Tom Williams ~ The Smoking Gun(s) or Phin's Pholly

[cypherdoc]

Phinnaeus:  do you still have the .csv list of all the hacked accts on mtgox?  every source i've googled today has been taken down.

I put the link is the first post of this thread and it's still working: http://dump.udderweb.com/Censorship/mtgox_leak.txt

there was a list with the unhashed passwords circulating.  do you have that?

[1713268086]

1713268086

[1713268086]

1713268086

[1713268086]

1713268086

[1713268086]

1713268086

[Stefan Thomas]

Before I go any further with this, I want to state that I sent a PM to Stefan Thomas offering my deepest apology for getting weusecoins.com into this mix.

I'm about to reply to your PM as well, but just to make one thing very clear, I don't think you need to apologize here. If it was a mistake, I'm glad that you are helping to clear up my name, but in the big picture I'm grateful that you're putting in the time to do this research in the first place. The only thing that would tie this whole mess up properly is if somebody finds Tom Williams.

As I said, because of the fact that we used the same hosting, I can't fault people for seeing a connection.

So the apology is accepted and I very much respect how you handled the whole thing. Please don't let this incident discourage you from investigating me or anybody else.

[Phinnaeus Gage]

Phinnaeus:  do you still have the .csv list of all the hacked accts on mtgox?  every source i've googled today has been taken down.

I put the link is the first post of this thread and it's still working: http://dump.udderweb.com/Censorship/mtgox_leak.txt

there was a list with the unhashed passwords circulating.  do you have that?

No, I do not, cyperdoc. Don't you think that one list is more than enough for me to get into trouble with? Like I've stated, I knew this list existed but never took time to hunt it for I had no use for it. I found it by accident the other day which started me on free-stacking my marbles. This is the first I've heard about unhashed passwords, and believe you me, I'm not going to Google it.

PS: You can call be Bruno or Phin, and you have my permission to refer to my work here as Phin's Pholly.

I like it! Phin's Pholly should be in the thread title.  

Stupidest thing I've heard in my entire life. How crazy do you think I am?

[Phinnaeus Gage]

Before I go any further with this, I want to state that I sent a PM to Stefan Thomas offering my deepest apology for getting weusecoins.com into this mix.

I'm about to reply to your PM as well, but just to make one thing very clear, I don't think you need to apologize here. If it was a mistake, I'm glad that you are helping to clear up my name, but in the big picture I'm grateful that you're putting in the time to do this research in the first place. The only thing that would tie this whole mess up properly is if somebody finds Tom Williams.

As I said, because of the fact that we used the same hosting, I can't fault people for seeing a connection.

So the apology is accepted and I very much respect how you handled the whole thing. Please don't let this incident discourage you from investigating me or anybody else.

WOW! Simply, WOW! Can you (readers) imagine if all company owners handle situations with such professionalism. This is a class act! Thank you so kindly, Stefan.

I don't think you need to apologize here.

I do feel that I have to apology here, otherwise the other members will continue to put stuff in my coffee when I'm away from my desk.

[cypherdoc]

Explain the significance of a password starting with "$1$" or not.

Here's what the "$1$" prefix means. Don't read anything more than this into the "$1$" prefix.

Originally, MtGox stored hashed passwords in their database. A few years ago, this was considered reasonably secure, but the development and distribution of "rainbow tables" made hashed passwords insecure. (A "rainbow table" is essentially a reverse-lookup which takes you from a hashed password to a candidate unhashed password.)

In response to this, many websites (including MtGox) upgraded their systems to store salted hashed passwords instead of plain hashed passwords. This makes basic rainbow tables unusable for password cracking.

The problem is: how do you upgrade the existing passwords to use the new salting scheme? You don't know the existing passwords; you only know their hash. So you wait until the user logs on with a password that matches the hash. At that point, the user has just entered their actual password so you calculate the password's salted hash, and store that in the database in place of the unsalted hash.

