Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 11 Aug 2012 15:10:52 -0700
From: Francois Pesce <>
Subject: Re: SRP


Just FYI, because you missed a response from epixoip on IRC:
04:46 <@solardiz> why did blizzard warn their users if no data actually
05:05 -!- solardiz [] has quit [Quit: Leaving]
11:28 < epixoip> blizzard database hasn't been leaked as far as anyone
knowns. seems like blizzard noticed it through log review, artifacts,
whatever then disclosed it. wasn't discovered through a leak.
11:31 < epixoip> solardiz, regarding "why did blizzard warn their users if
no data actually leaked" -- in the US we have data breach laws which state
that if you have reason to believe that any personal information has been
compromised you must notify the public

We are all speculating here, this is the problem with US companies & their
press people (other example: does anyone here know how exactly LinkedIn was
compromised? 1M $ in forensics and the journalists keep saying it's a
simple SQLi problem, I've not seen any official communication from LinkedIn
on this subject :

Thank you very much Dhiru for the link. I'm still amazed by the work of the
reverse engineers that tried to develop private server and had to deal with
all these authentication problems.


On Fri, Aug 10, 2012 at 11:27 PM, Dhiru Kholia <>wrote:

> On Sat, Aug 11, 2012 at 10:05 AM, Solar Designer <>
> wrote:
> > On Sat, Aug 11, 2012 at 06:26:37AM +0400, Solar Designer wrote:
> >> SHA-1's (or whatever hash Blizzard used)
> >
> > Apparently, it's in fact SHA-1:
> I have read that 2.0 uses SHA-256.
> Source:
> --
> Cheers,
> Dhiru

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.