|
|
|
The trust scores you see are subjective; they will change depending on who you have in your trust list.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
airdata
|
|
June 26, 2011, 06:02:57 AM |
|
some of my favorites.... tupacshakur fuckyoumike tupac_shakur niggernigger n1gger! assrape looking at alot of the password makes me question the demographic of the bitcoin community.
|
|
|
|
Maged
Legendary
Offline
Activity: 1204
Merit: 1015
|
|
June 26, 2011, 06:05:17 AM |
|
Moral of the story: length means nothing if your password is still easy to type
My password isn't on there, and it isn't long at all. But it's hard to type. That said, I expect it to be found in the next few days.
|
|
|
|
haydent
|
|
June 26, 2011, 06:11:58 AM |
|
cheers op
|
2x Gigabyte 6950 OC @ 920/450 w/ ati tray tools (1 shader modded) - 760Mhs on ozco.in 0% fee aus pool btc: 1HS5Brzcsh7XkJn566XYbvfpa2JuBRBdss
|
|
|
datafish
Donator
Full Member
Offline
Activity: 129
Merit: 100
Swimming in a sea of data
|
|
June 26, 2011, 06:20:13 AM |
|
Moral of the story: length means nothing if your password is still easy to type
My password isn't on there, and it isn't long at all. But it's hard to type. That said, I expect it to be found in the next few days.
Same here. Relatively short password but not susceptible to a dictionary attack and containing special characters.
|
|
|
|
Slowpok3
|
|
June 26, 2011, 06:22:30 AM |
|
Moral of the story: length means nothing if your password is still easy to type
My password isn't on there, and it isn't long at all. But it's hard to type. That said, I expect it to be found in the next few days.
can passwords contain characters like.... ¿ ¼ © mine was 13 characters long, so it looks like they only got to 12 characters in length and were almost up to mine
|
|
|
|
SgtSpike
Legendary
Offline
Activity: 1400
Merit: 1005
|
|
June 26, 2011, 06:24:59 AM |
|
some of my favorites.... tupacshakur fuckyoumike tupac_shakur niggernigger n1gger! assrape looking at alot of the password makes me question the demographic of the bitcoin community. LOL, so true... also saw "pooppoop123". Moral of the story: length means nothing if your password is still easy to type
My password isn't on there, and it isn't long at all. But it's hard to type. That said, I expect it to be found in the next few days.
can passwords contain characters like.... ¿ ¼ © mine was 13 characters long, so it looks like they only got to 12 characters in length and were almost up to mine Mine was only 9 chars, and wasn't on that list. Is this only the unsalted pw's?
|
|
|
|
Maged
Legendary
Offline
Activity: 1204
Merit: 1015
|
|
June 26, 2011, 06:35:12 AM |
|
Mine was only 9 chars, and wasn't on that list. Is this only the unsalted pw's? This is including salted passwords. Also, it wasn't a full bruteforce: they looked for common patterns.
|
|
|
|
Findeton
|
|
June 26, 2011, 06:49:33 AM |
|
They got hacked again?
I'm happy now that I withdrew all my remaining bitcoins from Mt Gox.
|
|
|
|
BtcNmcMiner
|
|
June 26, 2011, 06:55:46 AM |
|
Mine was 9 characters long a number and a dictionary word, no capitals or special characters It should have been salted, based on my join date. It is not on that list. Still a good thing I didn't have anything in Mt. Gox though. And the only reason I didn't was, IIRC, they wouldn't let me transfer in less than 1 Btc at a time.
|
|
|
|
SpaceLord
Member
Offline
Activity: 70
Merit: 10
|
|
June 26, 2011, 07:03:45 AM |
|
Mike really is a fucker. God, I hate that guy.
|
|
|
|
Valhalla1
Newbie
Offline
Activity: 51
Merit: 0
|
|
June 26, 2011, 07:04:58 AM |
|
1q2w3e!Q@W#E qwe123QWE!@# interesting that these got cracked, was it salted? looks like it would be more difficult to crack than a lot of the ones on that list
|
|
|
|
julz
Legendary
Offline
Activity: 1092
Merit: 1001
|
|
June 26, 2011, 07:05:58 AM |
|
They got hacked again?
