While I've posited other alternatives as being more likely, there's still the chance that the gift links are being compromised due to a flaw in Humble's security. That security flaw is unlikely to be in the gift-link codes themselves [unless there's some sort of predictable pattern to their creation], but from the perspective of the users, the nuance of the difference isn't really relevant.
Comment has been collapsed.
[unless there's some sort of predictable pattern to their creation]
There is usually some predictability in it. It's incredibly difficult to create a pattern free algorithm. But it can still be an almost innoticable pattern, so yeah, it's most likely not in the link.
Comment has been collapsed.
There's always a pattern in coding, there's never a completely random, it's coded so it's never actually random. Same goes with Steam keys, but you don't see them being stolen as much as humble gift links lately? Also Steam keys have much less characters in them than Humble gift links. :P
Comment has been collapsed.
Actually, you can have it completely random with hardware generators. It's much slower than software, but you can use it to generate a seed from which you generate more numbers.
Comment has been collapsed.
i guessed one and got clickteam fusion :3
time to farm!
Comment has been collapsed.
Math - that's something YOU believe in.
Comment has been collapsed.
A fun picture, but inaccurate. Modern scientists now believe dinosaur bones were planed by satan to deceive mankind
Comment has been collapsed.
So I've got a quick question about the above proof.
Why is the world gonna end in 1e17 seconds?
I done a quick bit of mental arithmatic based on my vague memory of school maths. This is a little over 3 billion years right?
Other than that seems good proof :)
Comment has been collapsed.
It should be a little longer (based on entropy arguments I read in the past), but for your point it should be sufficient :)
Comment has been collapsed.
Lots of things will eventually destroy the earth. The first fairly certain one being the expansion of the sun in roughly 5 billion years.
Comment has been collapsed.
Problem is they can tho ... i lost some shity game awhile back and im 102% sure my account wasnt compromised .
Had to spend 10$ to give a game that i got for 3.27 as part of 8 games bundle ...
SO yeah , they CAN be guessed :) dont understimate the russians
Comment has been collapsed.
I think you are forgetting that 'guessed' means just that - I don't believe they can be brute forced - but statistics show that anyone can guess anything - that's what makes maths fun :-) - scurries back under rock and hides in shell....
Comment has been collapsed.
errrr - you did - in creating this thread :) - and I am not coming out from under my rock - cause I know you're gonna bop me on me shell :P
Comment has been collapsed.
DO I LOOK LIKE A TECHNICALLY INCOMPETENT COMPUTER OPERATOR??
Yes.
Sorry, I've been meaning to tell you- that outfit makes you look like a technically incompetent computer operator. :X
Comment has been collapsed.
CAN LOTTERY NUMBERS BE GUESSED WITH ANY ACCURACY, WITHOUT ANY INSIDE INFORMATION ACCESS??
Of course, why else would people play the lottery? :p
Comment has been collapsed.
Why do you take the logarithm of the number if you want to exponentiate it at the next line ? :)
An important remark that hasn't been made is that while we had a few reports on this forum of people where all gift links were hacked, we do not have a single report of people where only one git link was hacked.
This might convince math sceptics that people are actually NOT guessing the gift links. It would be almost impossible that only a few people would be impacted, and for all their links, if it were the case.
It indeed looks like a breach at HB, or at some individual users.
Comment has been collapsed.
Since multiple people reported their gift links being compromised, without any indication that the account being compromised as well (unless I'm remembering wrong? I admit I haven't paid much attention to this), wouldn't it mean that either there is actually some pattern or some other kind of possible security link?
Comment has been collapsed.
'1e9 times the remaining life of the universe per successful attempt'
But you're saying there's a chance? i better get started
Comment has been collapsed.
What they didn't consider is: If the chances are 1 out of a million (but it has to be exactly 1 out of a million) it is bound to happen. The chances are like 1 : 1 :D
Comment has been collapsed.
You are one confusing Corgi, I didn't get your thought. :)
Comment has been collapsed.
It's an idea that comes from one of my favourite Terry Pratchett books "Guards! Guards!" but I'm sure I didn't explain it as well as he did. There's a certain magic to the odds of one in a million... If something has just a 1 : 1.000.000 chance to succeed, it will succeed with absolute certainty. But the odds have to be exactly one in a million for that rule to apply ;)
It was ment mostly as an insider joke for Discworld fans :D
Comment has been collapsed.
I'm postponing Discworld for so long, it's embarrassing. The only thing from Pratchett I've read is "The unadulterated cat". The guy had a unique sense of humor, truly unmatched.
Comment has been collapsed.
Yea, he's the best when it comes to smart comedy (although Christopher Moore comes pretty close in his best books).
