Cracked Passwords List Leaked, were you cracked?

[sturle]

And the uncracked password list that was released had the salts along with each password, so being 'salted' or 'unsalted' shouldn't matter...

Yes, it matters.  A lot.  Salted means you have to crack each password individually.  You have to run through the entire list of candidates (until a match) for each and every salted password (given unique salts).  With unsalted passwords you can run through the wordlist once, and get all matching passwords with a single MD5 run for each word in your wordlist.  It doesn't matter for one single password, but for 60000 salting means 60000 times more work.  And salting renders rainbow tables useless, because you'd have to build one rainbow table for each possible salt.

They solved one simple md5 pass, and then used the given salts to get any password instantly.  Or am I not understanding how this works....

You do not understand it at all.  Read kjj's post for a more detailed explanation of how the salting works.

[1714946679]

1714946679

[1714946679]

1714946679

[OgNasty]

Mine was ridiculously easy to crack, yet isn't on the list.  I had just signed up to test the site right before the crack happened...  My password WAS literally a short dictionary word.  The difficulty of the password is obviously not the deciding factor here.

[Uzza]

As someone said, this is just 3001 of 61017 accounts. About 1700 of all accounts were unsalted.

It is very obvious, if you do the maths, that this cannot have been brute-forced.
A 15 character mix has a pretty good length advantage, purely on the number of combinations. And since there seems to be quite a few of that kind and above, I'll base calculations on that.
The most basic mix of characters would be numbers and lowercase letters, for a total of 36 different possibilities. That gives a 15 char long password a total of 36^15 or 2.21*10^23 combinations.
Since the bitcoin network is a very good indicator of hashing power, if we translate the current capacity (12.571 Thash/s) to only 5870 cards, that gives 31292 @ 400 Mhash/s.
The best numbers my cards would give was 3.9 billion combinations/s each, which gives the bitcoin network a total power of 122567 billion hashes each second, or ~1.23*10^14.

Simple mathematics then gives: 2.21*10^23 comb. / 1.23*10^14 comb./s = 1.80*10^9 seconds, or 57.2 years.
To get anything realistic for brute-forcing, they would need 21.4 million 5870 cars, which brings it down to one month for a single 15 char length password with only numbers and lowercase letters.
One of the passwords was 24 letters like that, which would take longer than the calculated age of the universe using the bitcoin network!

Conclusion, this is either malware/virus, some form phishing attack or, though unlikely, hash collision.

[sturle]

With unsalted passwords you can run through the wordlist once, and get all matching passwords with a single MD5 run for each word in your wordlist.  It doesn't matter for one single password, but for 60000 salting means 60000 times more work.

Since it is extremely unlikely that all 60000 passwords were the same, you still have to brute force the rest.

Huh?

If you assume a more reasonable 3000 passwords that are either identical or the same as the mail address for example, the difference between everything salted or not is only 60/57=5% more work.

Salting only (significantly) helps against rainbow tables.

I don't think you got it.

Hashing a billion password candidates once with MD5 is no problem for today's computers.  To brute force 60000 unsalted passwords, you would just need one run through the candidates, making one hash for each candidate.  After one billion runs, you have cracked all passwords in your list of candidates.

To brute force 60000 salted passwords with unique salts, you need to run a more complex MD5 algorithm on all the salt + candidate combinations.  Even if you assume the same time for each test, it will take 60000 times longer to check all candidates against all hashes.  If the password is found for a candidate hash, you don't have to try the rest of the candidates for it, but you will probably not find as many passwords as you think.

Yes, a few people use their username or mail address as password.  Those would be cracked in seconds on anything with the computing power of a digital watch, no matter how they were hashed.  Don't worry about those.  Most of the passwords will likely not be among your candidates at all.

[Maxxx]

Anything under 20-30 characters is fair game. Use phrases with punctuation and special characters 20+ long or it will be cracked in this lifetime.

[tictok]

hmmm... wow, okay.

SO, I've learnt a valuable lesson on what to consider a secure password!

So evidently, even when salted, 8 characters containing letters, numbers and symbols is no-where near secure enough, even when it bares no relation to my username or email address...  in retrospect, something approaching 'leet speak' with perhaps obvious character replacement isn't the wisest choice.

SO you think its probably down to either malware or phising?

I'm not ruling it out but I'd be surprised if it was either.
I consider myself fairly savvy and know I haven't responded to any email phishing (I've certainly binned a few attempts) and have been super wary about watching URL's regarding anything to do with bitcoin. Also I'm not aware of any mac malware, but if anyone knows of any other than the Mac Defender thing I'd like to be enlightened...