A common technique (which was used at MtGox) represents the salted hashes with a prefix of "$1$", to distinguish it from unsalted hashes and to identify the salting/hashing scheme.

tl; dr:  From the presence of the "$1$" prefix we can deduce that the user logged in one or more times after MtGox changed to salted hashes. From the absence of the "$1$" prefix we can deduce that the user created their account before MtGox changed to salted hashes, and did not log in to that account between that time and when the password file was leaked.

can you explain exactly why salting is done?  i think i know after having perused the unhashed password list leaked from mtgox.  i was amazed at how many passwords were either identical or very close such as "qwerty" and "qwerty1".  does the random salt act like a nonce of random characters/digits that make the resulting hash much more complicated than it would be otherwise and thus more secure?  if so, when i type in a simple password how does my computer know the nonce so that the resulting hash matches the mtgox hash?  furthermore, it sounds like the hackers got into mtgox DB and got the hashed passwords directly.  would that be enough to access individual accts?  if so, why did they spend so much time brute forcing the hashes into the simple passwords?

[NF6X]

Stupidest thing I've heard in my entire life. How crazy do you think I am?

At least as crazy as I am stupid. 

Regarding the salting: The salt adds an additional pseudorandom element into the password prior to hashing. Without it, two identical plaintext passwords would show up in the password file with identical hashes. Once you crack one of them, you've cracked both of them. With the salt, the two identical plaintext passwords are likely to produce different salted hashes in the password file. Even though they both have the same plaintext password, cracking one doesn't trivially tell you that you've also cracked the other one. So, you need to go to all of the same work to crack each instance of that same password. I think the salting also makes rainbow tables impractical, but I'm no expert on this stuff.

[sadpandatech]

Stupidest thing I've heard in my entire life. How crazy do you think I am?

At least as crazy as I am stupid. 

Regarding the salting: The salt adds an additional pseudorandom element into the password prior to hashing. Without it, two identical plaintext passwords would show up in the password file with identical hashes. Once you crack one of them, you've cracked both of them. With the salt, the two identical plaintext passwords are likely to produce different salted hashes in the password file. Even though they both have the same plaintext password, cracking one doesn't trivially tell you that you've also cracked the other one. So, you need to go to all of the same work to crack each instance of that same password. I think the salting also makes rainbow tables impractical, but I'm no expert on this stuff.

 Aye, pretty much and it makes bruting with dictionaries about useless because of the differing hash result. You'd need to have the exact same salt that was used at the time the pwd was created for each pwd in order for your hashed pwds to match up.(newer cracking efforts can handle this too but it requires a lot more computing cycles for all the extra attempts at each hash)  Further if the tables are shadowed in some form it makes it much, much more difficult to leech the entire password table as you will only find the references to each one and not a complete build of the table. This is all old school crap though. Even though the concept hasn't changed much there are much more secure methods available to store and check user created passwords beyond just salting.

[DrYe5]

Now with the mybitcoin thing I can't help but feel, after listening to Hero's input that it sounds almost like some breaches started to become noticed and got out of hand before the orginal devs could do much about it. It seems like they were scared off by something and pretty much abandoned ship, leaving someone to deal with it pretty much on their own. Just my take on it now.

From that show it does sound that there is a lot of private information on mybitcoin.com that is being hidden to protect people. I always thought it strange that a site that started when bitcoin was a small (tiny) community could be completely anonymous. With so much freelance detective work evident, I wonder if that small community would be willing to make more information public to brute force this problem with the human based computing it seems is available here and at SA.

[sadpandatech]

Now with the mybitcoin thing I can't help but feel, after listening to Hero's input that it sounds almost like some breaches started to become noticed and got out of hand before the orginal devs could do much about it. It seems like they were scared off by something and pretty much abandoned ship, leaving someone to deal with it pretty much on their own. Just my take on it now.

From that show it does sound that there is a lot of private information on mybitcoin.com that is being hidden to protect people. I always thought it strange that a site that started when bitcoin was a small (tiny) community could be completely anonymous. With so much freelance detective work evident, I wonder if that small community would be willing to make more information public to brute force this problem with the human based computing it seems is available here and at SA.

ayeeee, my sentiments exactly. Them, combined with admins here and Gox should have more than enough info to come to some sort of conclusion. Which begs the question, 'Are people genuinely concerned for their safety?'.

