Bitcoin Forum
August 22, 2017, 06:57:49 PM *
News: Latest stable version of Bitcoin Core: 0.14.2  [Torrent].
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
Author Topic: Has anyone completed the MtGox verification yet?  (Read 2676 times)
Offline Offline

Activity: 1596

A Great Time to Start Something!

View Profile
June 24, 2011, 05:47:04 AM

I'm curious: how does MtGox know if a user's password was strong enough?

so MtGox employees have access to our passwords??

That was supposed to be automatically verified on part 1 of the claim form 2 days ago, which is why I've been saying everyone with a strong password should have already been verified by now.

What are they really doing?

Hero Member
Offline Offline

Posts: 1503428269

View Profile Personal Message (Offline)

Reply with quote  #2

Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Hero Member
Offline Offline

Activity: 560

View Profile
June 24, 2011, 08:33:12 AM

Sweet, got my account verified about 2 hours ago. So judge where you stand based on when your request was and the rate they are acceptng requests (based on OP and myself).

   ▄█████▀       ▀█████▄
 ▄████▀             ▀████▄
 ███▀                 ▀███▄
███▀   █████████████   ▀███
███    ▀▀▀▀▀███▀▀▀▀▀    ███
███         ███         ███
███▄        ███        ████
▀███▄       ███       ▄███▀
 ▀████▄     ▀▀▀     ▄████▀
   ▀█████▄▄     ▄▄█████▀

     ▄      ▐████   ▄▄
   █████     ██████████
██████████     ▀████
 ▀▀   █████     ██████████
   ██████████▀    ▐████
    ▀▀▀  ████▌     ▀▀▀

██████████ ▀████████████
██████████    ▀█████████
██████████    ▄█████████
██████████ ▄████████████

                 ▄████▄▄    ▄
██             ████████████▀
████▄         █████████████▀
▀████████▄▄   █████████████

  ▄██▄▄                ▄▄██▄
█████▀                  ▀█████▌
████    ███▄      ▄███    ████▌
████   ▐████      ████▌   ████
 ███    ▀██▀      ▀██▀    ███▀
  ▀██▄                  ▄██▀

Sr. Member
Offline Offline

Activity: 251

View Profile
June 24, 2011, 08:42:15 AM

Got my account verified today after 3 days.

My Blog at | « O Fortuna,velut Luna statu variabilis, semper crescis aut decrescis »
Full Member
Offline Offline

Activity: 168

View Profile
June 24, 2011, 09:24:46 AM

My request failed Sad

But I think I put my name not my bank's name, do'h

Offline Offline

Activity: 112

View Profile
June 24, 2011, 09:43:28 AM

I'm curious: how does MtGox know if a user's password was strong enough?

so MtGox employees have access to our passwords??

Some MtGox employee might have access to your password, it depends on how the site is designed, anyhow there are ways to compute the password complexity even after it has been hashed (depending on hash)
Full Member
Offline Offline

Activity: 150

View Profile
June 24, 2011, 10:00:08 AM

got rejected, provided more proof and waiting for news now ...

edit: finally got accepted, phew ...
Alex Beckenham
Full Member
Offline Offline

Activity: 154

View Profile
June 24, 2011, 10:02:41 AM

For people who are still waiting, make sure you keep an eye on your junk mail folder... my (acceptance) email landed there, even though previous Mt Gox emails made it to my inbox.

Hero Member
Offline Offline

Activity: 758

(👁 ͜ʖ👁) Hello there!

View Profile
June 24, 2011, 12:07:00 PM

Made it, just gotta wait now for it to open.

[̲̅$̲̅(̲̅ ͡° ͜ʖ ͡°̲̅)̲̅$̲̅] From time to time i exchange e-currencies/trade like Skrill>Paypal>Remittances>Pokerstars>Amazon GC>PaySafecard to Bitcoin. [̲̅$̲̅(̲̅ ͡° ͜ʖ ͡°̲̅)̲̅$̲̅]
Full Member
Offline Offline

Activity: 126

View Profile
June 24, 2011, 02:56:12 PM

Had email awaiting from Mt. Gox when I logged on this morning.  Went to the URL; my claim has been accepted.  So yes, they're restoring accounts, albeit fairly slowly.
Full Member
Offline Offline

Activity: 140

<Pretentious and poorly thought out latin phrase>

View Profile
June 24, 2011, 08:39:39 PM

I'm curious: how does MtGox know if a user's password was strong enough?

so MtGox employees have access to our passwords??

Some employees will definitely have the capability to access to the encrypted hash.  So if you downloaded the password file (like I did) which was circulating around the net.  You would see things like

<some username> <some email address>  <hashed password>

Something like this:

mobydib $1$0uu.XEh9$MT8XIHVdVGjlXyP/ezHhx1

The last part is the hash entry.  It's made of three parts:  The hash type, the salt and the hashed password itself.  These parts are all separated by the $ sign.

With this information, a nefarious person could attempt a brute force attack on your password to determine what it is.  In other words they can compute the hash for each password.   When they find one that produces a hash that matches the hash in the password file.  Then they know your password**

Ok, so when you talk about password 'strength'.  We are talking about the probability that the password can be discovered***.  This could include things as simple as someone guessing your password or using your GPU to compute password hashes.   So what's the best way to avoid someone guessing your password?  Well, to frame the question a little better it's worth noting that if you give a smart person a large enough amount of time they will guess your password regardless****.   So what you really want is the way to give them the worst chance of guessing your password.   In other words you want a password where the guesser has no better than average probability of guessing it.   In other words you want a random password.  On top of that we want to make sure that we don't give our guesser any "shortcuts".  For example by making our password short they don't have to guess long passwords.   By making the password only contain letters the attacker doesn't have to guess numbers.  The more permutations we force our attacker to try the more 'uncertainty' is in our random password.  In information theory we call this "entropy".

When Mt. Gox or any site asks you to enter a password and gives you some kind of feedback on it's 'strength'.   They are usually applying one of a few different entropy models which take into account things like: length, does it contain letters, numbers and punctuation.   They can even be comparing the relative frequency that various letters occur in other peoples passwords (i.e. more 'e's and less 'z's).   They may also be checking if it contains dictionary words which is a good sign it isn't random.  It also can make hashes vulnerable to a 'rainbow table' attack where an attacker pre-computes all possible hashes (for some subset of passwords - like those that contain dictionary words.   In this particular case that kind of attack doesn't work as the 'salt' part of the password file is a randomly generated string which is added to the password before it is hashed.  So even if every person used the same password the hash would be different.

To give you an idea as to how password strength is derived check out:

**Technically this isn't 100% true as a hashing algorithm can (and will) create the same hash for different inputs *BUT* a well constructed hashing algorithm shouldn't do this for anything sufficiently shorter than the hash itself.  Like a password.  In any case if two passwords did create the same hash (we call this a "collision") then either password would work.   So it doesn't matter which one they find.

***Generally speaking we mean "discovered by a stranger"

****Assuming it's not sufficiently long that they wouldn't die before guessing. ;-)

I'm rather good with Linux.  If you're having problems with your mining rig I'll help you out remotely for 0.05.  You can also propose a flat-rate for some particular task.  PM me for details.
Pages: « 1 [2]  All
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!