Really keen to know exactly how this was done... even if its just to educate me on what to look for!

[billyjoeallen]

http://xkcd.com/792/

[finack]

SO you think its probably down to either malware or phising?

I'm not ruling it out but I'd be surprised if it was either.

I don't think anyone is saying none of the entries could have come from cracking. Your mentioned 8 character password could easily have been the result of cracking, especially if it had any dictionary word as part of it.

The two things we can say for (pretty darn) sure:

 - Whatever cracking was done wasn't applied equally, perhaps they only focused on some entries

 - Some of the results are very, very unlikely to have come from cracking

For the ones that fit in the latter category, malware and phishing aren't the only possible answers, though they are probably the most likely. Other possibilities could be password reuse: if the person who published the cracked list ran another bitcoin site that he had set up to log all the passwords in the clear, he could have tried all of them against the hashes to start out. Or, the publisher could be the mt. gox hacker or another person who gained more access to mt. gox than we've been lead to believe - there are a number of ways you could capture the password before it's hashed as someone logged in. Either by changing the site software, modifying the dns/stealing the site certificate, or simply just pulling off a XSS attack that presented a bogus idled out/login page.

There are surely more possibilities than that, they just become even less likely. The only thing you can be (pretty) sure of is it's not hash cracking.

[Nescio]

To brute force 60000 salted passwords with unique salts, you need to run a more complex MD5 algorithm on all the salt + candidate combinations.

Only if the algorithm also includes stretching, which salting by itself does not necessarily do. If that is the case then you're right of course (I haven't downloaded the file to look at what format they use).

[NO_SLAVE]

These are all relatively short.  I recommend passwords at least 45 characters long with no character being the same.
At least a sextillion years to get half way through cracking something like that.

Overkill anyone?  Paranoia is for those that survive.

[spruce]

I recommend passwords at least 45 characters long with no character being the same.
At least a sextillion years to get half way through cracking something like that.

How many minutes to search the room where you use the computer to find the place where you've written it down?

[saqwe]

holey maloney!!
again ?!?!?

i'm running out of keyboard acrobatics

21390ßqweiop

[fassadlr]

Luckily I don't use MtGox 

[Xer0]

And is still fucking tell you, the most probable is that MtGox's recovery thingy was compromised too!

[XIU]

Any idea if using Unicode would help? As in starting your password with a Chinese character for example?

[flashy]

I know this list isn't all of the passwords that were cracked. My username/password are not on this list, and I had my account, and one of my bank accounts compromised (I keep under $3 in the balance, so I don't care about it).

I would also check https://shouldichangemypassword.com/ It correctly reports I've hade my password compromised once on June 19, 2011. I got an email from Chase about my account on June 20, so it seems pretty accurate.

[bcearl]

Well, that password is done. I was ignorant to think that would suffice.

Sorry, dude, you password really looks naive. I couldn't image my grandma chosing that.

[TheAlchemist]

Man, I seriously underestimated the power of GPU password crackers! I had an 11-character password which I thought was pretty good--b1Ackb0x3!1, and that was cracked.  I'm pretty sure I didn't succumb to any phishing attempts. Good thing I use 20+ characters for passphrases.

[bcearl]

Man, I seriously underestimated the power of GPU password crackers!

I had an 11-character password which I thought was pretty good--b1Ackb0x3!1, and that was cracked.  I'm pretty sure I didn't succumb to any phishing attempts.

Good thing I use 20+ characters for passphrases.

leetspeak is no good.



EDIT:
My password was also weak, but fortunately it wasn't cracked yet. (I would like to tell you what the password is like, but maybe I should not give hints.)

[phelix]

my password is not on the list. it was seven rather random letters/caps/numbers and I did not use it anywhere else.

my mtgox balance has been: 0 btc / 0 usd

I think I did not log on to mtgox for a while before the incident.

I have used the mtgox claim website just for the fun of it.

these salted hashes/passwords match, I checked it.

2754,$1$ul1uYRLP$OX0qFAuT9wu78ZdAApIeB.
2754,K7mmI8lAsn1o0q

10253,$1$Pdz6SDbH$X3Nz7dxhG6/bXCpcHPrlg1
10253,yT#g1Srm123

13434,$1$vWDRQAo.$kH6Rc9E6unn80S.UK0RHa/
13434,djcnbimil99332k

it would be a waste to crack these PWs. you could make plenty of coins instead.

the hackers will laugh their asses off if they read this thread and find everyone wondering. give us a hint already!