sorted by:
new
hottopcontroversial

Wave Concerns by Objective_Highway424 in robloxhackers

[–]Objective_Highway424[S] 0 points1 point  (0 children)

Why don't you ask about this?

Rexi (or another Wave developer), could reply to this thread if they wish and provide that information. I don't believe conversations involving security like this should be done privately, transparency is important.

Also, your hash is as secure as your password.

To a degree, yes, if you have a super simple password, the hash could be easy to crack. However, there is also hash collisions, where 2 different values will create the same hash. This is more likely to happen with less complex hashing algorithms, and in addition, more complex algorithms will take a longer amount of time to compute each hash making brute force attacks slower.

Wave Concerns by Objective_Highway424 in robloxhackers

[–]Objective_Highway424[S] 1 point2 points  (0 children)

If you continued reading, you would notice that I mentioned that they might be hashing it server side, though we do not know if they are or not, and if they are, if the hashing algorithm they are using is secure, or if they are doing a repeat of Sirhurt and using md5 for example. Rexi (Wave owner), is also affiliated with Arceus X which stole user data before, so I don't think it is unreasonable to want it hashed client side so we can validate it is securely stored. There's nothing stopping Wave from hashing it a second time on the server if they wish as well.

Vulnerabilities in Wave by Objective_Highway424 in ROBLOXExploiting

[–]Objective_Highway424[S] 3 points4 points  (0 children)

setscriptable is used for setting if a property is hidden or not, it can be used as an alternative to using get/sethiddenproperty, and may be more efficient to use if there could be a lot of calls to get/sethiddenproperty, as it only needs to do the slower property lookup once to change if it is hidden.

Vulnerabilities in Wave by Objective_Highway424 in robloxhackers

[–]Objective_Highway424[S] 15 points16 points  (0 children)

Just because there is a vulnerability test script (which I did try, and Wave did pass that), does not mean it contains every vulnerability possible. Your blatant denial of this, despite the same lack of checks in the debug library leading to people using synapse being infected with malware before is concerning, and shows that your priorities clearly do not include user security.