Bitcoin Forum
December 06, 2016, 08:19:11 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: How to check MtGox Hashdump for your password?  (Read 3518 times)
Xer0
Hero Member
*****
Offline Offline

Activity: 826


°^°


View Profile
June 20, 2011, 12:03:52 AM
 #1

I read about a perl command line, which creates the salted hash with a given password.

does anyone rember?

forget which key i used on a 2nd mtgox account, would like to check if it was one of my important or less importand passwords, so i know if i need to change them anywhere else.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481012351
Hero Member
*
Offline Offline

Posts: 1481012351

View Profile Personal Message (Offline)

Ignore
1481012351
Reply with quote  #2

1481012351
Report to moderator
noclip
Newbie
*
Offline Offline

Activity: 6


View Profile
June 20, 2011, 12:06:54 AM
 #2

On a linux system:

echo yourpassword | sha1sum

But I think unless you used a really, really, really good password (20+ characters alpha, numeric, specials) it's in all the rainbow tables and is completely compromised.
Xer0
Hero Member
*****
Offline Offline

Activity: 826


°^°


View Profile
June 20, 2011, 12:12:29 AM
 #3

Thats not the one. its sometgin with perl and you inser your salt from beween $1$...$ there!

I am no doupting if it is easy enough to be cracked, i just want to check which one i used on the account!
because it could be that i used exactly the harder one like on the email i used there = problem
or i used my default easy i-dont-care-just-creating-test-account one. than i just say srew that...
noclip
Newbie
*
Offline Offline

Activity: 6


View Profile
June 20, 2011, 12:16:48 AM
 #4

$1$ means it's using MD5. Use the crypt command.
Xer0
Hero Member
*****
Offline Offline

Activity: 826


°^°


View Profile
June 20, 2011, 12:22:03 AM
 #5

any way without setting up apache? have windows and a linux vserver for use

basically i just want to take the salt from my line in the csv, then try some of the passwords i mostly use.
GGAshwood
Newbie
*
Offline Offline

Activity: 1


View Profile
June 20, 2011, 12:45:22 AM
 #6

Yep -- found my username and e-mail address on the .csv
Rule number one: use a unique password for every web site you use -- especially e-commerce sites of any kind
Rule number two: sixteen characters or more, mixed upper/lowercase/numbers/symbols
Rule number three: change them frequently

My MtGOX password was exclusive to MtGOX, and followed the above rules. Expected this to happen on at least one site on which I trade securities sooner rather than later.

Life goes on.
Xer0
Hero Member
*****
Offline Offline

Activity: 826


°^°


View Profile
June 20, 2011, 01:08:10 AM
 #7

I dont know how people manage to remember dozens of different long passwords.
i mostly cant even learn a new pin for my bank card so i have to laser code them on the cards...

but i got it with the .php method on my webspace, it was to my luck not the most important one
861362
Newbie
*
Offline Offline

Activity: 11


View Profile
June 20, 2011, 02:26:42 AM
 #8

I dont know how people manage to remember dozens of different long passwords.
http://lastpass.com/
rcsheets
Newbie
*
Offline Offline

Activity: 9


View Profile
June 20, 2011, 02:43:10 AM
 #9

I dont know how people manage to remember dozens of different long passwords.
I'm sure there are others.
rcsheets
Newbie
*
Offline Offline

Activity: 9


View Profile
June 20, 2011, 02:46:19 AM
 #10

any way without setting up apache? have windows and a linux vserver for use

basically i just want to take the salt from my line in the csv, then try some of the passwords i mostly use.
If you were, for example, the first line in the file:
Code:
1,jed,jed@thefarwilds.com,$1$E1xAsgR1$vPt0d/L3f81Ys3SxJ7rIh/
Use the following command on practically any linux box (all you need is openssl installed):
Code:
$ openssl passwd -1 -salt E1xAsgR1
You will then be prompted for the password and shown the full salted-hash value. Repeat as necessary.
Xer0
Hero Member
*****
Offline Offline

Activity: 826


°^°


View Profile
June 20, 2011, 07:28:50 AM
 #11

I dont know how people manage to remember dozens of different long passwords.
I'm sure there are others.

The problem is, it's like a sheet of paper hidden at home: you cant take it anyway with your.
Like beein in the university or publich computers, where you cant even run your soft from usb key
Tasty Champa
Member
**
Offline Offline

Activity: 84


View Profile
June 20, 2011, 10:15:52 AM
 #12

spread this around so all the exchanges will take note.

http://www.golubev.com/hashgpu.htm



it uses the same hardware we are mining with.
throwaway-m1tya2
Newbie
*
Offline Offline

Activity: 1


View Profile
June 21, 2011, 09:19:43 PM
 #13

I don't remember my mtgox password either.

I'm not having much luck with ihashgpu.
It wants a HEX input for the pass, but the password hash is stored as something like base64. I say "something like" because the hashes are not stored in standard base64.

How do you get it to handle salted passwords of the form: $1$E1xAsgR1$vPt0d/L3f81Ys3SxJ7rIh ?



Tasty Champa
Member
**
Offline Offline

Activity: 84


View Profile
June 22, 2011, 01:22:49 AM
 #14

i have no idea, but there was a thread last night linking to this forum that probably would know:
http://forum.insidepro.com/viewtopic.php?t=9124&postdays=0&postorder=asc&start=75&sid=1a9e31567fe815c0eea63c40c39fb707
Freakin
Full Member
***
Offline Offline

Activity: 140


View Profile
June 27, 2011, 08:10:44 PM
 #15

So I found out I'm in the latest lulzsec release due to an old account on hackforums.net which they dumped teh whole DB from

Can anyone help me validate my hash/salt with possible passwords? 

A given entry from the db leak is


,(69593, '[REDACTED]', 'eace3bb282ccf8e94c3deecca34387cd', 'Nc35cumy', 'jqU7rP8f72wSyaluRJWvASydPueY8pyGnIWHUTgQB4iAT1PVdb', '[REDACTED]', 7, 0, 0.00, NULL, NULL, NULL, 2, NULL, 0, NULL, 1245380456, 1280737988, 1280736651, 1280731356, NULL, 0, NULL, NULL, NULL, '13-1-1991', 'all', NULL, NULL, 1, 0, 0, 0, 1, 2, 0, 'linear', 1, 1, 1, 1, 0, 0, 0, NULL, NULL, -5, 1, 2, NULL, NULL, 3, 0, 0, 0, NULL, '1**$%%$2**$%%$3**$%%$4**', NULL, 58522, 0, 0, '70.127.62.142', '97.96.9.20', 1633683732, 1182744206, 'english', 28895, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 6, 0, NULL)

password hash is the 3rd entry and salt is the 4th entry, so eace3bb282ccf8e94c3deecca34387cd:Nc35cumy in this example (not my account obv)

I tried using the same perl crypt() script that I used for the Gox leak but it's not outputting a hash in the format I see in the leaked data.

Please help! 
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!