Bitcoin Forum
May 30, 2024, 12:28:39 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Other > Off-topic > The dictionary attack
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: The dictionary attack  (Read 587 times)
Fiyasko (OP)
Legendary
*
Offline Offline

Activity: 1428
Merit: 1001


Okey Dokey Lokey


View Profile
March 27, 2013, 03:46:44 AM
 #1
So i've been seeing Alot of "my mt.gox account was hacked" "my xbox account was hacked" "my facebook account has been hacked" Etc...
About a month or so ago i read (on twitter) that the group known as "anonymous" released a 10-11gb (compressed) Text file of known passwords and common words aswell as things like the Gutenburg dictionary, they also hinted that they were using hashcat.

So basically all im saying is that people seem to have forgotten what a "safe" password really is.
http://xkcd.com/936/ <-comical evidence

When someone has a 11gb dictionary file, and a good amount of hashpower, they can ram though hundreds of passwords
And no, things like "oh well they may know the password qwerty54321 like i used at one point, but how about if its qwerty554231"

Anyone who has the desire to run a dictionary attack, is going to be smart enough to add wildcards and compensations to "hit" your password.
I feel that the dictionary file that was released is being used on money related internet accounts, and as such, that is why we (or atleast I) are seeing so many incidents of "i got hacked"
http://bitcoin-otc.com/viewratingdetail.php?nick=DingoRabiit&sign=ANY&type=RECV <-My Ratings
https://bitcointalk.org/index.php?topic=857670.0 GAWminers and associated things are not to be trusted, Especially the "mineral" exchange
Mike Christ
aka snapsunny
Legendary
*
Offline Offline

Activity: 1078
Merit: 1003



View Profile
March 27, 2013, 05:09:57 AM
 #2
I've attempted the random-phrase password before.  I got bored with trying to type it all out every single time I wanted to login tho Tongue  All things considered, I should probably switch back to the phrase.  You get so used to using the same few passwords that eventually it all crumbles down, so better to have one really oddball password than several easily found passwords.  Heck, several oddball passwords will ensure maximum security.  Only problem is, some sites have a strict limit on how many characters a password can be Undecided
Digital Painting, Illustration, Character Art
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
March 27, 2013, 07:01:28 AM
 #3
Quote from: JackRabiit on March 27, 2013, 03:46:44 AM
So i've been seeing Alot of "my mt.gox account was hacked" "my xbox account was hacked" "my facebook account has been hacked" Etc...

Fortunately there is also two-factor authentication, rendering dictionary attacks essentially worthless for compromising the login credentials.

Which Two-factor authentication methods are available at which exchanges?
 - http://bitcoin.stackexchange.com/a/4114/153
Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
Fiyasko (OP)
Legendary
*
Offline Offline

Activity: 1428
Merit: 1001


Okey Dokey Lokey


View Profile
March 27, 2013, 07:51:08 PM
 #4
Quote from: Stephen Gornick on March 27, 2013, 07:01:28 AM
Quote from: JackRabiit on March 27, 2013, 03:46:44 AM
So i've been seeing Alot of "my mt.gox account was hacked" "my xbox account was hacked" "my facebook account has been hacked" Etc...

Fortunately there is also two-factor authentication, rendering dictionary attacks essentially worthless for compromising the login credentials.

Which Two-factor authentication methods are available at which exchanges?
 - http://bitcoin.stackexchange.com/a/4114/153
I know right? But for whatever rediculos reason, People feel that its not neccessary, Even with all the theft happening
http://bitcoin-otc.com/viewratingdetail.php?nick=DingoRabiit&sign=ANY&type=RECV <-My Ratings
https://bitcointalk.org/index.php?topic=857670.0 GAWminers and associated things are not to be trusted, Especially the "mineral" exchange
Pages: [1]
  Print  
Bitcoin Forum > Other > Off-topic > The dictionary attack
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!