|
Title: No MTGOX user hacked!! Post by: darre on June 20, 2011, 10:14:42 AM The only one losing BTC is the same admin that got stuck in a botnet and lost the FTP password.
thats why the botnet spreader(not hacker.....) released the Datepase :) becouse its useless without the salt K STOP WORRYING Title: Re: No MTGOX user hacked!! Post by: Dhomochevsky on June 20, 2011, 11:41:11 AM A good chunk of the passwords use MD5 hashing, I think it's the early ones. Those have already been cracked and posted online. The later ones, those past 3000 or so are indeed salted as far as I know. But either way, it's much safer to change passwords once mtgox is back up. Also, mtgox should go to great lenghts to assure people this will never happen again.
Title: Re: No MTGOX user hacked!! Post by: Edward50 on June 20, 2011, 12:22:40 PM Why would someone release the passwords? How would that help anyone?
Title: Re: No MTGOX user hacked!! Post by: Bruce Wagner on June 20, 2011, 12:30:51 PM Wait till you hear today's show...
Title: Re: No MTGOX user hacked!! Post by: Epinnoia on June 20, 2011, 12:39:51 PM A good chunk of the passwords use MD5 hashing, I think it's the early ones. Those have already been cracked and posted online. The later ones, those past 3000 or so are indeed salted as far as I know. But either way, it's much safer to change passwords once mtgox is back up. Also, mtgox should go to great lenghts to assure people this will never happen again. Looking at the csv file, it seems that all accounts beyond the 3040 mark have "$1$" in the beginning of them. And many of the ones prior have it as well -- probably those who changed their password after the salting feature was added. Quote The benefit provided by using a salted password is rendering a simple dictionary attack against the stored values rather impractical provided the salt is large enough. That is, an attacker would not be able to create a precomputed lookup table (i.e. a rainbow table) of hashed values (password + salt), because it would take too much space. http://en.wikipedia.org/wiki/Salt_%28cryptography%29 Title: MTGOX user hacked!!!!! Post by: Jeffpod on June 20, 2011, 01:20:22 PM My account was hacked and they stole my money from my mybitcoin.com account this morning.
Title: Re: No MTGOX user hacked!! Post by: Tril on June 20, 2011, 01:21:05 PM Why would someone release the passwords? How would that help anyone? It's proof they accessed the database. The real treasure is the rest of the database, which we should assume an auditor also had access to: balances, account history, bitcoin addresses, and possibly: Dwolla account numbers and IP addresses used to access mtgox, none of which were included publically. The thief still intends to sell this information, and probably already has. Title: Re: No MTGOX user hacked!! Post by: ploum on June 20, 2011, 01:24:54 PM Wait till you hear today's show... Do you mean episode 005 or an upcoming 006? Is there a way to have the information written somewhere? (I'm a really quick reader but I miss a lot of stuffs during a 48min show, especially because English is not my native language) |