Topic: Cracked Passwords List Leaked, were you cracked? - page 3. (Read 16402 times)

Huh?
I don't think you got it.

Hashing a billion password candidates once with MD5 is no problem for today's computers.  To brute force 60000 unsalted passwords, you would just need one run through the candidates, making one hash for each candidate.  After one billion runs, you have cracked all passwords in your list of candidates.

To brute force 60000 salted passwords with unique salts, you need to run a more complex MD5 algorithm on all the salt + candidate combinations.  Even if you assume the same time for each test, it will take 60000 times longer to check all candidates against all hashes.  If the password is found for a candidate hash, you don't have to try the rest of the candidates for it, but you will probably not find as many passwords as you think.

Yes, a few people use their username or mail address as password.  Those would be cracked in seconds on anything with the computing power of a digital watch, no matter how they were hashed.  Don't worry about those.  Most of the passwords will likely not be among your candidates at all.

As someone said, this is just 3001 of 61017 accounts. About 1700 of all accounts were unsalted.

It is very obvious, if you do the maths, that this cannot have been brute-forced.
A 15 character mix has a pretty good length advantage, purely on the number of combinations. And since there seems to be quite a few of that kind and above, I'll base calculations on that.
The most basic mix of characters would be numbers and lowercase letters, for a total of 36 different possibilities. That gives a 15 char long password a total of 36^15 or 2.21*10^23 combinations.
Since the bitcoin network is a very good indicator of hashing power, if we translate the current capacity (12.571 Thash/s) to only 5870 cards, that gives 31292 @ 400 Mhash/s.
The best numbers my cards would give was 3.9 billion combinations/s each, which gives the bitcoin network a total power of 122567 billion hashes each second, or ~1.23*10^14.

Simple mathematics then gives: 2.21*10^23 comb. / 1.23*10^14 comb./s = 1.80*10^9 seconds, or 57.2 years.
To get anything realistic for brute-forcing, they would need 21.4 million 5870 cars, which brings it down to one month for a single 15 char length password with only numbers and lowercase letters.
One of the passwords was 24 letters like that, which would take longer than the calculated age of the universe using the bitcoin network!

Conclusion, this is either malware/virus, some form phishing attack or, though unlikely, hash collision.

Mine was ridiculously easy to crack, yet isn't on the list.  I had just signed up to test the site right before the crack happened...  My password WAS literally a short dictionary word.  The difficulty of the password is obviously not the deciding factor here.

You do not understand it at all.  Read kjj's post for a more detailed explanation of how the salting works.

Actually, "wachtwoord" means password in Dutch.

Luckily mine wasn't cracked. Password WAS iamdana1qaz0p;/

Since it is extremely unlikely that all 60000 passwords were the same, you still have to brute force the rest.

If you assume a more reasonable 3000 passwords that are either identical or the same as the mail address for example, the difference between everything salted or not is only 60/57=5% more work.

Salting only (significantly) helps against rainbow tables.

Sweet! I'm not there! I used an 8-character long password with uppercase, lowercase, and numbers. Foolishly, I set other bitcoin-related passwords to the same one. As soon as I saw the news, I changed every site to a different 15-character long password with uppercase, lowercase, numbers, and symbols. Now I should apply this to RL...

I'm really wondering how they got some of the passwords now because my brothers account is in the list but mine is not. We used the same password....

I'm on the list, but I figured I would be - it was medium-strength password at best. Of course I *never* kept a balance for any longer than it took to buy or sell, then I transferred immediately to my wallet or Dwolla where I did *not* use a medium-strength password. 

There are probably some kind of pattern in all the difficult looking passwords that the cracker happens to find through cleaver combinations of dictionary attacks, leet speek decoding, common combinations and brute forcing. For instance Ev3rL@NRDX11090821 = Everland (a place) RDX (an explosive) and a number. w@chtw00rdLanimret! = Watch word Lanimret!

I would also have thought some of these were safe, though.

Salts prevent people from pre-computing large amounts of hashes and then just simply comparing the hashes to see what the password is. These large lists of pre-computed hashes are called rainbow tables.

Let's imagine you and I both have the same password. If you use an unsalted hash, the resulting hash of the password will always be the same.

user:hashed_password

me:54yg7(momlk32
you:54yg7(momlk32

if I had a rainbow table for that type of hash, it might have an entry like:

54yg7(momlk32:password1

And I'd just have to search for it, not have to do any hashing and I'd find both our passwords out.

On the otherhand, if I use salts with the hash, the result would look more like this:

user:$salt$hash

me:$yg$sdf87dsfgbh^%$szdfds
you:$7z$powiuer9asd3ee343z^%

Practically this prevents me from computing a bunch of hashes beforehand and simply comparing the results to the stored hashes. You and I both still have the same weak password, but since a salt was used they have to be cracked independently.

It's not a big hurdle, but it's something.

no one mentioned rootkits and keyloggers?  

But the salts are given.  Correct me if I'm wrong, I'm new to understanding this: a password hash here is given as salt*md5*password sort of setup.  If it was just md5*password, you can solve the md5 and then just run that through the list of hashes to get all the passwords?  But if the salts are given then password crackers aren't trying to figure out the [salt] part of the equation, so you can effectively remove that and it just becomes md5*password again.  Right?

like if you have:
[salt1]*md5*[password1]
[salt2]*md5*[password2]
etc... its really hard to solve because you have crack each individual salt - BUT you don't have to crack each individual md5.  If the salts are listed right there on the table (and on MtGox that's what happened) then you're not cracking salts, just the md5 again.  That's how they get all these super-complex passwords - right?  They solved one simple md5 pass, and then used the given salts to get any password instantly.  Or am I not understanding how this works....

I'm not there. My password was 10 chars long.

So, I'm not cracked.  Yet ?

Nice.  Makes me feel all warm inside.

I get the feeling that this list isn't any of the bruteforced passwords - only the people that feel for the phishing attacks.

[conspiracy]
this list was generated while the Mt.Gox account recovery phase.
[/conspiracy]

Maybe he didn't clean the server completely? what if there was some kind of backdoor? yo rembember that you had to enter your old password on the recovery form. as soon as the inital hackers knew about the recovery procedure, they manipulated the scripts so that the input is stored plaintext or send somewhere. then it just get matched to username/email and voila.


This can be checked so:

Anyone who did NOT recovered his MtGox account AND has a safe password found himself on the list?

This plays into my theory that everything will be public for the world to see in the future. Part of the NWO, Apocolypse, and Utopia theory's. Depending on your "views" of it.

There are about 3000 passwords there out of about 60,000 accounts, or about 5% of the total.

So if it was brute force why only crack 5% of them? They must have used additional info from somewhere.