Bitcoin Forum
December 09, 2016, 12:27:11 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 6 7 »  All
  Print  
Author Topic: Cracked Passwords List Leaked, were you cracked?  (Read 14829 times)
darbsllim
Sr. Member
****
Offline Offline

Activity: 294


Founder, Filmmaker, Fun Guy


View Profile WWW
June 28, 2011, 03:34:42 PM
 #1

Not sure if any of you have seen this or not, but here it is:

https://www.nanaimogold.com/microlionsec.txt

If you haven't changed your passwords yet...do it.

If you wanted to see whether or not your password was safe, feel free to check if it was cracked here.

Brad Mills
Former miner - Former Bitcoin Business Owner - Victim of the Great Bitcoin Crashes of 2011 and 2012
1481243231
Hero Member
*
Offline Offline

Posts: 1481243231

View Profile Personal Message (Offline)

Ignore
1481243231
Reply with quote  #2

1481243231
Report to moderator
1481243231
Hero Member
*
Offline Offline

Posts: 1481243231

View Profile Personal Message (Offline)

Ignore
1481243231
Reply with quote  #2

1481243231
Report to moderator
"Bitcoin: mining our own business since 2009" -- Pieter Wuille
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481243231
Hero Member
*
Offline Offline

Posts: 1481243231

View Profile Personal Message (Offline)

Ignore
1481243231
Reply with quote  #2

1481243231
Report to moderator
1481243231
Hero Member
*
Offline Offline

Posts: 1481243231

View Profile Personal Message (Offline)

Ignore
1481243231
Reply with quote  #2

1481243231
Report to moderator
1481243231
Hero Member
*
Offline Offline

Posts: 1481243231

View Profile Personal Message (Offline)

Ignore
1481243231
Reply with quote  #2

1481243231
Report to moderator
Anonymous
Guest

June 28, 2011, 03:40:39 PM
 #2

Well, that password is done. I was ignorant to think that would suffice.
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 28, 2011, 03:44:42 PM
 #3

Hmm, I was not cracked. Some of the cracked passwords look pretty secure. Like

1036 ... ccFy7KpgN

How did that get cracked? Was that one of the unsalted ones?

1938 ... BESys*t3M

This seems like it should be secure, even though it is leetspeak.

1955 ... RYL4McGT

Again, unsalted? How was this cracked?

13434 ... djcnbimil99332k

I think this was is too far down to be unsalted, and it is too long for rainbow tables. Is it following a pattern I don't see?

13449 ... n833bgva

This looks secure enough to me. How are these getting cracked? How much time does it take?

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
spruce
Full Member
***
Offline Offline

Activity: 140


View Profile
June 28, 2011, 03:45:01 PM
 #4

Mine isn't on there (phew), but it is interesting to see what is.

I've certainly got more industrious in terms of making 20-character 4-type (upper case, lower case, symbol, number) passwords for important uses now. So I am glad this happened, despite the temporary annoyance at having that username and email address broadly published.
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 28, 2011, 03:45:31 PM
 #5

Well, that password is done. I was ignorant to think that would suffice.

Numbers are easy.

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
DeiBellum
Newbie
*
Offline Offline

Activity: 22


View Profile
June 28, 2011, 03:49:40 PM
 #6

Not cracked on both accounts (made one and forgot I had made it!)

Saweet!

If you like what I have posted please donate Smiley
1J5cNFGrTZPAWXhGDDkESWRQwtR5k5KbLw
just_someguy
Full Member
***
Offline Offline

Activity: 125


View Profile
June 28, 2011, 03:50:58 PM
 #7


Some that stick out that should be relatively strong:
j3n0VA$@
Nephi7187$$$
K7mmI8lAsn1o0q
c0urche$ne
7XiBKeJe5ochSqVW
n0k!@N900
yT#g1Srm123

I'm also curious how these were broken assuming these are salted.
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 28, 2011, 03:53:10 PM
 #8


Some that stick out that should be relatively strong:
j3n0VA$@
Nephi7187$$$
K7mmI8lAsn1o0q
c0urche$ne
7XiBKeJe5ochSqVW
n0k!@N900
yT#g1Srm123

I'm also curious how these were broken assuming these are salted.

Even if they aren't salted, the longest rainbow table I know of is only 10 characters, alphanumeric only. Most of those don't fit.

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
finack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 28, 2011, 03:53:49 PM
 #9

This looks secure enough to me. How are these getting cracked? How much time does it take?

I don't think they spent a lot of time cracking them. My password isn't there but should have been fairly easy to crack with some standard multi-word rules.

