It's Official Mt.Gox Database Leaked :(

[Crs]

61020 accounts.
password hash (FreeBSD MD5 [32/32]
Anonymity...

[1715118375]

1715118375

[1715118375]

1715118375

[1715118375]

1715118375

[1715118375]

1715118375

[1715118375]

1715118375

[Jarredm]

So does anyone know if the salt was also compromised?  I am in the list and I can confirm that the password column isn't a straight MD5 hash from my password.  However, if the salt has been exposed then it's the same thing as not using one...  

[makomk]

"UPDATE REGARDING LEAKED ACCOUNT INFORMATIONS

We will address this issue too and prevent logins from each users. Leaked information includes username, email and hashed password, which does not allow anyone to get to the actual password, should it be complex enough. If you used a simple password you will not be able to login on Mt.Gox until you change your password to something more secure. If you used the same password on different places, it is recommended to change it as soon as possible."

This isn't good ...

Bear in mind that anything shorter than 8 characters isn't "complex enough" these days, and your password will probably already have been cracked if it is shorter than that. GPUs are very fast at cracking password hashes, even salted ones, and the Bitcoin mining community has a lot of compute power.

[nodemaster]

@grue
yes i took a look.

thought about someone here having access to sufficient rainbow tables to find out my pw in seconds

Dude, if you are looking for people with a hell lot of computing power you are in the right community 

[sturle]

https://rapidshare.com/#!download|359tg2|1969319443|accounts.csv|4023

I checked my own password there.  It is real, and it is an old one.  I changed it a few days ago, and this is the previous one.  Which means the data has been out for a while.

You can check your own password by giving this line to perl:

Code:

print('password', '$1$salt');

where password is your password and salt is the characters between $1$ and the next $ in your encrypted passord.  If the result matches the entire encrypted password, your password is there and it's real.  If only the part between $1$ and $ matches, the password is wrong.  If everything is far off and not even the salt matches, you did something wrong.

[sturle]

thought about someone here having access to sufficient rainbow tables to find out my pw in seconds

Rainbow tables will not help in this case, because the passwords are properly salted.  But I'm sure you'll find a lot wit a decent wordlist or a character frequency search.  (Brute force taking most common characters in passwords into account.)

[Yeti]

Yup. Confirmed. If you got PHP, give this a try:

Code:

php -r "echo crypt('yourpassword', '\$1\$thesaltfromthelist\$');"

Doesn't hurt to paste the whole salted hash as the 2nd parameter.

[dooglus]

You can check your own password by giving this line to perl:

Code:

print('password', '$1$salt');

where password is your password and salt is the characters between $1$ and the next $ in your encrypted passord.

I think you typo'ed that.

My line in the accounts file is:

Code:

1449,dooglus,dooglus@gmail.com,$1$WFHWAF9p$T/WxZez30/WCigLRwB2eQ/

and to check my password, I do this in Perl:

Code:

print(crypt('myguess', '$1$WFHWAF9p'));

That comes back with '$1$WFHWAF9p$mQTG1Teo6ojeuyXRYN7Na.' and so my password isn't 'myguess'.

[bullox]

However, if the salt has been exposed then it's the same thing as not using one...  

That's not how salts work. The point is that an attacker can do a lot of effort in advance to generate a massive rainbow table containing the hashes of a large set of possible passwords (or in practice, simply pay for access to such a service).

By adding a random nonce (i.e. the salt) to passwords before hashing them, you force the attacker to include all possible nonce values in those passwords. For each extra bit in the nonce, you double the size the rainbow table, quickly making it infeasible to generate one.

So even if the salt is public, it will still do its job in preventing the use of rainbow tables. The attacker will be forced to brute-force by trying all possible passwords in combination with a given nonce just to crack a single password hash.

And the avergae bitcoin enthusiast has a plethora of brute force power available to them.      Sorry everyone who used mtgox but you should really be not on this forum and out changing pw at every single site that you have ever used even 1 of the items in that database (username, email, or password)

[JBDive]

I think the point should be made that Mt.Gox was not upfront in saying the username database had been stolen. The single account that was hacked or used is one thing but the release of 61k accounts with or without the password hash being crackable shows a real security concern with the site.

