Bitcoin Forum
June 25, 2017, 07:14:32 AM *
News: Latest stable version of Bitcoin Core: 0.14.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Recreating Mt. Gox password hash from password plus salt  (Read 1242 times)
brendio
Hero Member
*****
Offline Offline

Activity: 518


Firstbits: 1Brendio


View Profile
June 23, 2011, 01:58:28 PM
 #1

I changed my Mt. Gox password after hearing about people's accounts being hacked from one I use on other sites to a keepass generated one. I'm starting to educate myself on password security. I'm trying to find out whether the password database hacked from Mt. Gox has my old password or my new one in it. Does anyone know the exact algorithm that was used to apply the salt? I've tried various online MD5 converters but have been unable to recreate the hash listed in the leaked DB.

Obviously, if the hash is listed as $1$saltsalt$hashedhash it's not as simple as doing an md5 conversion on passwordsaltsalt to get the hash.

As I understand, the salt could be apply in various ways, such as saltsaltpassword or some other combination. Does anyone know how Mt. Gox did it?

1498374872
Hero Member
*
Offline Offline

Posts: 1498374872

View Profile Personal Message (Offline)

Ignore
1498374872
Reply with quote  #2

1498374872
Report to moderator
1498374872
Hero Member
*
Offline Offline

Posts: 1498374872

View Profile Personal Message (Offline)

Ignore
1498374872
Reply with quote  #2

1498374872
Report to moderator
1498374872
Hero Member
*
Offline Offline

Posts: 1498374872

View Profile Personal Message (Offline)

Ignore
1498374872
Reply with quote  #2

1498374872
Report to moderator
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin-Qt, which will follow the rules of the network no matter what miners do. Even if every miner decided to create 1000 bitcoins per block, full nodes would stick to the rules and reject those blocks.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
brendio
Hero Member
*****
Offline Offline

Activity: 518


Firstbits: 1Brendio


View Profile
June 23, 2011, 04:50:33 PM
 #2

No worries, I can answer my own question. A bit more digging and reading came up with this website for calculating MD5 hashes with salt: http://www.insidepro.com/hashes.php?lang=eng

It computes out with my changed (strong and unique) password in the database.

jjiimm_64
Legendary
*
Offline Offline

Activity: 1792


View Profile
June 23, 2011, 06:43:03 PM
 #3


I still have yet to see a link to the csv file..  can someone please provide it

1jimbitm6hAKTjKX4qurCNQubbnk2YsFw
hello_good_sir
Sr. Member
****
Offline Offline

Activity: 395


View Profile
June 23, 2011, 10:36:37 PM
 #4

When you try to claim your account you have to get the password correct.  I kept trying the wrong one.  Eventually I tried a different password and it worked.  So if you can make a claim then you have your password correct.

brendio
Hero Member
*****
Offline Offline

Activity: 518


Firstbits: 1Brendio


View Profile
June 23, 2011, 11:27:35 PM
 #5

Yeah, I knew what my password was. I just wasn't sure at what stage the csv had been taken. It was advertised for sale as being less than a day old, a few days ago.

AngstHase
Jr. Member
*
Offline Offline

Activity: 35


View Profile
June 23, 2011, 11:39:25 PM
 #6

Its MD5(Unix). Also known as FreeBSD MD5.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!