Discworld is amazing, specially the early ones, but he was extremly productive with ~ 50 Discworld novels so I get why that can be kind of intimidating. So if you maybe want to try something Stand-Alone I can highly recommend "Good Omens: The Nice and Accurate Prophecies of Agnes Nutter, Witch". He wrote it together with Neil Gaiman.
I have to admit I haven't read The unadulterated cat but I'll definintly check it out (although I'm more of a dog person :D).
Comment has been collapsed.
Thanks, Sundance! Good Omens was recommended to me before (maybe by TinyPurple, we talked on the topic before), so I'll have a look.
Comment has been collapsed.
The same basic argument showed up in Douglas Adams Hitchhiker's Guide to the Galaxy trilogy. Not sure which came first.
Comment has been collapsed.
Interesting. I completly forgot that.
By the way I find it quite funny how they still call it a trilogy although there are 6 books. The last one (by Eoin Colfer, which is surprisingly way better than the one that was made from Douglas Adams unfinished text fragments) even has part 6 of the Trilogy written on the cover :D
Comment has been collapsed.
answer from Humble Bundle support:
It appears that your keys were in fact compromised by a third party. I was able to reset/revoke the keys in question, while also revoking the keys that had been gifted away. This type of key theft does not happen often, but it does happen. We are currently in the process of making it more difficult for hackers and resellers to scrape URL for unused or unclaimed bundles or gift links.
Comment has been collapsed.
Bottom line: don't create gift links if you don't need them straightaway. If you need to organize your keys in a spreadsheet or so, just but the bundle URL there instead. Yes, this will waste 8 seconds of your precious time every time you need a gift URL. Sorry.
Comment has been collapsed.
There are more things in heaven and earth, Horatio,
Than are dreamt of in your philosophy.
Comment has been collapsed.
Your formula is the chance of a successful guess for ONE link.
You need to multiply by the current number of active links generated by HIB in their databases. It will still be low, but not as low.
If your results of 1e9 times the remaining life of the universe is correct, if HiB database have one million active link, they will only need 1e3 times the remaining life of the universe to guess one active link.
Comment has been collapsed.
You need to multiply by the current number of active links generated by HIB in their databases.
Good point.
Comment has been collapsed.
Don't forget parallelization and statistical analysis as tools to further increase success ratio. Math is never that simple. XD
Comment has been collapsed.
i leave out pieces when im trying to win an argument too, its an awesome way to skew the results and be correct ^^
Comment has been collapsed.
well surely the difference in guessing one specific link is much much more improbable than guessing ANY one link
"HUMBLE GIFT URLS CANNOT BE GUESSED" is an all inclusive statement
improbable that it will be your link, but impossible? i think not
Comment has been collapsed.
The reason your logic fails with guessing is that someone would not have to try all of those to get one and only solution (like a password), but there's many solutions and if you're lucky you can guess some on random.
Comment has been collapsed.
Obviously no one will guess them incrementally
https://en.wikipedia.org/wiki/Birthday_attack
Maybe the codes are generated something like
hash(current_time())or
hash(random_int(0, 1000000000))This would make it a lot easier to guess.
Comment has been collapsed.
Don't assume that just because a company is big, they understand security. Sony stored username, password & credit card information in plain text ;)
Comment has been collapsed.
But what if I use 5 billion computers? :o
Also, I guess no one would attempt to brute force them, it's more likely they'd try to guess/deduce the Humble Bundle algorithm. Similar to how key generators work.
Comment has been collapsed.
You don't need that many computers, just use graphic cards in-stand.
Comment has been collapsed.
it'd be a lot easier to brute force username / password combinations
Comment has been collapsed.
| Ranking | Password |
|---|---|
| 1 | Password |
| 2 | 123456 |
| 3 | 12345678 |
| 4 | 1234 |
| 5 | qwerty |
Comment has been collapsed.
good my password is safe, it's most of the way down that list
Comment has been collapsed.
A good password, and not reusing it. If a site gets hacked, and unsalted hashes for passwords gets leaked, it's entirely possible for passwords to get compromised. If you have a 20 letter long password that's not consisting of common words, you're probably safe, but if you have an 8 letter long password, even if you're not using any words in it, your password can easily get brute-forced by someone with a moderately powerful computer.
Comment has been collapsed.
yeah, my password is different on EVERY site/app i use. even a super password becomes shit once 1 of the sites you use it on gets hacked.
Comment has been collapsed.
lol url's guess.. yeah right.. =)
my first thought would be a humble employee found themselves a side business by snagging a chunk of the gifting database occasionally, there's the most likely leak/issue imo..
Comment has been collapsed.
hacks/breaches/insider leaks are more likely the cause to get your entire information/logins
stored on a mail stolen... even without being about as savvy as the next raw potato could be
- get breached 2012
- meme.jpg + wait-4.5-years.gif
- notify users 2016
/yahoo
Comment has been collapsed.
Comment has been collapsed.