No. *some* of the passwords have been extracted from the *previously* released list of (lightly) encrypted passwords. Everyone should have changed their mtgox passwords by now, and also on other services if they were silly enough to use the same password elsewhere. This is just an interesting exercise in seeing what insecure passwords people tend to use. The shorter, dictionary based passwords are easily cracked. The more complex ones will take time - if anyone can even be bothered. I'm happy now that I withdrew all my remaining bitcoins from Mt Gox.
Fine - be happy. But take a little time to understand what you are being happy about. then again.. maybe too much understanding is not a recipe for happiness... As you were!
|
@electricwings BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
|
|
|
Tasty Champa
Member
Offline
Activity: 84
Merit: 10
|
|
June 26, 2011, 07:10:21 AM |
|
that looks to only go up to 9000, I wouldn't expect it to be complete for a couple months. You also have to assume most of them are throwaway accounts.
|
|
|
|
julz
Legendary
Offline
Activity: 1092
Merit: 1001
|
|
June 26, 2011, 07:11:55 AM |
|
1q2w3e!Q@W#E qwe123QWE!@# interesting that these got cracked, was it salted? looks like it would be more difficult to crack than a lot of the ones on that list It is interesting.. but note that on a standard qwerty keyboard - it's a pattern of 6 keys at the top left.. first unshifted then shifted. Perhaps some wannabe security guru recommended it to a bunch of suckers as an easy way to remember your complicated password?!
|
@electricwings BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
|
|
|
|
d.james
Sr. Member
Offline
Activity: 280
Merit: 250
Firstbits: 12pqwk
|
|
June 26, 2011, 07:31:00 AM |
|
|
You can not roll a BitCoin, but you can rollback some. Roll me back: 1NxMkvbYn8o7kKCWPsnWR4FDvH7L9TJqGG
|
|
|
fcmatt
Legendary
Offline
Activity: 2072
Merit: 1001
|
|
June 26, 2011, 07:46:48 AM |
|
1q2w3e!Q@W#E qwe123QWE!@# interesting that these got cracked, was it salted? looks like it would be more difficult to crack than a lot of the ones on that list It is interesting.. but note that on a standard qwerty keyboard - it's a pattern of 6 keys at the top left.. first unshifted then shifted. Perhaps some wannabe security guru recommended it to a bunch of suckers as an easy way to remember your complicated password?! since the days of john the ripper, the config file for it allows you to put patterns that are commonly used. i assume other password cracking tools are also configurable for such patterns. checking simple patterns on the keyboard are often the first to fall since they are checked for that and dictionary way before the brute force takes place using a-z A-Z 1-0 shift1-0 etc....
|
|
|
|
Paperweight
Jr. Member
Offline
Activity: 41
Merit: 41
|
|
June 26, 2011, 08:30:02 AM |
|
My favorite username and passwords were UserID Username Email Password 12558 hehehe\' 0 0 0)waitfor delay\'0: $1$ldybUNj/$jZ5XJRWM8DsOTM3FU9TyN0 14250 & 39 union select 1 2 3 4 5 6
|
|
|
|
julz
Legendary
Offline
Activity: 1092
Merit: 1001
|
|
June 26, 2011, 08:49:45 AM |
|
My favorite username and passwords were UserID Username Email Password 12558 hehehe\' 0 0 0)waitfor delay\'0: $1$ldybUNj/$jZ5XJRWM8DsOTM3FU9TyN0 14250 & 39 union select 1 2 3 4 5 6
ouch. That's potentially damning for the 'no sql injection attack occurred' line. There are also some script tags in there that I didn't notice before.
|
@electricwings BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
|
|
|
YoYa
|
|
June 26, 2011, 09:02:31 AM |
|
$1$R.8T.bLF$YhKX2D5dSpHvVVpzFrh850:simple $1$o2kS4dDJ$qDn2qVH59DkTUBz07v/F30:123123 $1$NYu3SOH.$8psRMNTS948n1x1gJRtk90:password $1$Y.cNDLc5$F2pvospitYK2yr10Q0Ktq.:computer Hrmmm....you know.....I'm just gonna run out on to the street and leave a hundred dollars on a wall.....but it's okay as I can put this rock on top of it that means it won't be stolen! FFS! My life sucks......you know why my life sucks...because the ocd lil bitch that I am means a new username and password every time....if I walk away from something for more then a few months, que me trying to get my fucking head around what i typed at the time.....beats being raped I suppose
|
|
|
|
wumpus
|
|
June 26, 2011, 09:07:31 AM |
|
ouch. That's potentially damning for the 'no sql injection attack occurred' line. There are also some script tags in there that I didn't notice before.
