How to check MtGox Hashdump for your password?

[Xer0]

I read about a perl command line, which creates the salted hash with a given password.

does anyone rember?

forget which key i used on a 2nd mtgox account, would like to check if it was one of my important or less importand passwords, so i know if i need to change them anywhere else.

[1715153991]

1715153991

[1715153991]

1715153991

[noclip]

On a linux system:

echo yourpassword | sha1sum

But I think unless you used a really, really, really good password (20+ characters alpha, numeric, specials) it's in all the rainbow tables and is completely compromised.

[Xer0]

Thats not the one. its sometgin with perl and you inser your salt from beween $1$...$ there!

I am no doupting if it is easy enough to be cracked, i just want to check which one i used on the account!
because it could be that i used exactly the harder one like on the email i used there = problem
or i used my default easy i-dont-care-just-creating-test-account one. than i just say srew that...

[noclip]

$1$ means it's using MD5. Use the crypt command.

[Xer0]

any way without setting up apache? have windows and a linux vserver for use

basically i just want to take the salt from my line in the csv, then try some of the passwords i mostly use.

[GGAshwood]

Yep -- found my username and e-mail address on the .csv
Rule number one: use a unique password for every web site you use -- especially e-commerce sites of any kind
Rule number two: sixteen characters or more, mixed upper/lowercase/numbers/symbols
Rule number three: change them frequently

My MtGOX password was exclusive to MtGOX, and followed the above rules. Expected this to happen on at least one site on which I trade securities sooner rather than later.

Life goes on.

[Xer0]

I dont know how people manage to remember dozens of different long passwords.
i mostly cant even learn a new pin for my bank card so i have to laser code them on the cards...

but i got it with the .php method on my webspace, it was to my luck not the most important one

[861362]

I dont know how people manage to remember dozens of different long passwords.

http://lastpass.com/

[rcsheets]

I dont know how people manage to remember dozens of different long passwords.

• KeePass
• Password Safe

I'm sure there are others.

[rcsheets]

any way without setting up apache? have windows and a linux vserver for use

basically i just want to take the salt from my line in the csv, then try some of the passwords i mostly use.

If you were, for example, the first line in the file:

Code:

1,jed,jed@thefarwilds.com,$1$E1xAsgR1$vPt0d/L3f81Ys3SxJ7rIh/

Use the following command on practically any linux box (all you need is openssl installed):

Code:

$ openssl passwd -1 -salt E1xAsgR1

You will then be prompted for the password and shown the full salted-hash value. Repeat as necessary.

[Xer0]

I dont know how people manage to remember dozens of different long passwords.

• KeePass
• Password Safe

I'm sure there are others.

The problem is, it's like a sheet of paper hidden at home: you cant take it anyway with your.
Like beein in the university or publich computers, where you cant even run your soft from usb key

[Tasty Champa]

spread this around so all the exchanges will take note.

http://www.golubev.com/hashgpu.htm



it uses the same hardware we are mining with.

[throwaway-m1tya2]

I don't remember my mtgox password either.

I'm not having much luck with ihashgpu.
It wants a HEX input for the pass, but the password hash is stored as something like base64. I say "something like" because the hashes are not stored in standard base64.

How do you get it to handle salted passwords of the form: $1$E1xAsgR1$vPt0d/L3f81Ys3SxJ7rIh ?

[Tasty Champa]

i have no idea, but there was a thread last night linking to this forum that probably would know:
http://forum.insidepro.com/viewtopic.php?t=9124&postdays=0&postorder=asc&start=75&sid=1a9e31567fe815c0eea63c40c39fb707

[Freakin]

So I found out I'm in the latest lulzsec release due to an old account on hackforums.net which they dumped teh whole DB from

Can anyone help me validate my hash/salt with possible passwords? 

A given entry from the db leak is


,(69593, '[REDACTED]', 'eace3bb282ccf8e94c3deecca34387cd', 'Nc35cumy', 'jqU7rP8f72wSyaluRJWvASydPueY8pyGnIWHUTgQB4iAT1PVdb', '[REDACTED]', 7, 0, 0.00, NULL, NULL, NULL, 2, NULL, 0, NULL, 1245380456, 1280737988, 1280736651, 1280731356, NULL, 0, NULL, NULL, NULL, '13-1-1991', 'all', NULL, NULL, 1, 0, 0, 0, 1, 2, 0, 'linear', 1, 1, 1, 1, 0, 0, 0, NULL, NULL, -5, 1, 2, NULL, NULL, 3, 0, 0, 0, NULL, '1**$%%$2**$%%$3**$%%$4**', NULL, 58522, 0, 0, '70.127.62.142', '97.96.9.20', 1633683732, 1182744206, 'english', 28895, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 6, 0, NULL)

password hash is the 3rd entry and salt is the 4th entry, so eace3bb282ccf8e94c3deecca34387cd:Nc35cumy in this example (not my account obv)

I tried using the same perl crypt() script that I used for the Gox leak but it's not outputting a hash in the format I see in the leaked data.

Please help!