Bitcoin Forum
December 10, 2016, 08:50:14 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Recreating Mt. Gox password hash from password plus salt  (Read 1204 times)
brendio
Hero Member
*****
Offline Offline

Activity: 518


Firstbits: 1Brendio


View Profile
June 23, 2011, 01:58:28 PM
 #1

I changed my Mt. Gox password after hearing about people's accounts being hacked from one I use on other sites to a keepass generated one. I'm starting to educate myself on password security. I'm trying to find out whether the password database hacked from Mt. Gox has my old password or my new one in it. Does anyone know the exact algorithm that was used to apply the salt? I've tried various online MD5 converters but have been unable to recreate the hash listed in the leaked DB.

Obviously, if the hash is listed as $1$saltsalt$hashedhash it's not as simple as doing an md5 conversion on passwordsaltsalt to get the hash.

As I understand, the salt could be apply in various ways, such as saltsaltpassword or some other combination. Does anyone know how Mt. Gox did it?

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481403014
Hero Member
*
Offline Offline

Posts: 1481403014

View Profile Personal Message (Offline)

Ignore
1481403014
Reply with quote  #2

1481403014
Report to moderator
brendio
Hero Member
*****
Offline Offline

Activity: 518


Firstbits: 1Brendio


View Profile
June 23, 2011, 04:50:33 PM
 #2

No worries, I can answer my own question. A bit more digging and reading came up with this website for calculating MD5 hashes with salt: http://www.insidepro.com/hashes.php?lang=eng

It computes out with my changed (strong and unique) password in the database.

jjiimm_64
Legendary
*
Offline Offline

Activity: 1680


View Profile
June 23, 2011, 06:43:03 PM
 #3


I still have yet to see a link to the csv file..  can someone please provide it

1jimbitm6hAKTjKX4qurCNQubbnk2YsFw
hello_good_sir
Sr. Member
****
Offline Offline

Activity: 246


View Profile
June 23, 2011, 10:36:37 PM
 #4

When you try to claim your account you have to get the password correct.  I kept trying the wrong one.  Eventually I tried a different password and it worked.  So if you can make a claim then you have your password correct.

Want to buy a 2004 Ford Taurus with bitcoin?  I live in Maryland.  Send me a private message if interested.
brendio
Hero Member
*****
Offline Offline

Activity: 518


Firstbits: 1Brendio


View Profile
June 23, 2011, 11:27:35 PM
 #5

Yeah, I knew what my password was. I just wasn't sure at what stage the csv had been taken. It was advertised for sale as being less than a day old, a few days ago.

AngstHase
Jr. Member
*
Offline Offline

Activity: 31


View Profile
June 23, 2011, 11:39:25 PM
 #6

Its MD5(Unix). Also known as FreeBSD MD5.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!