Get the Desktop App for Battle.net Now
- All your games in 1 place
- Log in once
- Automatic game updates
To establish a password P with Blizzard, a user picks a random salt s, and computes:
A recent Intel benchmark shows performance of 1024-bit and 512-bit ME on their i7 -2600 CPU (from 2011). Based on these numbers, I would extrapolate that the attacker can probably run over 100k 256-bit ME’s per second, for each CPU core they dedicate to the attack. At this rate, for each machine dedicated to cracking these passwords, they can check 100,000 of their top passwords against 400,000 usernames, per day. Since the attack happened over 5 days ago, millions of users’ passwords have likely already been cracked.
The prospect of an attacker holding your email address, password, and security question/answer is troublesome, to put it mildly. Blizzard is incorrect in claiming that SRP “is designed to make it extremely difficult to extract the actual password.” That they would make this statement is at best misleading and inaccurate, and dangerous if users believe their passwords are still actually safe.
Change your passwords. Change any passwords associated with that email address.
Threats of violence. We take these seriously and will alert the proper authorities.
Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.
Harassing or discriminatory language. This will not be tolerated.