Not true. That only happens if your ISP has a large pool of extra addresses. I've had the same IP address for about 6mo now, inc. after two power outages lasting 2+ hours.
If your ISP has fully transitioned to IPv6, you will likely have a static IP forever since they can do IPv4 to IPv6 via NAT in a fully seamless way.
I don't have a dedicated IP address, my provider uses DHCP to allocate addresses, so all anyone would have is a general idea of location. They would have to get a subpoena for my provider to identify me. I live in Cape May County, NJ, I'm not afraid to post it.
Not that I care anyway, I have nothing to hide and I'm totally self sufficient and can't be cancelled.
Never owned a gun in my entire life, in the past year bought 7. Still lacking ammo, but I'm ready to defend my family. Wouldn't hurt a flea unless attacked, then game on.
"Encrypted password" which is useless because that is the point of encryption. Also, password managers are great. Highly suggest using one. Just got a new device and I could log into everything effortlessly and URL spoofing does not work because the manager only inputs info on the correct URL.
You can figure it out, but it takes some time. Always use good passwords, and it will go a long way. Also, for every breach you hear about, there are plenty more you don't.
A 16 character password randomly consisting of upper and lower case letters and numbers only using bcrypt with a cost factor of 10 would take ~6.046727765959351e+18 years to crack on a single Nvidia 2080Ti.
The Gab passwords are hashed using bcrypt. I don't know what their cost factor was configured as.
If your password is a word or a common word/number combination, and I have the encrypted hash, I can break it in a few hours, maybe a day. (edit: ran the calculations for another post, it takes 25 minutes to crack any common password, even with bcrypt)
If it's not, it might take days-weeks depending on how long it is and which algorithm they used. If it's under 8 characters, there are databases that can break it instantly.
(Edit: As sordifPontification points out, these don't apply to bcrypt, especially if it's salted as it should be)
Gab is based on Mastodon which uses bcrypt to store password hashes. There are no rainbow tables for bcrypt for anything 8 characters or less. For under 8 characters, the rainbow tables would be ~211 296 876 372 480 bytes in size. Plausible given current storage but very unlikely.
Edit: And this calculation is probably off by an order of magnitude as I forgot about the salt and was basing this off the hash length.
Edit edit: Plus a 16 byte salt renders rainbow tables completely useless.
im less worried about hashed passwords than the statements beign made that the site was vulnerable to sql injection that byasses passwords. Its basic security vulnerability 101 and shouldnt have existed.
The only thing they get from me is my password that is easily changed, my public post history and my fake e-mail account created to join Gab.
They get absolutely nothing of any value from me at all.
Your IP changes every time you disconnect your modem unless you have a static IP.
That is not usually true. IP changes when the dhcp lease expires
Not true. That only happens if your ISP has a large pool of extra addresses. I've had the same IP address for about 6mo now, inc. after two power outages lasting 2+ hours.
If your ISP has fully transitioned to IPv6, you will likely have a static IP forever since they can do IPv4 to IPv6 via NAT in a fully seamless way.
I don't have a dedicated IP address, my provider uses DHCP to allocate addresses, so all anyone would have is a general idea of location. They would have to get a subpoena for my provider to identify me. I live in Cape May County, NJ, I'm not afraid to post it.
Not that I care anyway, I have nothing to hide and I'm totally self sufficient and can't be cancelled.
Thats basically how i feel. Go ahead and send the faggots and trannys after me. I have enough 5.56 for all of them.
On the bright side, they will never be women.
Never owned a gun in my entire life, in the past year bought 7. Still lacking ammo, but I'm ready to defend my family. Wouldn't hurt a flea unless attacked, then game on.
Thanks to DHCP, knowing someone's naked IP addy will, in most cases, only tell you what ISP they use (unless they specifically pay for a static one).
I'm on a rural ISP, which means that even if I didn't use a VPN, the potential dox'er would have parts of five counties across two states to search.
Source IP wasn't mentioned in the breach but that doesn't mean that data doesn't exist.
Cloudflare owned by prominent Dems
"Encrypted password" which is useless because that is the point of encryption. Also, password managers are great. Highly suggest using one. Just got a new device and I could log into everything effortlessly and URL spoofing does not work because the manager only inputs info on the correct URL.
You can figure it out, but it takes some time. Always use good passwords, and it will go a long way. Also, for every breach you hear about, there are plenty more you don't.
A 16 character password randomly consisting of upper and lower case letters and numbers only using bcrypt with a cost factor of 10 would take ~6.046727765959351e+18 years to crack on a single Nvidia 2080Ti.
The Gab passwords are hashed using bcrypt. I don't know what their cost factor was configured as.
If your password is a word or a common word/number combination, and I have the encrypted hash, I can break it in a few hours, maybe a day. (edit: ran the calculations for another post, it takes 25 minutes to crack any common password, even with bcrypt)
If it's not, it might take days-weeks depending on how long it is and which algorithm they used. If it's under 8 characters, there are databases that can break it instantly. (Edit: As sordifPontification points out, these don't apply to bcrypt, especially if it's salted as it should be)
No.
Gab is based on Mastodon which uses bcrypt to store password hashes. There are no rainbow tables for bcrypt for anything 8 characters or less. For under 8 characters, the rainbow tables would be ~211 296 876 372 480 bytes in size. Plausible given current storage but very unlikely.
Edit: And this calculation is probably off by an order of magnitude as I forgot about the salt and was basing this off the hash length.
Edit edit: Plus a 16 byte salt renders rainbow tables completely useless.
Good points on the bcrypt part. Editing my post above
It's been a long time since I've done anything in that world, How are passwords that consist of several real words with no numbers or symbols?
Several real words (3+) are very safe. Easy to remember and it just takes exponentially long for any algorithm to work it's way up to that point.
Yep. Another reason for password manager. Have 20+ character passwords that are random and use all possible characters.
im less worried about hashed passwords than the statements beign made that the site was vulnerable to sql injection that byasses passwords. Its basic security vulnerability 101 and shouldnt have existed.
Having different passwords for email, for each bank, from whatever, from social media is the way to prevent being harmed by hacks.
It is usually the lower security sites that get compromised then they use that information to target the valuable stuff