Bitcoin Forum
December 05, 2016, 06:35:51 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 7 »  All
  Print  
Author Topic: Cracked Passwords List Leaked, were you cracked?  (Read 14820 times)
Saturn7
Full Member
***
Online Online

Activity: 146



View Profile
June 28, 2011, 04:17:07 PM
 #21

A 5870 can do 3.8 Billion password combinations a second.

If you have 3 of them in your system like most miners do, thats 11.4 Billion per second

684 Billion per Minute
41 Trillion per Hour
984 Trillion per day (24 hours)
6.8 Quadrillion per week
210 Quadrillion per Month  Shocked

I think the days of "passwords" you type with a keyboard are over.


First there was Fire, then Electricity, and now Bitcoins Wink
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480962951
Hero Member
*
Offline Offline

Posts: 1480962951

View Profile Personal Message (Offline)

Ignore
1480962951
Reply with quote  #2

1480962951
Report to moderator
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 28, 2011, 04:22:24 PM
 #22

The fact that a password is in this list doesn't imply that it was cracked. As finack said, the complex passwords were probably stolen by some other means - e.g. phishing - and happened to be reused.

Hmm, so someone who uses the password "7XiBKeJe5ochSqVW" has been phished?

I looked that dude up on Facebook. He's an older guy whose activities include singing, sailing, barefoot hiking, etc. No evidence of computer expertise. The complex password was a false sense of security, most likely, and he was phished, in all likelihood.

Interesting and creepy... <quietly goes off and changes facebook email>

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
Saturn7
Full Member
***
Online Online

Activity: 146



View Profile
June 28, 2011, 04:24:54 PM
 #23

Opps, its actually "just" 3.6 billion per second.


First there was Fire, then Electricity, and now Bitcoins Wink
bitcoin0918
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 28, 2011, 04:25:49 PM
 #24

Interesting and creepy... <quietly goes off and changes facebook email>
What's creepier is that people are fine with publishing so much personal information for the public to see.

"So you think that money is the root of all evil?" said Francisco d'Aconia. "Have you ever asked what is the root of money?" [contd.]
proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
June 28, 2011, 04:29:43 PM
 #25

Wait, what is this? Is this the MtGox database?
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 28, 2011, 04:31:06 PM
 #26

Wait, what is this? Is this the MtGox database?

Yes

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
bitcoin0918
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 28, 2011, 04:31:24 PM
 #27

A 5870 can do 3.8 Billion password combinations a second.

If you have 3 of them in your system like most miners do, thats 11.4 Billion per second

684 Billion per Minute
41 Trillion per Hour
984 Trillion per day (24 hours)
6.8 Quadrillion per week
210 Quadrillion per Month  Shocked

I think the days of "passwords" you type with a keyboard are over.

Even with those numbers, it would take on average a week to crack a purely random 8-character combination of alphanumeric/special characters. If that number is raised to 10, it's 21 years, according to this spreadsheet calculator.

"So you think that money is the root of all evil?" said Francisco d'Aconia. "Have you ever asked what is the root of money?" [contd.]
Isepick
Full Member
***
Offline Offline

Activity: 181


View Profile
June 28, 2011, 04:33:11 PM
 #28

A random selection of some of the more secure looking passwords:

60x8760b6k328vc3v24kw8y1
Y!m4g6s3j*
Ev3rL@NRDX11090821
b1Ackb0x3!1
8W3G7Pds9712++
c65b5DF488
mgq$jc)kw3
w@chtw00rdLanimret!
acy7zkprddv2k3iFd&
VeryStrongPassword

I doubt that these and the many more that are on there 1) got phished and 2)wound up on this particular list at the same time. Well, except for the last guy. Though I do suppose that is an upgrade to using 'password' for a password Tongue

DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 28, 2011, 04:35:52 PM
 #29

A random selection of some of the more secure looking passwords:

60x8760b6k328vc3v24kw8y1
Y!m4g6s3j*
Ev3rL@NRDX11090821
b1Ackb0x3!1
8W3G7Pds9712++
c65b5DF488
mgq$jc)kw3
w@chtw00rdLanimret!
acy7zkprddv2k3iFd&
VeryStrongPassword

I doubt that these and the many more that are on there 1) got phished and 2)wound up on this particular list at the same time. Well, except for the last guy. Though I do suppose that is an upgrade to using 'password' for a password Tongue



I also doubt that all of these were phished. But if they weren't, a network about 1% as large as the bitcoin network must have been pointed at cracking them.

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
Saturn7
Full Member
***
Online Online

Activity: 146



View Profile
June 28, 2011, 04:36:35 PM
 #30

A 5870 can do 3.8 Billion password combinations a second.

If you have 3 of them in your system like most miners do, thats 11.4 Billion per second

684 Billion per Minute
41 Trillion per Hour
984 Trillion per day (24 hours)
6.8 Quadrillion per week
210 Quadrillion per Month  Shocked

I think the days of "passwords" you type with a keyboard are over.

Even with those numbers, it would take on average a week to crack a purely random 8-character combination of alphanumeric/special characters. If that number is raised to 10, it's 21 years, according to this spreadsheet calculator.

Yes but this spreadsheet assumes only 17 billion per hour not 41 Trillion.
And thats just 3 cards, if somebody really wanted to go all out and have 30 cards then who knows.
Might open up a black hole in you PC  LOL
 

First there was Fire, then Electricity, and now Bitcoins Wink
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 28, 2011, 04:39:21 PM
 #31

A 5870 can do 3.8 Billion password combinations a second.

