Bitcoin Forum

I'd like to communities opinion on this. This is a hypothetical situation..... ;)

Do you guys think its OK (legally or morally) for a website owner to bruteforce the password hashes of a number of users of their website, and then use the resulting passwords to access their accounts on other websites and email addresses?

Do you think it makes a difference if its part of an investigation into possible scamming?

Do you think it makes the website owner less trustworthy?

What if the website owner is being trusted with millions of dollars worth of BTC?

Do you think its worse if the owner gave the hashes to someone else and paid them bruteforce it?

What if you had proof that a website owner did this, would you prove it to the community?

Completely immoral, Horribly wrong and possibly illegal. If you are a web master/ site owner you should not have to ask these questions.

Why all the crap?  Spit it out.  Present your proof.  Get on with it.

It is not OK, it is dumb to bruteforce the password hashes of a number of users of their website, because before the password was hashed, the password was known to the website owner  :P

Not if the password was hashed by the client.  In this case the unhashed password is never available to the server.

I don't get it, why you wanna hack yourself? don't you already have password for all of them?

Of course its not ok. I remember Yahoo wouldn't even release the password of a dead soldier to his family. If I had evidence of it of course I'd share it with the community.

What kind of a question is this  ???

No ethical web designer would ever exploit user accounts in any way let alone cracking passwords. It is wrong of any webmaster to want to crack their user's passwords on more levels than I can even fathom. I would never recommend any behavior of this nature. I also do not recommend abusing a user's trust in any other way either.