Second this is a goldmine for the IRS as the value of Bitcoins has increased and those who have been trading or hording from the first days and have made a profit must realize income is income to the IRS (US, you insert your own country) and sooner or later it will draw their attention. Now instead of them having to subpoena a server owner in some foreign country they can just subpoena Google for all those GMail accounts listed. Once they start that fishing they won't stop which makes me curious about the username order in the leaked file. If I was in the first 200 and one was to assume the order is oldest to newest and one must also assume the oldest have gained the most, well I might be double checking my tracks for emails related to profit, sales, etc.

For those with business email addresses listed I also would not assume your bosses won't get this list and if your using company resources for mining or anything else I would cover those tracts pretty fast too.

[tabshift]

It would still be a fishing expedition. I have had a MtGox account for months but I never used their platform for a single trade.

I think the point should be made that Mt.Gox was not upfront in saying the username database had been stolen. The single account that was hacked or used is one thing but the release of 61k accounts with or without the password hash being crackable shows a real security concern with the site.

Second this is a goldmine for the IRS as the value of Bitcoins has increased and those who have been trading or hording from the first days and have made a profit must realize income is income to the IRS (US, you insert your own country) and sooner or later it will draw their attention. Now instead of them having to subpoena a server owner in some foreign country they can just subpoena Google for all those GMail accounts listed. Once they start that fishing they won't stop which makes me curious about the username order in the leaked file. If I was in the first 200 and one was to assume the order is oldest to newest and one must also assume the oldest have gained the most, well I might be double checking my tracks for emails related to profit, sales, etc.

For those with business email addresses listed I also would not assume your bosses won't get this list and if your using company resources for mining or anything else I would cover those tracts pretty fast too.

[Jarredm]

However, if the salt has been exposed then it's the same thing as not using one...  

That's not how salts work. The point is that an attacker can do a lot of effort in advance to generate a massive rainbow table containing the hashes of a large set of possible passwords (or in practice, simply pay for access to such a service).

By adding a random nonce (i.e. the salt) to passwords before hashing them, you force the attacker to include all possible nonce values in those passwords. For each extra bit in the nonce, you double the size the rainbow table, quickly making it infeasible to generate one.

So even if the salt is public, it will still do its job in preventing the use of rainbow tables. The attacker will be forced to brute-force by trying all possible passwords in combination with a given nonce just to crack a single password hash.

If that's the case then salting can/should be improved.  I believe that the more secure method would be to keep a lengthy pseudo-random salt a secret, in a datastore that is physically separated from the application DB.  You begin by hashing the user's password with a well known algorithm.  That output will then be hashed again with the pseudo-random salt added to it.  By doing this you would force the attacker to guess at (or create rainbow tables) for not just the password but for each password they would then need to build a table for that output plus each guess at the salt. 

If the salt is long, pseudo-random, and unknown then it would seem that this would be more secure.  Keeping the salt in a separate datastore where only the logon provider has access to it would thereby make it more difficult for an attacker to gain access to the salt.  Even if they gain access to the computer hash outputs.

My thoughts, perhaps they are wrong...

[tymothy]

The time for anything to crack a 15+ character letter/number non-dictionary password by brute-force is pretty much never at current computing speeds, am I correct?

[JBDive]

The IRS goes fishing daily and never comes home without a catch. Anyone who has been under their spyglass will tell you it doesn't matter if they find anything or not (and they will), it's the anal probe you get in the meantime that smarts.

It would still be a fishing expedition. I have had a MtGox account for months but I never used their platform for a single trade.

I think the point should be made that Mt.Gox was not upfront in saying the username database had been stolen. The single account that was hacked or used is one thing but the release of 61k accounts with or without the password hash being crackable shows a real security concern with the site.

Second this is a goldmine for the IRS as the value of Bitcoins has increased and those who have been trading or hording from the first days and have made a profit must realize income is income to the IRS (US, you insert your own country) and sooner or later it will draw their attention. Now instead of them having to subpoena a server owner in some foreign country they can just subpoena Google for all those GMail accounts listed. Once they start that fishing they won't stop which makes me curious about the username order in the leaked file. If I was in the first 200 and one was to assume the order is oldest to newest and one must also assume the oldest have gained the most, well I might be double checking my tracks for emails related to profit, sales, etc.

For those with business email addresses listed I also would not assume your bosses won't get this list and if your using company resources for mining or anything else I would cover those tracts pretty fast too.

[JBDive]

Appears Mt.Gox has come clean with the problem or hack pathway. He has also explained why only some passwords have been found to be plain text or crackable vs. the salted hashed passwords although he appears to be cranking up the strength of those hashes now.