Warning: Steem witnesses executed a hard fork on 2020-05-20, seizing 23.6M STEEM from 65 accounts. The funds were transferred to an account named @community321, the ownership (and intentions) of which have not been revealed. The witnesses claim to have been targeting accounts which defended against a hostile takeover in early March, but at least 2 accounts on the list have been inactive for over 4 years.

Coverage:
- Decrypt.io: Steem network to seize $5 million from its own users
- SteemPeak.com: Official Announcement by @softfork22888
- GitHub.com: view steemd HF23 changes

What you can do:
- Send exchanges a notice of the pending class action lawsuit.
- Switch to HIVE, the community-led fork. Visit Hive.blog and Hiveblocks.com.

Brute-Force MySQL Password From a Hash - Percona Database Performance Blog by kiraxoy

View this thread on steempeak.com
· @kiraxoy ·
$1.92
Brute-Force MySQL Password From a Hash - Percona Database Performance Blog
<center><img src="https://www.percona.com/blog/wp-content/uploads/2020/06/Brute-Force-MySQL-password.png" alt="Shared From DLIKE" /></center><br><p>most cases, MySQL password instructions provide information on changing MySQL user passwords on the production system (e.g., <a href="https://www.percona.com/blog/2014/12/10/reset-mysql-root-password-without-restarting-mysql-no-downtime/">reset root password without restart</a>). It is even recommended to change passwords regularly for security reasons. But still, sometimes DBA duties on legacy systems offer surprises and you need to recover the original password for some old users.</p><p>There is no magic: as long as only hashes are stored and not the original passwords, the only way to recover the lost password is to brute force it from the known hash.</p><h2>Note on Security and mysql-unsha1 Attack</h2><p>Interestingly, if a hacker has access to password hash and can sniff mysql traffic, he doesn't need to recover a plain text password from it. It doesn't matter how strong the password and how strong the hashing algorithm inside the auth plugin, due to MySQL protocol design, sniffed hash is enough to connect to a database with a patched version of MySQL client. It means, if a hacker has access to a database backup and traffic, he automatically receives all needed information (SHAs) for connecting to a running database. <a href="https://github.com/cyrus-and/mysql-unsha1">See for the attack details</a>.</p><p>Since MySQL 8.0, caching_sha2_password auth plugin is used by default, and this plugin brings a stronger sha256 function instead of sha1 used in mysql_native_password plugin. For authentication with caching_sha2_password plugin, it is also enough to have only a hash and be able to sniff traffic, <a href="https://mysqlserverteam.com/mysql-8-0-4-new-default-authentication-plugin-caching_sha2_password/">see for the implementation details</a>.</p><p>Still, if you want to have a password that works with an unmodified client, however, you need to do some hacking, see instructions below</p><br><center><br><a href="https://dlike.io/post/@kiraxoy/bruteforce-mysql-password-from-a-hash--percona-database-performance-blog">Shared On DLIKE</a><hr><br><a href="https://dlike.io/"><img src="https://dlike.io/images/dlike-logo.jpg"></a></center>
👍  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and 1538 others
properties (23)
post_id86,328,409
authorkiraxoy
permlinkbruteforce-mysql-password-from-a-hash--percona-database-performance-blog
categoryhive-116221
json_metadata"{"community":"dlike","app":"dlike\/3","format":"html","image":["https:\/\/www.percona.com\/blog\/wp-content\/uploads\/2020\/06\/Brute-Force-MySQL-password.png"],"url":"https:\/\/www.percona.com\/blog\/2020\/06\/12\/brute-force-mysql-password-from-a-hash\/","body":"<p>most cases, MySQL password instructions provide information on changing MySQL user passwords on the production system (e.g., <a href=\"https:\/\/www.percona.com\/blog\/2014\/12\/10\/reset-mysql-root-password-without-restarting-mysql-no-downtime\/\">reset root password without restart<\/a>). It is even recommended to change passwords regularly for security reasons. But still, sometimes DBA duties on legacy systems offer surprises and you need to recover the original password for some old users.<\/p><p>There is no magic: as long as only hashes are stored and not the original passwords, the only way to recover the lost password is to brute force it from the known hash.<\/p><h2>Note on Security and mysql-unsha1 Attack<\/h2><p>Interestingly, if a hacker has access to password hash and can sniff mysql traffic, he doesn't need to recover a plain text password from it. It doesn't matter how strong the password and how strong the hashing algorithm inside the auth plugin, due to MySQL protocol design, sniffed hash is enough to connect to a database with a patched version of MySQL client. It means, if a hacker has access to a database backup and traffic, he automatically receives all needed information (SHAs) for connecting to a running database. <a href=\"https:\/\/github.com\/cyrus-and\/mysql-unsha1\">See for the attack details<\/a>.<\/p><p>Since MySQL 8.0, caching_sha2_password auth plugin is used by default, and this plugin brings a stronger sha256 function instead of sha1 used in mysql_native_password plugin. For authentication with caching_sha2_password plugin, it is also enough to have only a hash and be able to sniff traffic, <a href=\"https:\/\/mysqlserverteam.com\/mysql-8-0-4-new-default-authentication-plugin-caching_sha2_password\/\">see for the implementation details<\/a>.<\/p><p>Still, if you want to have a password that works with an unmodified client, however, you need to do some hacking, see instructions below<\/p>","type":"share","category":"Technology","tags":["hive-116221","dlike","password","hash","hacking","brute","force"]}"
created2020-06-13 05:52:24
last_update2020-06-13 05:52:24
depth0
children1
net_rshares3,620,598,080,956
last_payout2020-06-20 05:52:24
cashout_time1969-12-31 23:59:59
total_payout_value0.984 SBD
curator_payout_value0.935 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length2,318
author_reputation14,565,766,155,244
root_title"Brute-Force MySQL Password From a Hash - Percona Database Performance Blog"
beneficiaries
0.
accountdlike
weight750
1.
accountdlike.fund
weight250
max_accepted_payout900.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (1602)
@upvotebank ·
<center>UpvoteBank</center> | <center>Your upvote bank</center>
------------ | -------------
![__2.jpg](https://steemitimages.com/DQmfDxvv4NLs3knYT7B2mHgE5ArnkheNmDSLydKKTfBwokj/__2.jpg) | This post have been upvoted by the @UpvoteBank service. Want to know more and receive "free" upvotes click [here](https://steemit.com/steemit/@upvotebank/gzsr5aw6)
properties (22)
post_id86,328,415
authorupvotebank
permlink20200613t055245693z
categoryhive-116221
json_metadata{"tags":["comment"],"app":"steemjs\/comment"}
created2020-06-13 05:52:45
last_update2020-06-13 05:52:45
depth1
children0
net_rshares0
last_payout2020-06-20 05:52:45
cashout_time1969-12-31 23:59:59
total_payout_value0.000 SBD
curator_payout_value0.000 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length354
author_reputation52,749,970,637,026
root_title"Brute-Force MySQL Password From a Hash - Percona Database Performance Blog"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000