Bitcoin Forum
December 07, 2016, 08:39:59 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: use mining rig to crack passwords?  (Read 3974 times)
ricksta
Member
**
Offline Offline

Activity: 77

Co-founder and CEO of CoinFresh.com


View Profile WWW
June 21, 2011, 03:31:05 AM
 #1

So how long would it take to crack those leaked passwords from MtGox? Let's say someone use their mining rig of 5G/Hash for it?

1481143199
Hero Member
*
Offline Offline

Posts: 1481143199

View Profile Personal Message (Offline)

Ignore
1481143199
Reply with quote  #2

1481143199
Report to moderator
1481143199
Hero Member
*
Offline Offline

Posts: 1481143199

View Profile Personal Message (Offline)

Ignore
1481143199
Reply with quote  #2

1481143199
Report to moderator
1481143199
Hero Member
*
Offline Offline

Posts: 1481143199

View Profile Personal Message (Offline)

Ignore
1481143199
Reply with quote  #2

1481143199
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481143199
Hero Member
*
Offline Offline

Posts: 1481143199

View Profile Personal Message (Offline)

Ignore
1481143199
Reply with quote  #2

1481143199
Report to moderator
1481143199
Hero Member
*
Offline Offline

Posts: 1481143199

View Profile Personal Message (Offline)

Ignore
1481143199
Reply with quote  #2

1481143199
Report to moderator
Tasty Champa
Member
**
Offline Offline

Activity: 84


View Profile
June 21, 2011, 03:39:36 AM
 #2

try it yourself
http://forum.bitcoin.org/index.php?topic=19729.msg249307#msg249307

Quote
spread this around so all the exchanges will take note.

http://www.golubev.com/hashgpu.htm



it uses the same hardware we are mining with.
Nick Carlson
Jr. Member
*
Offline Offline

Activity: 39


View Profile
June 21, 2011, 03:40:02 AM
 #3

This question is impossible to answer definitively. The time it would take to brute force those passwords depends on the strength of the salt. As for the unsalted passwords, many of them were already publicly in rainbow tables.
anewbie
Jr. Member
*
Offline Offline

Activity: 31


View Profile
June 21, 2011, 03:40:02 AM
 #4

You can read about it at

http://www.tomshardware.com/reviews/password-recovery-gpu,2945.html

Then, there are these two

http://www.zdnet.com/blog/hardware/cheap-gpus-are-rendering-strong-passwords-useless/13125

http://www.pcpro.co.uk/blogs/2011/06/01/how-a-cheap-graphics-card-could-crack-your-password-in-under-a-second/

which ultimately are derived from

http://mytechencounters.wordpress.com/2011/04/03/gpu-password-cracking-crack-a-windows-password-using-a-graphic-card/

ElectroGeek007
Member
**
Offline Offline

Activity: 79



View Profile
June 21, 2011, 03:41:24 AM
 #5

Some almost immediately, some would take practically forever. It depends on the strength of the password.

"And what the enemy will see, they will see the flash of our cannons, and they will hear the ringing of our swords, and they will know what we can do! By the sweat of our brow and the strength of our backs and the courage in our hearts! Gentlemen, hoist the colors!"
anewbie
Jr. Member
*
Offline Offline

Activity: 31


View Profile
June 21, 2011, 03:55:03 AM
 #6

The thing to realize is that because the passwords were salted with different salt, except for some of the early ones on the list, a person using a mining rig to hash them can't go against the entire list at once.

Google password salting for more details, but basically, your password had some random characters, called salt, added to them before hashing to make these type of attacks more difficult.  The leaked userid/password db includes the salt, so if someone wanted to target your password and it wasn't 10+ characters with more than just the alphabet, cracking it is possible.

The challenge for the attacker is to know which passwords to hack.  If the leaked db the hacker used included balance data, then it's easy.  You look at who has the largest balance, point a couple of mining rigs at the hashes of the biggest targets and hope that someone had a shorter password.

To me this makes the most sense, and I am doubtful that Kevin was the hacker, if only because I find it hard to believe that someone sophisticated enough to accomplish this hack would be unsophisticated enough to make it easy to find his e-mail address, home address and phone number.  Not that I think the attack necessarily has the hallmarks of real finesse, just that it has enough that I find it hard to believe Kevin was in collusion.

By the same token, I also find it difficult to believe that one or a few users had over 500K bitcoins sitting in their accounts at MtGox, particularly when the 400K transactions that have been discussed were supposed to be MtGox moving stuff around.

But, I've gotten off-topic.  To answer your question, if your password is less than 10+ characters and someone wanted to determine your password, it is probably doable with bitcoin mining equipment.

ricksta
Member
**
Offline Offline

Activity: 77

Co-founder and CEO of CoinFresh.com


View Profile WWW
June 21, 2011, 04:05:54 AM
 #7

Interesting. With all these hacking going on these days on the internet, it makes me wonder really what is secure anymore.

Tasty Champa
Member
**
Offline Offline

Activity: 84


View Profile
June 21, 2011, 04:17:51 AM
 #8

Interesting. With all these hacking going on these days on the internet, it makes me wonder really what is secure anymore.

nothing at all, not even your own mind.
you just have to try thinking securely and roll with the punches.

I guarantee you every thought you have, someone at that very same moment or even earlier is also thinking it.
It's all in what you do with that thought, and most of the time those thoughts are fleeting.
niemivh
Full Member
***
Offline Offline

Activity: 196



View Profile
June 21, 2011, 05:44:19 AM
 #9

Never thought that the world would be just as predicted in the movies:




I'll keep my politics out of your economics if you keep your economics out of my politics.

16LdMA6pCgq9ULrstHmiwwwbGe1BJQyDqr
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!