If you have 3 of them in your system like most miners do, thats 11.4 Billion per second

684 Billion per Minute
41 Trillion per Hour
984 Trillion per day (24 hours)
6.8 Quadrillion per week
210 Quadrillion per Month  Shocked

I think the days of "passwords" you type with a keyboard are over.

Even with those numbers, it would take on average a week to crack a purely random 8-character combination of alphanumeric/special characters. If that number is raised to 10, it's 21 years, according to this spreadsheet calculator.

Deepbit could crack a 10 char password every three seconds.

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
finack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 28, 2011, 04:41:45 PM
 #32

The thing is that plenty of people here have reported having weak-ish passwords (including myself) that they didn't crack, so a large cracking network or optimized algs don't explain them.

Has anyone actually checked one of the hashes for one of the strong passwords and confirmed it's correct? Could just be someone fucking around.

If they are legit, they have to have come from another source than just cracking. Either they were pre-cracked or phished or the publisher had access to the passwords some other way.
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 28, 2011, 04:42:26 PM
 #33

I wonder if people who aren't cracked, but are reporting that they have easy-ish passwords are people who had very little in their account. Is there any information about whether our account balances were available?

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
June 28, 2011, 04:44:09 PM
 #34

A 5870 can do 3.8 Billion password combinations a second.

If you have 3 of them in your system like most miners do, thats 11.4 Billion per second

684 Billion per Minute
41 Trillion per Hour
984 Trillion per day (24 hours)
6.8 Quadrillion per week
210 Quadrillion per Month  Shocked

I think the days of "passwords" you type with a keyboard are over.
It'd take 4 months to crack a 10-char alphanumeric password.  I don't think the days of "passwords" you type with a keyboard are over.

That said, how did so many of these passwords get cracked so quickly, if it should take centuries to crack some of them based on length?  Were that many people really idiots enough to visit the phishing sites sent in the spam emails?

EDIT:  Also, mine was not cracked.
xenon481
Sr. Member
****
Offline Offline

Activity: 406



View Profile
June 28, 2011, 04:47:32 PM
 #35

The throwaway password I used on a throwaway mtgox account is not in the list. It was only 7 characters long with uppercase letters and numbers.

Tips Appreciated: 171TQ2wJg7bxj2q68VNibU75YZB22b7ZDr
bitcoin0918
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 28, 2011, 04:48:04 PM
 #36

I doubt that these and the many more that are on there 1) got phished and 2)wound up on this particular list at the same time. Well, except for the last guy. Though I do suppose that is an upgrade to using 'password' for a password Tongue
Well, aside from *MAGIC*, by what other method do you believe those passwords were determined?

"So you think that money is the root of all evil?" said Francisco d'Aconia. "Have you ever asked what is the root of money?" [contd.]
bitcoin0918
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 28, 2011, 04:49:29 PM
 #37

A 5870 can do 3.8 Billion password combinations a second.

If you have 3 of them in your system like most miners do, thats 11.4 Billion per second

684 Billion per Minute
41 Trillion per Hour
984 Trillion per day (24 hours)
6.8 Quadrillion per week
210 Quadrillion per Month  Shocked

I think the days of "passwords" you type with a keyboard are over.

Even with those numbers, it would take on average a week to crack a purely random 8-character combination of alphanumeric/special characters. If that number is raised to 10, it's 21 years, according to this spreadsheet calculator.

Yes but this spreadsheet assumes only 17 billion per hour not 41 Trillion.
 

No you dolt! I took their number for total combinations, and divided it by your password test rate, to determine the amount of time necessary. You could have seen this yourself by actually looking at the numbers, rather than just seeing something that didn't make sense and assuming that was the explanation.

"So you think that money is the root of all evil?" said Francisco d'Aconia. "Have you ever asked what is the root of money?" [contd.]
sturle
Legendary
*
Offline Offline

Activity: 1418

http://bitmynt.no


View Profile WWW
June 28, 2011, 04:51:34 PM
 #38

The fact that a password is in this list doesn't imply that it was cracked. As finack said, the complex passwords were probably stolen by some other means - e.g. phishing - and happened to be reused.
Yep.  This is definetly a wordlist crack from both mangled words and leaked or phished passwords from other sites.  I can say that with 100% certainty because my own password isn't on the list.  My old Mt.Gox password was set for testing the new exchange at a time when a bitcoin was worth a few cents.  I used it on BBSes in the eighties, and it is very far from secure to modern standards.  Not even the nineties standard, I'd say.

Sjå http://bitmynt.no for veksling av bitcoin mot norske kroner.  Trygt, billig, raskt og enkelt sidan 2010.
I buy with EUR and other currencies at a fair market price when you want to sell.  See http://bitmynt.no/eurprice.pl
I support the roadmap.  If a majority of miners ever try to forcefully take control of Bitcoin through a hard fork without 100% consensus, I will immediately split out and dump all my forkcoins, and buy more real Bitcoin.
aral
Jr. Member
*
Offline Offline

Activity: 42


View Profile
June 28, 2011, 04:52:19 PM
 #39

The throwaway password I used on a throwaway mtgox account is not in the list. It was only 7 characters long with uppercase letters and numbers.

ditto

i had no money in it, never have had

i think it's weird though if they managed to make a list of active users.  what does that imply?
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 28, 2011, 04:52:59 PM
 #40

I can verify that 7XiBKeJe5ochSqVW is in fact the correct password, he was unsalted, and using "simple" md5. I cannot verify the salted passwords, they seem to be a different type of md5 then I am using. Why are there two different types of md5, and what do I call the second one?

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
Pages: « 1 [2] 3 4 5 6 7 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!