Furry Megathread - Furry Things Here

[Headcrab Zombie]

Claiming they salt them doesn't mean they actually do it properly



Granted, the key word here is "allegedly"
but knowing FA I wouldn't put it past them

[Ad Bot]

[Foxscotch]

Also salting hashes doesn't do very much in a situation like this. It can help when only a database is breached, since the attackers may not know what the salt is or how it's used. However, in this case the entirety of FA's source code was stolen, so they most likely would have figured out what the salt was anyways if they used one.

each user should have their own unique salt, which is stored in the database like all of the other user information. having the source code won't help you any if the hashes are salted properly. and it's not supposed to prevent brute forcing (although it may make it slightly slower), it's intended to prevent you from using rainbow tables

[Ipquarx]

Claiming they salt them doesn't mean they actually do it properly



Granted, the key word here is "allegedly"
but knowing FA I wouldn't put it past them

I'd like to see the source for this rofl

[Headcrab Zombie]

I'd like to see the source for this rofl

I don't have a source that that's the actual exact code
But there's an onion site that shows who has same passwords:



The first same password account is "Nipnip" (some silly joke name I made for some reason) and the second is of course "Adam487" All three are my accounts,  and all three have the same password.

Now,  if passwords were salted, how would they know these have the same password? They would have to individually brute force every single user's password hash. Not viable.

Conclusion: passwords are not salted

Also salting hashes doesn't do very much in a situation like this. It can help when only a database is breached, since the attackers may not know what the salt is or how it's used. However, in this case the entirety of FA's source code was stolen, so they most likely would have figured out what the salt was anyways if they used one.

I don't think you know what salt is. Salt is a) randomized per user,  not hard coded, and b) stored plain text in the user table. It's not an encryption key, it doesn't need to be secret, that's not it's purpose.  You append it to the user's password before hashing, and since each user has a unique salt, even users with the same password will have different hashes. This stops rainbow tables from working; you'd need to compute a separate rainbow table for every salt.
(So yeah,  what Fox said. ..)

[Frontrox]

[Cybersix]

God, if it weren't for the jpeg, that pic would be priceless

[Frontrox]

Hey guys wanna yiff???

[Pastrey Crust]

forget me harder
forget me better
forget me faster
forget me stronger

[Frontrox]

forget me harder
forget me better
forget me faster
forget me stronger

Bad 

[Headcrab Zombie]

[Cybersix]

>blue
>on a fox
Eww

[Foxscotch]

>blue
>on a fox
Eww

there's about to be blue on ur face if u don't shut up

[Headcrab Zombie]

>blue
>on a fox
Eww

thats a husky u dummo

[Ipquarx]

thats a husky u dummo

ya
and blue is gr8 on huskies

[Pastrey Crust]

but huskies aren't orange!!!