I wonder if the difficult passwords were reused and had been previously cracked. A lot of people feed lists of publicly cracked passwords as one of their dictionaries.
fascistmuffin
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 28, 2011, 03:54:47 PM
 #10

I was surprised I wasn't on that list. I had a rather weakish (I thought at least) 14 length password with a few capitals and numbers in it.
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 28, 2011, 03:55:33 PM
 #11

Not cracked on both accounts (made one and forgot I had made it!)

Saweet!

Remember, even if you aren't cracked now, you might be in the future. Don't count on those passwords.

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
foggyb
Legendary
*
Offline Offline

Activity: 1302


View Profile
June 28, 2011, 03:55:42 PM
 #12

My password is in that list, but my account is not.

My version has upper/lower case.

DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 28, 2011, 04:00:46 PM
 #13

By my calculations, a random 9 character password, like this BESys*t3M should take a 5770 about 2/3 of a year to crack. But there it is on the list. How much hashing power did they throw at this?

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
bitcoin0918
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 28, 2011, 04:03:46 PM
 #14

The fact that a password is in this list doesn't imply that it was cracked. As finack said, the complex passwords were probably stolen by some other means - e.g. phishing - and happened to be reused.

"So you think that money is the root of all evil?" said Francisco d'Aconia. "Have you ever asked what is the root of money?" [contd.]
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 28, 2011, 04:05:13 PM
 #15

The fact that a password is in this list doesn't imply that it was cracked. As finack said, the complex passwords were probably stolen by some other means - e.g. phishing - and happened to be reused.

Hmm, so someone who uses the password "7XiBKeJe5ochSqVW" has been phished?

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
spruce
Full Member
***
Offline Offline

Activity: 140


View Profile
June 28, 2011, 04:05:31 PM
 #16

By my calculations, a random 9 character password, like this BESys*t3M should take a 5770 about 2/3 of a year to crack. But there it is on the list. How much hashing power did they throw at this?

But they didn't crack all the random 9 character passwords. Mine was only 7 characters total, five lower-case letters then two numbers, and it's not on the list.

Paul
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 28, 2011, 04:07:15 PM
 #17

By my calculations, a random 9 character password, like this BESys*t3M should take a 5770 about 2/3 of a year to crack. But there it is on the list. How much hashing power did they throw at this?

But they didn't crack all the random 9 character passwords. Mine was only 7 characters total, five lower-case letters then two numbers, and it's not on the list.

Paul

That seems like an easy crack compared to some of them. That should only take about 8 minutes on a 5770. Maybe less.

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
bitcoin0918
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 28, 2011, 04:08:14 PM
 #18

The fact that a password is in this list doesn't imply that it was cracked. As finack said, the complex passwords were probably stolen by some other means - e.g. phishing - and happened to be reused.

Hmm, so someone who uses the password "7XiBKeJe5ochSqVW" has been phished?
Just because a password is complex doesn't mean the user is not susceptible to phishing, viruses, etc. They could have used the password on an unsecured wireless network - something people do all the time.

An extremely complex password can also lead to a false sense of security, inadvertently making people more susceptible to other forms of attack. It's better to use sufficiently complex *different* passwords with every account, than to use the same extremely complex password on all accounts.

"So you think that money is the root of all evil?" said Francisco d'Aconia. "Have you ever asked what is the root of money?" [contd.]
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 28, 2011, 04:11:38 PM
 #19

The fact that a password is in this list doesn't imply that it was cracked. As finack said, the complex passwords were probably stolen by some other means - e.g. phishing - and happened to be reused.

Hmm, so someone who uses the password "7XiBKeJe5ochSqVW" has been phished?
Just because a password is complex doesn't mean the user is not susceptible to phishing, viruses, etc. They could have used the password on an unsecured wireless network - something people do all the time.

An extremely complex password can also lead to a false sense of security, inadvertently making people more susceptible to other forms of attack. It's better to use sufficiently complex *different* passwords with every account, than to use the same extremely complex password on all accounts.

There are just too many complex ones for that to be the answer. But then again, mine is simple compared to some of these and it isn't on the list. So perhaps you are right.

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
bitcoin0918
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 28, 2011, 04:12:58 PM
 #20

The fact that a password is in this list doesn't imply that it was cracked. As finack said, the complex passwords were probably stolen by some other means - e.g. phishing - and happened to be reused.

Hmm, so someone who uses the password "7XiBKeJe5ochSqVW" has been phished?

I looked that dude up on Facebook. He's an older guy whose activities include singing, sailing, barefoot hiking, etc. No evidence of computer expertise. The complex password was a false sense of security, and he was phished, in all likelihood.

"So you think that money is the root of all evil?" said Francisco d'Aconia. "Have you ever asked what is the root of money?" [contd.]
Pages: [1] 2 3 4 5 6 7 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!