[wolftaur]

Regarding the salting: The salt adds an additional pseudorandom element into the password prior to hashing. Without it, two identical plaintext passwords would show up in the password file with identical hashes. Once you crack one of them, you've cracked both of them. With the salt, the two identical plaintext passwords are likely to produce different salted hashes in the password file. Even though they both have the same plaintext password, cracking one doesn't trivially tell you that you've also cracked the other one. So, you need to go to all of the same work to crack each instance of that same password. I think the salting also makes rainbow tables impractical, but I'm no expert on this stuff.

It makes them much less useful for uninformed attacks especially.

If I happened to know in advance that the salt for the admin account was 12345, I can use a rainbow table prepared with that salt. But that table would only get me into one account. Knowing the salt in advance isn't something that happens frequently, though, so if I want to get rainbow tables, assuming a 2 byte salt I'd need 65,536 of them instead of just 1. And that leaves out the fact that the salt could be prepended _OR_ appended to the password, the hostname could be stuck on there as well, etc... I've seen a lot of extra stuff added into a password before hashing. Getting rainbow tables for those things already generated is harder.

[cypherdoc]

Regarding the salting: The salt adds an additional pseudorandom element into the password prior to hashing. Without it, two identical plaintext passwords would show up in the password file with identical hashes. Once you crack one of them, you've cracked both of them. With the salt, the two identical plaintext passwords are likely to produce different salted hashes in the password file. Even though they both have the same plaintext password, cracking one doesn't trivially tell you that you've also cracked the other one. So, you need to go to all of the same work to crack each instance of that same password. I think the salting also makes rainbow tables impractical, but I'm no expert on this stuff.

It makes them much less useful for uninformed attacks especially.

If I happened to know in advance that the salt for the admin account was 12345, I can use a rainbow table prepared with that salt. But that table would only get me into one account. Knowing the salt in advance isn't something that happens frequently, though, so if I want to get rainbow tables, assuming a 2 byte salt I'd need 65,536 of them instead of just 1. And that leaves out the fact that the salt could be prepended _OR_ appended to the password, the hostname could be stuck on there as well, etc... I've seen a lot of extra stuff added into a password before hashing. Getting rainbow tables for those things already generated is harder.

so when i enter my password into mtgox, their DB appends a memorized salt that was created when i first generated my password and then hashes the concatenation using the same hash algorithm (currently SHA-512) to create a hash result that is the same as the hash stored in their system?

[Phinnaeus Gage]

Prior to joining this forum, I spent no less than 12 hours reading the posts here. It was discussions like the previous few posts on this thread, and others like it, peppered throughout, that tipped me into joining. One of my early posts starts this sentiment as well. It wasn't long after joining that I saw a change in what was posted. Of course the time frame--forward of me joining (June 16)--must be taken into consideration, for a lot has happened within the past couple months. Even prior to me joining, I read some negative aspects of Bitcoin, but felt those concerns will be addressed in due time. To this day, Bitcoin still has issues, but I know that people more intelligent than I are working overtime to get them resolved so that Bitcoin can move more forward into the mainstream. I'm not a miner, nor a coder, nor a major mover/shaker, but I feel that what little I do bring to this banquet hopefully aids Bitcoin's progression.

Bruno

[freequant]

Phinnaeus,

10 pages to this thread, many people and email addresses dragged in the mud and still no shadow of any evidence.
10 pages of wishful thinking and what-ifs tossed at random...

So far, I refrained from commenting on that because I wanted to let you the time to recollect your "dicovery of last night". But the more this thread unfolds, the more it feels like you are just thinking aloud.

I am glad someone is investigating, and I don't want to discourage you.
But please considere posting when you are sure that you have really got something.

[BitcoinPorn]

I am glad someone is investigating, and I don't want to discourage you.
But please considere posting when you are sure that you have really got something.

