|
bitsmichel
|
 |
August 15, 2014, 10:44:24 AM |
|
I've just checked other 3 files they are offering for free and all paswords are hashed in databases. No need to worry at all if your password is long enough.
Which hashing algorithm is used? MD5? |
|
|
|
|
|
|
|
|
|
|
|
|
Bitcoin addresses contain a checksum, so it is very unlikely that mistyping an address will cause you to lose money.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
dadaas
Sr. Member
 Offline
Activity: 490
Merit: 250
Super Smash Bros. Ultimate Available Now!
|
|
August 15, 2014, 10:49:18 AM |
|
I've just checked other 3 files they are offering for free and all paswords are hashed in databases. No need to worry at all if your password is long enough.
Which hashing algorithm is used? MD5? Yes, MD5 is used. |
|
|
|
|
|
Aurum (OP)
|
|
August 15, 2014, 10:51:02 AM |
|
Yes, them use md5, the auroracoin forum use the traditional forum salt that is more hard to decrypt.
but with a good pay decoder with trillion hashes decode it no can be hard.
examples (hashes get from freecoinworld):
30fca77cebf16fe3c5b5b4db4371dee4 - cinta3segi
842df9fecdc99ad5aea6deb7ab117ae0 - me4ta12345
|
ghghghfgh
|
|
|
|
Mellnik
|
|
August 15, 2014, 11:04:32 AM |
|
Oh my god. Why the fuck would you use md5 LOL
|
|
|
|
|
Remember remember the 5th of November
Legendary
Offline
Activity: 1862
Merit: 1011
Reverse engineer from time to time
|
|
August 15, 2014, 11:11:26 AM |
|
Yup, the moment we read about MD5, it's already guaranteed that you need to change your password ASAP. MD5 can be bruteforced very easily.
|
BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
|
|
|
|
bitcoin_de
|
|
August 15, 2014, 01:16:49 PM |
|
As of now it seems that this is just scam in the case of bitcoin.de. This is not the first attempt of this kind. The person trying to make money out of this wasn't able to provide any proof that this data is indeed what he claims it is.
Best regards
Oliver
|
|
|
|
franky1
Legendary
Offline
Activity: 4214
Merit: 4481
|
|
August 15, 2014, 02:34:55 PM |
|
guys get your head out of the sand..
simple solution is to change your password regularly and then it wont matter if someone has your md5 hash. if you are worried about it more because you use the same email and password for all sites. CHANGE THEM ALL
even to me its more likely that "aurum" owns the aururacoin forum and give away sites and and has dumped his databases as the free 'tempter' to try getting people to hand him funds.
so just change your passwords regularly and dont use the same password on every site, as standard security procedure. and move on with your lives
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
|
counter
|
|
August 15, 2014, 06:10:24 PM |
|
Thanks for the news. I think it is good for this to happen so people are aware that they need to take the extra steps to be safe. Big ups to all of those who are more technologically inclined taking the time to warn others.  |
|
|
|
|
CharHill
Newbie
Offline
Activity: 56
Merit: 0
|
|
August 15, 2014, 07:32:37 PM |
|
Yes, we are, with that information |
|
|
|
|
galbros
Legendary
Offline
Activity: 1022
Merit: 1000
|
|
August 15, 2014, 08:27:29 PM |
|
As of now it seems that this is just scam in the case of bitcoin.de. This is not the first attempt of this kind. The person trying to make money out of this wasn't able to provide any proof that this data is indeed what he claims it is.
Best regards
Oliver
This is good to know, it would be good to hear from the other sites, though I suspect this is a hoax/scam. As others have noted freebitco.in has a lot of users, but I'm not sure what the value of the passwords would be since they are tied to btc addresses not anything useful. |
|
|
|
|
dadaas
Sr. Member
Offline
Activity: 490
Merit: 250
Super Smash Bros. Ultimate Available Now!
|
|
August 15, 2014, 09:33:56 PM |
|
As of now it seems that this is just scam in the case of bitcoin.de. This is not the first attempt of this kind. The person trying to make money out of this wasn't able to provide any proof that this data is indeed what he claims it is.
Best regards
Oliver
This is good to know, it would be good to hear from the other sites, though I suspect this is a hoax/scam. As others have noted freebitco.in has a lot of users, but I'm not sure what the value of the passwords would be since they are tied to btc addresses not anything useful. Well, you can change receiving address but then user would get email about that. Only way it could work is if rhat mail went to spam folder. Also problem is that users have same passwords for many sites, so somebody could hack much more things then just freebitco.in account. |
|
|
|
|
|
Valle
|
|
August 15, 2014, 10:56:07 PM |
|
It's one of the basic rule for all the newcomers out there, "CHANGE THE PASSWORD REGULARLY"
I tried to change ALL my passwords at once. It took about 2 weeks. |
|
|
|
|
dadaas
Sr. Member
Offline
Activity: 490
Merit: 250
Super Smash Bros. Ultimate Available Now!