Not really. The records with those names were inserted succesfully, which means that no succesful sql injection happened. At least there...
|
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
|
|
|
Findeton
|
|
June 26, 2011, 09:22:22 AM |
|
Fine - be happy. But take a little time to understand what you are being happy about. then again.. maybe too much understanding is not a recipe for happiness... As you were!
I won't use Mt Gox again, they'll have to earn my trust back.
|
|
|
|
elements
|
|
June 26, 2011, 10:01:28 AM |
|
Lol there are really interesting passwords among them: - 12345 - aaaaaa - bbbbb - asdasd ROFL But the list also reveals the nerdy nature of bitcoin: several times: mutter (german for mother) several times: schach (german for chess) Although I think it is quite possible that the same person opened more than one account and reused the password...but anyway Could be Hollowitz from the big bang theory
|
»A common mistake that people make when trying to design something completely foolproof was to underestimate the ingenuity of complete fools.« - Douglas Adams Use the trusted German Bitcoin exchange: https://www.bitcoin.de/de/r/5wcwtsTips & donations: BTC : 1MAQYNLp2VJ9wWhPYg5BnrbUGzdhGXopZw | CGB: 5bgQivyHJcSWTgvLfVW87Zj23M7mcFCVBF
|
|
|
holgero
Newbie
Offline
Activity: 21
Merit: 0
|
|
June 26, 2011, 10:28:10 AM |
|
Moral of the story: length means nothing if your password is still easy to type ...
Uhm, then why are all cracked passwords in the list at most 12 characters long?
|
|
|
|
Findeton
|
|
June 26, 2011, 10:31:55 AM |
|
My old password isn't there, I checked.
|
|
|
|
julz
Legendary
Offline
Activity: 1092
Merit: 1001
|
|
June 26, 2011, 10:36:33 AM |
|
ouch. That's potentially damning for the 'no sql injection attack occurred' line. There are also some script tags in there that I didn't notice before.
Not really. The records with those names were inserted succesfully, which means that no succesful sql injection happened. At least there... Oh yeah.. Makes sense!
|
@electricwings BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
|
|
|
julz
Legendary
Offline
Activity: 1092
Merit: 1001
|
|
June 26, 2011, 10:41:13 AM |
|
Fine - be happy. But take a little time to understand what you are being happy about. then again.. maybe too much understanding is not a recipe for happiness... As you were!
I won't use Mt Gox again, they'll have to earn my trust back. Yeah.. fair enough. I was just being snarky because you seemed to jump to the conclusion they were hacked again. I've been jumping to my own wrong conclusions so I can't really talk.
|
@electricwings BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
|
|
|
PCRon
Newbie
Offline
Activity: 46
Merit: 0
|
|
June 26, 2011, 11:57:59 AM |
|
There are actually people who have not changed their password yet??? I changed and my PW is not even on MTGox. come on people, this is a no brainer, CHANGE IS GOOD!!
|
|
|
|
Klestin
|
|
June 26, 2011, 12:51:02 PM |
|
Joe: "Hey Bob, is your password secure?" Bob: "Why yes, yes it is!"
$1$h5rchLvM$GZ4qMJm3V45rJDdEMjjCf.:secure
|
|
|
|
BitcoinPorn (OP)
|
|
June 26, 2011, 01:04:23 PM |
|
Joe: "Hey Bob, is your password secure?" Bob: "Why yes, yes it is!"
$1$h5rchLvM$GZ4qMJm3V45rJDdEMjjCf.:secure
|
|
|
|
Klestin
|
|
June 26, 2011, 01:10:17 PM |
|
Thank you, I'll be here all week. And the next, and the next...
Also, try the veal.
|
|
|
|
|