Hello, mangadex user here.

Grating cheese fellow mangadex user

Hello frens

Greetings, fellow mangadex users.

Hello

same i came from there 😂

Stonks

I also came from there 😂😂

Pretty sure we all came here because we were bored

STONKS

It's dead tho.

It doesn't seem to be active tho and even when it was active it seemed to be a mix of conferences and someone's garbage bin, this seems like the most useful thing on it. Nice to have this though since clicking around all the other videos on this are needlessly complicated (one even turning "what is plain text?" into a drawn out and complicated explanation, wtf)

no one cares

same

Joke's on you, the hackers are weebs, too.

meaning?

Mine's too personal so it might as well be random

problem is, if one of mangadex user uses a password that he has in his dictionnary, he would be able to find all the other passwords using their hash. He just has to find one match to get all the others (I guess, the video does'nt make that point very clear but, I assume that is the way it works)

From what I understand: "abc123" + "salt" => [bcrypt] => "ab7qru.." Salt can be any string of characters and is protection against dictionary attacks (hackers generate a dictionary of common passwords and test it against the database). Generally, salt is unique for each user taking account their join-date, their age, etc. If we take that into account, it can turn into: [salt] = [join date] + [age] ^ 2 [password-digest] = bcrypt([password] + [salt]) TLDR = It takes a long time to decrypt a single password from a single account.

haha

you were lied to. this video is garbage

don't share your worthless thoughts

also stoked for the new mangadex!

if your on chrome go to settings then passwords

it's 2021 use a password manager goddammit!

salt is not static but random

Exactly, mine has been leaked and in the wild since 2010, so it's old news! there's nothing of value behind that password.

@@AJ-po6up even if they try to use it on other website, the most they'd get out of it would be some edgy comment list I made years ago. Nothing of value was lost. That's why I always use my leaked password for non crucial websites lol.

Depending on how old you are, md5 would've been fine for the computing power of the day

Mangasee ig

I used to read from the scanlators' respective websites, but I recently found Manganeko.net and it has no ads so its pretty good.

No, it should be unique. Like a project/operation name, with numbers (birthday date, or other for you meaningful dates).

BCrypt uses a single per-user salt. You just hash it over and over again to slow the hashing process. The salt is actually embedded in the hash itself with the work factor (Format looks like $bcryptVersion$workFactor$saltHash) so you do have the salt for everyone. But that means you can't bruteforce all your database with that salt, only a single user.

what do you mean?

@@vampante that is, I did not understand well.

Brute force, rainbow, dictionary

Yes...ish. Their list of 'common passwords' likely approximates 'every leaked password ever'. It's just text, the space and power to store it and run through it is negligible. If your password is literally unique in the universe, then yes, a dictionary attack would not work against it. If your password is an 8-letter English word, it almost definitely is on the dictionary. So anyone thinking 'my password is secure because it's not on the Top 10 Most Used Passwords List' is kidding themselves.

That is basically it. When you log in the app will encrypt the entered password and compares it with the stored password hash. If they match, the user entered the correct password. In the case the salt gets somehow changed, users will not be able to log in anymore as it will produce different hashes as the stored password hashes did not change.

The hashing algorithm takes computational work, which takes time. It's designed to be slow by just doing more and more computational work, the attacker knows the exact computations he needs to do to get the same hash, but he needs to do it on every password he tries to guess. So if the computation takes 10 seconds, then each guess of his will cost him 10 seconds which he will have to go through for each of his guesses.

@@jellyrabbits375 Appreciate the response, but it didn't actually explain anything. Just said the same things with different words.

A simple password change should be safe, unless you use the same password in other websites, i suggest you change them all if ever the breacher decides to expose the info.

@@kanoccino or 2FA; if the website does not have that then just do what Kael H is saying.

I think he means the hashes are more complex and longer, therefore slower to generate. imagine if md5 takes the original string and turns it into a hash after 10 steps. Bcrypt turns it into a hash after like 50 steps. therefore for a list of the Dictionary Hash (assuming the hacker tries to make one that has a list of top 10,000 common passwords for example) it becomes like 50,000 times LONGER to generate the whole dictionary hash. imagine if the md5 dictionary hash it takes 1 minute to create and for bcrypt dictionary hash takes 50,000 minutes or a whole month. That's an insane difference. take this with a grain of salt ( _haha_ ) since I'm not a code-person but I think that's pretty much it

I was panicking because i thought I couldn't read the new part 8 chapter

thank god i read it on mangadex a year ago

so the part he got wrong is just how the salt works then?

lmao tbh relate, I've lost like 30% of accounts I've made as a kid on kiddie flash game websites