo:
No worries, I'm pretty much used to talking to the forum's imaginary walls. Razz

I fortunately understood all of it so yay for not being a wall~

-Nya


_________________
RAWR
Wed Oct 02, 2013 12:21 pm Profile PM Skype
tfstefanik
Newborn Angel
Warnings:
Posts: 1

Post Quote
Didn't know people still attempted brute force attacks its way to slow to work even without the new hashing algorithm that dramatically slows it down and technically your still vulnerable to a DoS but I doubt you would just broadcast all your security for all to read but just wanted to say I'm not a wall man!

Sun Dec 14, 2014 10:09 am Profile PM
Display posts from previous:    
Compose reply Little Angels Hentai Forum Index » Announcements All times are GMT
Page 1 of 1

 
Jump to: 
You cannot post new threads in this forum
You cannot reply to threads in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Do not upload or mention any illegal content. Violators will be reported to the authorities. You are responsible for your uploads and actions.
If it is illegal for you to view adult lolikon material in your current location, leave this site immediately.
LAH is in compliance with DMCA.
LAH works best with JavaScript enabled. Enable it for a better experience. (´・ω・`)
Your browser is outdated and insecure! Please update your browser to fully enjoy LAH.