Bitcoin Forum
December 05, 2016, 04:39:44 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Forum passwords.  (Read 825 times)
Anonymous
Guest

September 09, 2011, 08:00:53 PM
 #1

Are they properly encrypted and salted? Again, it seems the site has been compromised. Should we be changing our passwords?
1480912784
Hero Member
*
Offline Offline

Posts: 1480912784

View Profile Personal Message (Offline)

Ignore
1480912784
Reply with quote  #2

1480912784
Report to moderator
1480912784
Hero Member
*
Offline Offline

Posts: 1480912784

View Profile Personal Message (Offline)

Ignore
1480912784
Reply with quote  #2

1480912784
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480912784
Hero Member
*
Offline Offline

Posts: 1480912784

View Profile Personal Message (Offline)

Ignore
1480912784
Reply with quote  #2

1480912784
Report to moderator
1480912784
Hero Member
*
Offline Offline

Posts: 1480912784

View Profile Personal Message (Offline)

Ignore
1480912784
Reply with quote  #2

1480912784
Report to moderator
JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
September 09, 2011, 08:08:11 PM
 #2

No one cares about fakeposting under your account, but checking if a site properly salted/hashed passwords should have been done before we all signed up.
memvola
Hero Member
*****
Offline Offline

Activity: 896


View Profile
September 09, 2011, 08:27:54 PM
 #3

No one cares about fakeposting under your account, but checking if a site properly salted/hashed passwords should have been done before we all signed up.

Thanks for the insight.
LightRider
Legendary
*
Offline Offline

Activity: 1488


I advocate the Zeitgeist Movement & Venus Project.


View Profile WWW
September 11, 2011, 04:57:57 AM
 #4

https://www.grc.com/haystack.htm

Bitcoin combines money, the wrongest thing in the world, with software, the easiest thing in the world to get wrong.
Visit www.thevenusproject.com and www.theZeitgeistMovement.com.
captainteemo
Full Member
***
Offline Offline

Activity: 145


View Profile
September 11, 2011, 05:02:41 AM
 #5

Are they properly encrypted and salted? Again, it seems the site has been compromised. Should we be changing our passwords?
1. No one cares about your bitcoin forum account.
2. SHA1 is insecure and broken.
3. This is running an extremely outdated version of SMF.

warweed
Full Member
***
Offline Offline

Activity: 130


View Profile
September 11, 2011, 05:07:27 AM
 #6

Brute Force Search Space Analysis:
Search Space Depth (Alphabet):   26+26+10+33 = 95
Search Space Length (Characters):   15 characters
Exact Search Space Size (Count):
(count of all possible passwords
with this alphabet size and up
to this password's length)   468,219,860,267,
835,848,675,991,626,495
Search Space Size (as a power of 10):   4.68 x 1029
Time Required to Exhaustively Search this Password's Space:
Online Attack Scenario:
(Assuming one thousand guesses per second)   1.49 hundred thousand trillion centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)   1.49 billion centuries
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)   1.49 million centuries
Note that typical attacks will be online password guessing

Cheesy
captainteemo
Full Member
***
Offline Offline

Activity: 145


View Profile
September 11, 2011, 05:09:31 AM
 #7

Brute Force Search Space Analysis:
Search Space Depth (Alphabet):   26+26+10+33 = 95
Search Space Length (Characters):   15 characters
Exact Search Space Size (Count):
(count of all possible passwords
with this alphabet size and up
to this password's length)   468,219,860,267,
835,848,675,991,626,495
Search Space Size (as a power of 10):   4.68 x 1029
Time Required to Exhaustively Search this Password's Space:
Online Attack Scenario:
(Assuming one thousand guesses per second)   1.49 hundred thousand trillion centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)   1.49 billion centuries
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)   1.49 million centuries
Note that typical attacks will be online password guessing

Cheesy
You don't need to bruteforce it and get what password you used. It's SHA1. You just need to have another input that results in the same hash.

deepceleron
Legendary
*
Offline Offline

Activity: 1470



View Profile WWW
September 11, 2011, 05:12:26 AM
 #8

Note that typical attacks will be online password guessing
Note that the typical attack will be running a stolen database through dedicated cracking rigs. About 1/5 of user's mtgox passwords were cracked and published within days of the compromise. It was also clear that the original plaintext was found and not some hash-matching string of garbage.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!