|
Shinobi (OP)
|
 |
June 19, 2011, 09:48:23 PM |
|
According to @sirus on Twitter: "hacker asking for hash cracks from the mtgox user db since the 16th had access for at least 3 days: http://t.co/c8FEfAu" |
_______ Thinking of using a cheap, yet reliable VPN? Go with PrivateInternetAccess. Not a referral link. Just a satisfied customer! |
|
|
|
|
|
|
|
If you see garbage posts (off-topic, trolling, spam, no point, etc.), use the "report to moderator" links. All reports are investigated, though you will rarely be contacted about your reports.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
Durr
Newbie
 Offline
Activity: 28
Merit: 0
|
|
June 19, 2011, 09:56:03 PM |
|
Sucks for all those that got hacked anyway. It won't get rollbacked 3 days will it? Nope.
|
|
|
|
|
Bit_Happy
Legendary
Offline
Activity: 2100
Merit: 1040
A Great Time to Start Something!
|
|
June 19, 2011, 09:57:44 PM |
|
Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
|
|
|
|
EconomicOracle
Member
Offline
Activity: 71
Merit: 10
I can predict the future! Bitcoin will success!!!!
|
|
June 19, 2011, 09:58:33 PM |
|
So it was George Clooney all along. You'd think he has more money than he needs. But I guess not...
|
GOOOOOOOOOOO BITCOINS!!!!!!!!!!!!!!!
Edit: Oops. Just fixed a typo. It should be GO (like GO TEAM!) and not GOOB
Edit2: Just checked the dictionary and goob is not a word
|
|
|
|
MyFarm
|
|
June 19, 2011, 10:00:08 PM |
|
Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password. They have ALL already been cracked. |
|
|
|
|
detroit
Member
Offline
Activity: 69
Merit: 10
|
|
June 19, 2011, 10:01:59 PM |
|
Where's that?
|
Tradehill.com referral code: TH-R1494
Please consider using it if I've said something useful!
|
|
|
|
dust
|
|
June 19, 2011, 10:03:54 PM |
|
Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password. They have ALL already been cracked. Source? I find this hard to believe. I have only seen a file with around ~400 passwords cracked (only the few that were using unsalted md5) |
|
|
|
proudhon
Legendary
Offline
Activity: 2198
Merit: 1311
|
|
June 19, 2011, 10:04:35 PM |
|
Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password. They have ALL already been cracked. Link to it please. I'd really like to see if they got my password right. |
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
Bit_Happy
Legendary
Offline
Activity: 2100
Merit: 1040
A Great Time to Start Something!
|
|
June 19, 2011, 10:05:23 PM |
|
Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password. They have ALL already been cracked. BS Source? Proof? |
|
|
|
tito13kfm
Newbie
Offline
Activity: 42
Merit: 0
|
|
June 19, 2011, 10:05:47 PM |
|
Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password. They have ALL already been cracked. The vast majority of unsafe passwords are certainly cracked. Not all of them have been. It's simply not feasible to crack mine in any reasonable length of time. |
|
|
|
|
|
speeder
|
|
June 19, 2011, 10:06:45 PM |
|
Someone PMed me my two passwords.
Both were salted, and both were long and a mix of nondict words with numbers.
|
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Uzza
Newbie
Offline
Activity: 35
Merit: 0
|
|
June 19, 2011, 10:25:20 PM
Last edit: June 19, 2011, 11:05:57 PM by Uzza |
|
I find it hard to believe they brute-forced my password, along with all the rest, as it is long and secure.
A good password should be at least 15 alphanumeric characters, which at 1 billion comparisons a seconds takes 7 million years to test all combinations. It would take a humongous amount of computing power to crack that in a few days, even if you split it up amongst tens of millions of machines.
And that's just for one 15 character length password, and each character adds 36 times the number of combinations.
If you're using non-alphanumeric characters, like @,$ etc it takes exponentially longer to crack.
|
|
|
|
|
tito13kfm
Newbie
Offline
Activity: 42
Merit: 0
|
|
June 19, 2011, 10:56:00 PM |
|
The funny/scary part about this. Until 3 days ago my mtgox password was short and easy to crack (9 characters, dict word+numbers). I don't know why I changed it.. I just did. This DB leak is from after that password change. I can verify that my new password + listed salt md5'd is the hash listed.
It had to be from 56 hours ago or sooner. I installed google chrome after the CSRF scare, and the first thing I did with it was change my password. This was exactly 56 hours ago.
|
|
|
|
|
DeiBellum
Newbie
Offline
Activity: 22
Merit: 0
|
|
June 19, 2011, 11:01:06 PM |
|
Well, a 10length password (mix alpha-num-special) @ 33.1 BPS (Billion passwords a second) will take 226 hrs on 1000 machines running my password. ALSO, to get this speed, each machine needs 4 ATI 5970's.
I think mine is safe for a while.
|
|
|
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1024
|
|
June 19, 2011, 11:15:06 PM |
|
Someone PMed me my two passwords.
Both were salted, and both were long and a mix of nondict words with numbers.
This simply isn't possible to have happened because of the leaked password file. If someone found a way to reverse md5_crypt, or the quickly search the keyspace for non-trivial passwords, they would use it to make some real money, or maybe earn their PHD in mathematics. Do you use the same passwords on any other sites? |
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
mr-sk
Member
Offline
Activity: 117
Merit: 10
|
|
June 19, 2011, 11:50:07 PM |
|
This simply isn't possible to have happened because of the leaked password file. If someone found a way to reverse md5_crypt, or the quickly search the keyspace for non-trivial passwords, they would use it to make some real money, or maybe earn their PHD in mathematics.
Do you use the same passwords on any other sites?
If md5 is broke the planet would implode. heh. Yeah, I don't think anyone cracked your one-way hashed number+non-dict password. I call impossible. |
Telegram
|
|
|
SgtSpike
Legendary
Offline
Activity: 1400
Merit: 1005
|
|
June 19, 2011, 11:55:39 PM |
|
Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password. They have ALL already been cracked. I call lies. |
|
|
|
|
|
