FBI has your BTC-e password hash and 2FA codes!

[tjweb]

FBI can use this hash to find out your password and crack your account at another exchanges and websites!

Also they have your e-mail address. You may consider changing it or securing it!They may try to crack it!

Do not reuse your password!

If BTC-e become operational again you have some chance to withdraw funds before FBI to crack the new BTC-e website!

[Fatunad]

FBI can use this hash to find out your password and crack your account at another exchanges and websites!

Also they have your e-mail address. You may consider changing it or securing it!They may try to crack it!

Do not reuse your password!

If BTC-e become operational again you have some chance to withdraw funds before FBI to crack the new BTC-e website!

Source?

I think its not possible since passwords cant really be crack easily i strongly believe on that no matter what information that they do have. I doubt that BTC-e wont comeback even if they are already giving some words that they would make a refund on this september. If they would really made those promise come true then i would really be amazed for a certain exchanged has fallen then comesback again.

[CryptonomyCapital]

Whatever it was, i've got the keys of my main wallet in "cold storage", so i don't even think of a possability of crack.

[peloso]

even it not true the paswords mustn't to be same

[tjweb]

FBI seized the server with the database. The password hashes and the 2FA codes are recorded there.

It will be very hard for BTC-e to verify that genuine users are trying to access their account, not FBI/NSA or other 3 letter American agency.

Maybe they will send verification codes to the e-mail, ask for cryptographic proof about user's addressees, etc.

Only genuine user can create signed message with his private key corresponding to the public key where the user is sending/receiving coins.

[BrewMaster]

a password hash is not as easily broken as you may think. it is called an irreversible hash function for a reason!
this means if btc-e used a proper way to save the password and hashed them properly using salt,... then it is impossible to crack them.

[tjweb]

The salt is also on the database. And it's trivial to crack such passwords, because they are hashed with a weak hash function (because it is not practical to waste the CPU power of the server).

[BrewMaster]

The salt is also on the database. And it's trivial to crack such passwords, because they are hashed with a weak hash function (because it is not practical to waste the CPU power of the server).

ok, i am no expert here but there is no way you can reverse a hash result, and hash of the passwords are saved on the server, when you log in the system hashes your input and checks the two hashes against each other if it is the same you can log in if not it says "wrong password".

that is why in recovery they reset your password they can never tell you what it was.

and here is a challenge:
this is the sha1 hash of my bitcointalk password, have fun hacking my Hero Member account:

Code:

83c3f71b00dc91a9a4864ccdbbe54213eddf548f

[psycodad]

and here is a challenge:
this is the sha1 hash of my bitcointalk password, have fun hacking my Hero Member account:

*snip*

Not quoting, coz if this checksum is not salted it might have been a very bad idea to post it.

[btc78]

a password hash is not as easily broken as you may think. it is called an irreversible hash function for a reason!
this means if btc-e used a proper way to save the password and hashed them properly using salt,... then it is impossible to crack them.

In reality decrypting a large SHA-1 hash is nearly impossible. But since SHA-1 maps several byte sequences to one, you can't "decrypt" a hash, but in theory you can find collisions: strings that have the same hash. IMHO.

[BrewMaster]

and here is a challenge:
this is the sha1 hash of my bitcointalk password, have fun hacking my Hero Member account:

*snip*

Not quoting, coz if this checksum is not salted it might have been a very bad idea to post it.

first of all its just an account
secondly the point is you can NOT reverse it to find my real password which is long and hard AF!
this is the crappy old SHA1 we are talking about.

a password hash is not as easily broken as you may think. it is called an irreversible hash function for a reason!
this means if btc-e used a proper way to save the password and hashed them properly using salt,... then it is impossible to crack them.

In reality decrypting a large SHA-1 hash is nearly impossible. But since SHA-1 maps several byte sequences to one, you can't "decrypt" a hash, but in theory you can find collisions: strings that have the same hash. IMHO.

collision is no longer "in theory" google already successfully produces a collision with SHA1 and it took them about 2^63.1 SHA1 evaluations and it is about 110 years of single GPU calculation.
but it has nothing to do with "reversing and finding the password" someone with that much computation power can only reproduce the same hash as my original password have fun holding the same hash for another string for no reason

[Vishnu.Reang]

I didn't had 2FA enabled with my BTC-e account. And the password was also unique. So it seems like I don't need to worry about it. Even if the FBI is having my password and my email ID, what they are going to do with it?

