I changed my Mt. Gox password after hearing about people's accounts being hacked from one I use on other sites to a keepass generated one. I'm starting to educate myself on password security. I'm trying to find out whether the password database hacked from Mt. Gox has my old password or my new one in it. Does anyone know the exact algorithm that was used to apply the salt? I've tried various online MD5 converters but have been unable to recreate the hash listed in the leaked DB.
Obviously, if the hash is listed as $1$saltsalt$hashedhash it's not as simple as doing an md5 conversion on passwordsaltsalt to get the hash.
As I understand, the salt could be apply in various ways, such as saltsaltpassword or some other combination. Does anyone know how Mt. Gox did it?