To be fair, I think he writing indicated as such, that these are all things he is kind of putting together himself.  And who knows, hopefully there was a path in his little journey that may spark someone else to do a little investigating as well.   

[Phinnaeus Gage]

Phinnaeus,

10 pages to this thread, many people and email addresses dragged in the mud and still no shadow of any evidence.
10 pages of wishful thinking and what-ifs tossed at random...

So far, I refrained from commenting on that because I wanted to let you the time to recollect your "dicovery of last night". But the more this thread unfolds, the more it feels like you are just thinking aloud.

I am glad someone is investigating, and I don't want to discourage you.
But please considere posting when you are sure that you have really got something.

No argument here. 100% on point. The next quote by BitcoinPorn just about expresses my sentiment completely.

I am glad someone is investigating, and I don't want to discourage you.
But please considere posting when you are sure that you have really got something.

To be fair, I think he writing indicated as such, that these are all things he is kind of putting together himself.  And who knows, hopefully there was a path in his little journey that may spark someone else to do a little investigating as well.   

[Phinnaeus Gage]

No way will I be posting emails anymore. Thank you, freequant, for bringing that to my attention.

If I'm going to continue pursuing this issue, I feel I should do it with a different approach. I'll start by asking a simple question, then move forward from there. Let's see how this works out.

After reading the quote below gleaned from this post https://bitcointalk.org/index.php?topic=40258.msg490970#msg490970, my Huxley Hat started picking up signals--again.

I find even more strange his story in The Bitcoin Show about how he told to his *friends* one evening that he wanted to withdraw his funds, only to find out the next day that MyBitcoin had gone offline without any explanation

Is it possible for a well seasoned reporter to NOT: Know who Bruce Wagner is; Know about mybitcoin.com; Read this forum; etc.--all prior to June 13, 2011 (20K+ joined after this person became a member), yet was crafting a Bitcoin story?

[Phinnaeus Gage]

This topic needs more eyes.

If memory serves me correctly, back then (prior to June 13, 2011) bitcoin.org linked to this forum on its homepage. So I ask again, how is it that a well seasoned reporter didn't read this forum, therefore not knowing about mybitcoin.com or Bruce Wagner? When I first starting reading this forum, I knew about both and I'm not a reporter.

[NF6X]

Is it possible for a well seasoned reporter to NOT: Know who Bruce Wagner is; Know about mybitcoin.com; Read this forum; etc.--all prior to June 13, 2011 (20K+ joined after this person became a member), yet was crafting a Bitcoin story?

Sure. Well-seasoned reporters spew inaccurate garbage about subjects they know nothing about all the time. Sometimes they even decide what they want their story to say before they begin doing research for it. Many reporters have both journalistic integrity and competence, but there are enough of them who lack one or both that you can't take it for granted that any particular reporter knows what they are talking about.

[NF6X]

This topic needs more eyes.

If memory serves me correctly, back then (prior to June 13, 2011) bitcoin.org linked to this forum on its homepage. So I ask again, how is it that a well seasoned reporter didn't read this forum, therefore not knowing about mybitcoin.com or Bruce Wagner? When I first starting reading this forum, I knew about both and I'm not a reporter.

Incompetence and/or bias?

[Phinnaeus Gage]

Is it possible for a well seasoned reporter to NOT: Know who Bruce Wagner is; Know about mybitcoin.com; Read this forum; etc.--all prior to June 13, 2011 (20K+ joined after this person became a member), yet was crafting a Bitcoin story?

Sure. Well-seasoned reporters spew inaccurate garbage about subjects they know nothing about all the time. Sometimes they even decide what they want their story to say before they begin doing research for it. Many reporters have both journalistic integrity and competence, but there are enough of them who lack one or both that you can't take it for granted that any particular reporter knows what they are talking about.

I was wondering who stole my hyphen. Nice catch!

Bias! This person knows their shit otherwise would not be in the position this person is in.

Did you steal my pronouns, too?