|
|
August 15, 2014, 10:59:49 PM |
|
It's one of the basic rule for all the newcomers out there, "CHANGE THE PASSWORD REGULARLY"
I tried to change ALL my passwords at once. It took about 2 weeks. How many account do you have then? This way it looks like you have over 20k accounts  |
|
|
|
|
LiteCoinGuy
Legendary
Offline
Activity: 1148
Merit: 1010
In Satoshi I Trust
|
|
August 15, 2014, 11:03:00 PM |
|
They might have got their hands on the 3 crap sites, but nearly no way they got access to bitcoin.de (i think)
and also there were no news about a bitcoin.de hack. maybe just scam. |
|
|
|
|
Valle
|
|
August 15, 2014, 11:11:52 PM |
|
It's one of the basic rule for all the newcomers out there, "CHANGE THE PASSWORD REGULARLY"
I tried to change ALL my passwords at once. It took about 2 weeks. How many account do you have then? This way it looks like you have over 20k accounts Not that many, about a hundred. |
|
|
|
|
|
Valle
|
|
August 15, 2014, 11:13:27 PM |
|
It's one of the basic rule for all the newcomers out there, "CHANGE THE PASSWORD REGULARLY"
I tried to change ALL my passwords at once. It took about 2 weeks. How many account do you have then? This way it looks like you have over 20k accounts Not that many, about a hundred. No, there are few hundreds. But definitely less than a thousand :-) |
|
|
|
|
dadaas
Sr. Member
Offline
Activity: 490
Merit: 250
Super Smash Bros. Ultimate Available Now!
|
|
August 15, 2014, 11:30:09 PM |
|
It's one of the basic rule for all the newcomers out there, "CHANGE THE PASSWORD REGULARLY"
I tried to change ALL my passwords at once. It took about 2 weeks. How many account do you have then? This way it looks like you have over 20k accounts Not that many, about a hundred. No, there are few hundreds. But definitely less than a thousand :-) Well anyway it took you quite a time to change every password. I thought you had even more accounts when you did that for 2 weeks  |
|
|
|
|
|
Valle
|
|
August 16, 2014, 12:01:00 AM |
|
It's one of the basic rule for all the newcomers out there, "CHANGE THE PASSWORD REGULARLY"
I tried to change ALL my passwords at once. It took about 2 weeks. How many account do you have then? This way it looks like you have over 20k accounts Not that many, about a hundred. No, there are few hundreds. But definitely less than a thousand :-) Well anyway it took you quite a time to change every password. I thought you had even more accounts when you did that for 2 weeks You know, when every single service invents its own way to change password it takes awhile to change everything ) |
|
|
|
|
Razick
Legendary
Offline
Activity: 1330
Merit: 1003
|
|
August 16, 2014, 01:18:46 AM
Last edit: August 16, 2014, 01:33:01 AM by Razick |
|
Yes, because in most cases today passwords are not hashed in the database. Companies do not take security seriously - that's why hacking pays off. I agree, there is no excuse for not hashing passwords. It's really easy to do. Here's some free PHP code for anyone who wants to hash passwords. This is not the best way to do it in the newer versions of PHP but I'm stuck with 5.4. <?php
/*
* Copyright 2014 Jayson Strickland.
* The right to use, modify and distribute this code is hereby granted provided this notice is left in tact.
* You may not claim authorship, but aside from this notice, no attribution is required if this code is used
* as part of a larger program.
*/
class Hash
{
function hash_password($password, $cost, $salt = null)
{
// define result array
$result = array();
if ($salt == null)
{
// generate a new salt
$result['salt'] = substr(hash('sha256', uniqid('', true) . mt_rand(0, mt_getrandmax())), 0, 32);
$salt = $result['salt'];
}
// create an initial hash
$result['hash'] = hash('whirlpool', $salt . $password);
// apply Whirlpool for 1/2 of specified rounds
for ($i = 0; $i <= ($cost / 2) - 1; $i++)
{
$result['hash'] = hash('whirlpool', $salt . $result['hash']);
}
// apply sha-256 for 1/2 of specified rounds
for ($i = 0; $i <= $cost / 2; $i++)
{
$result['hash'] = hash('sha512', $salt . $result['hash']);
}
// return an array containing the salt and final hash
return $result;
}
}
|
ACCOUNT RECOVERED 4/27/2020. Account was previously hacked sometime in 2017. Posts between 12/31/2016 and 4/27/2020 are NOT LEGITIMATE.
|
|
|
|
Aurum (OP)
|
|
August 16, 2014, 02:29:58 AM |
|
guys get your head out of the sand..
simple solution is to change your password regularly and then it wont matter if someone has your md5 hash. if you are worried about it more because you use the same email and password for all sites. CHANGE THEM ALL
even to me its more likely that "aurum" owns the aururacoin forum and give away sites and and has dumped his databases as the free 'tempter' to try getting people to hand him funds.
so just change your passwords regularly and dont use the same password on every site, as standard security procedure. and move on with your lives
Lol you are crazy? the auroracoin owner is there: https://bitcointalk.org/index.php?topic=446062.0 in the hacker database its show the admin email as balduro@auroracoin.org the same username of this post, so you can know i am dont the owner. |
ghghghfgh
|
|
|
|