[keithers]

This is definitely not good news if it is 100% true.   I always expected BTC-E would have some problems at some point, because they always seemed to be operating in the shadows.  No one really knew who ran the site...support was sometimes good, sometimes sketchy.

I used to use it to trade between bitcoin and litecoin and back again, but I never kept coins on the site for any length of time.   My buddy bought like 1000 LTC when it was at like $25 a few years ago, and I kept telling him to get the coins off of there every day.   Luckily he finally listened a month prior to this whole fiasco taking place. 

[Quantus]

The US government has the largest and most power fullest password cracking hardware in the world. If they have your Hash and the 2fa codes then they can crack your password in a matter of minutes.

[RedditMaster]

FBI can use this hash to find out your password and crack your account at another exchanges and websites!

Also they have your e-mail address. You may consider changing it or securing it!They may try to crack it!

Do not reuse your password!

If BTC-e become operational again you have some chance to withdraw funds before FBI to crack the new BTC-e website!

The FBI could easily hack into anything it wants at any time. The NSA actually has the power the hack the president, let alone the general public... Google it if you don't believe me!

[BillyBobZorton]

FBI can use this hash to find out your password and crack your account at another exchanges and websites!

Also they have your e-mail address. You may consider changing it or securing it!They may try to crack it!

Do not reuse your password!

If BTC-e become operational again you have some chance to withdraw funds before FBI to crack the new BTC-e website!

Source?

I think its not possible since passwords cant really be crack easily i strongly believe on that no matter what information that they do have. I doubt that BTC-e wont comeback even if they are already giving some words that they would make a refund on this september. If they would really made those promise come true then i would really be amazed for a certain exchanged has fallen then comesback again.

Even if it was not official, you have to assume that the FBI got your email and password, and now who knows what they will do with it.

Im always scared to use exchanges in general because I don't know who is running it, I don't know what the owners will do with my data, I don't know if they will sell my ID, or if they will get hacked and they will try to dox you etc.. that is why I try to remain anonymous when dealing with exchanges. It's safe to assume everyone you deal with in the bitcoin world and in general on the internet is a scammer by default, so take the appropriate measures to not lose your money and privacy.

[brampower]

I didn't had 2FA enabled with my BTC-e account. And the password was also unique. So it seems like I don't need to worry about it. Even if the FBI is having my password and my email ID, what they are going to do with it?

If you were not holding any coins in the exchange then there is nothing to worry about it, i am not sure how secure the site was and since they are an exchange i am pretty sure they might have done a good job to secure the database,so even if they had the database it is not that easy to crack those passwords.

[psycodad]

and here is a challenge:
this is the sha1 hash of my bitcointalk password, have fun hacking my Hero Member account:

*snip*

Not quoting, coz if this checksum is not salted it might have been a very bad idea to post it.

first of all its just an account
secondly the point is you can NOT reverse it to find my real password which is long and hard AF!
this is the crappy old SHA1 we are talking about.

That's certainly a good thinking that it's only a bloody account at the end.
However I was not suggesting that SHA1 is reversable/breakable now, but hinting you that there are huge rainbow tables out there that could already contain your SHA1 hash posted above (especially, if not salted).

[tjweb]

I suppose the attacker will use dictionary attack first.

This is why you should use random passwords like

Code:

fxjStLbiClmqlrEHbFOd5CGH07AmZkVk5tvjVPB2SfK2ukVNToAS8VP8G6bOx

or

Code:

,dtS7?{$a<bIjv'^d3-Jbl85z8kvgg=MEu-9Qp2,pe+KaUL%GT/

And not words like

Code:

correct horse battery staple

Those with random passwords are relatively more secure.

The three-letter-agencies have access to your public cryptocurrency addresses.