19 comments

[ 2.8 ms ] story [ 59.8 ms ] thread
I wrote a ruby gem to help manage project euler problems a few months ago.

https://github.com/yaworsw/euler-manager

Most of the problem descriptions are in the data/problems directory. You could use the gem to continue to do most of the project euler problems.

If I can say anything to the admins, it would only be that I very much appreciate being open and clear about it, and of course confirming that passwords were hashed. It was the only piece of personal information I had on the site.

Project Euler admins, thank you and good luck in resolving the matter.

Edit: Upvotes! Well if I can add to this message: so far 12 other people agree and want to wish you good luck as well it seems :)

> Passwords at Project Euler are strongly encrypted using a one-way hash

This does not instill confidence. Hashes are not encryption. Furthermore there is an enormous difference between "we store your password as a single round of MD5" and "We use pbkdf2/scrypt to store your password".

Sure, but Project Euler is a labor of love, not a high volume e-commerce site.

It makes sense that they'd start with a hash and not change it for years. I'm not angry or surprised at this disclosure, and appreciate their honesty.

With a random salt otherwise rainbow tables are still "go", as it were.
My reading of that statement is that "Passwords are strongly encrypted" means that they are stored securly such that the cannot be 'decrypted' even by someone with access to the database. This phrase is intended for people without crypto knowledge who would not know what a one-way hash is. The "using a one-way hash" phrase is intended for people who do have this knowledge and clarifies that they are actually using a hash function, and that the previous statement was just a simplification for lay people.
Thanks for being open.

The fact that someone has the hash of your password is still cause for concern though.

Especially if it is a Euler champion that has the hash :/
Well they managed to hack Project Euler, they can't be tech illiterate. That and some extra pocket money usually gets you pretty far in the password cracking business.
If you're looking for your Project Euler fix while the site is down you can checkout http://www.problemotd.com/ Tons of short programming and logic puzzles on there.
If you're jonesing for other problems, I keep a list of all sorts of programming (and security) challenges at http://hackertainment.net. (Shameless plug but I have no ads or even analytics, it's just a thing I do.)
Anything members can do to help get it back up?
> strongly encrypted using a one-way hash

That does not make me feel better. I sincerely hope that the writer of that page is not the same person who wrote the backend to the site.

Thanks PE admins for being open and managing the issue professionally. I really hope you can fix it quickly and be back with you glorious website. If it takes too long I will go cold turkey!! Love
It really saddens me that this happened. And when I wondered why someone would do that, I got reminded of the dialogue from The Dark Knight "Some people just want to watch the world burn." :|
Yes - such a great site. There should be no agenda against it.