haha! i'm using the internet!!!1
Topic: Cracked Passwords List Leaked, were you cracked? - page 4. (Read 16402 times)
26533: hackthis123191
haha! i'm using the internet!!!1
haha! i'm using the internet!!!1
That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!
Spaceballs!
That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!
My password wasn't on there, so I'll just throw it out there. My old mtgox password was 5kGrv3cM5-W_VKc9d6Zc. And no, I don't use it for anything else....
Edit: I've also started using 30 character passwords now too. All this talk about cracking 10 characters in 3 seconds has me paranoid!
Edit: I've also started using 30 character passwords now too. All this talk about cracking 10 characters in 3 seconds has me paranoid!
I use the same password, what a coincidence.
My password wasn't on there, so I'll just throw it out there. My old mtgox password was 5kGrv3cM5-W_VKc9d6Zc. And no, I don't use it for anything else....
Edit: I've also started using 30 character passwords now too. All this talk about cracking 10 characters in 3 seconds has me paranoid!
Edit: I've also started using 30 character passwords now too. All this talk about cracking 10 characters in 3 seconds has me paranoid!
Hash collision seems really unlikely to me. The odds should be microscopically small.
It's microscopically small for SHA hashes but MD5 has been considered broken (or nearly so) for a few years now.
Hash collision seems really unlikely to me. The odds should be microscopically small.
Not sure if any of you have seen this or not, but here it is:
https://www.nanaimogold.com/microlionsec.txt
If you haven't changed your passwords yet...do it.
If you wanted to see whether or not your password was safe, feel free to check if it was cracked here.
https://www.nanaimogold.com/microlionsec.txt
If you haven't changed your passwords yet...do it.
If you wanted to see whether or not your password was safe, feel free to check if it was cracked here.
Mine wasn't on this list, but anybody here would be foolish indeed to assume that this means their password wasn't cracked. If you use the same password in multiple locations, and a security breach occurs in one location, you need to change the password at every location that you used it.
I doubt that these and the many more that are on there 1) got phished and 2)wound up on this particular list at the same time. Well, except for the last guy. Though I do suppose that is an upgrade to using 'password' for a password 
Well, aside from *MAGIC*, by what other method do you believe those passwords were determined?Password reuse
Malware
Hash collisions
I doubt that these and the many more that are on there 1) got phished and 2)wound up on this particular list at the same time. Well, except for the last guy. Though I do suppose that is an upgrade to using 'password' for a password
Well, aside from *MAGIC*, by what other method do you believe those passwords were determined?Password reuse
Malware
Hash collisions
Yes, it matters. A lot. Salted means you have to crack each password individually. You have to run through the entire list of candidates (until a match) for each and every salted password (given unique salts). With unsalted passwords you can run through the wordlist once, and get all matching passwords with a single MD5 run for each word in your wordlist. It doesn't matter for one single password, but for 60000 salting means 60000 times more work. And salting renders rainbow tables useless, because you'd have to build one rainbow table for each possible salt.
Thanks for this explanation. For implementation purposes, how would a website use a unique salt? For example, when the username types in a password it must be joined to the salt and then an MD5 algorithm ran over the product to compare with the database stored hash.
Somewhere then the salt must be stored, right?
Random, and yes, it is stored.
If the hash started with $, it follows this format: $
Other schemes are available for SHA, blowfish, and (try not to laugh) NT.
If it doesn't start with $, it is just a simple unsalted MD5 hash of the input.
Yes, it matters. A lot. Salted means you have to crack each password individually. You have to run through the entire list of candidates (until a match) for each and every salted password (given unique salts). With unsalted passwords you can run through the wordlist once, and get all matching passwords with a single MD5 run for each word in your wordlist. It doesn't matter for one single password, but for 60000 salting means 60000 times more work. And salting renders rainbow tables useless, because you'd have to build one rainbow table for each possible salt.
Thanks for this explanation. For implementation purposes, how would a website use a unique salt? For example, when the username types in a password it must be joined to the salt and then an MD5 algorithm ran over the product to compare with the database stored hash.
Somewhere then the salt must be stored, right?
My password is not on the list. It was 'password1'. I read somewhere that 'password1' is the most common password so I figured it must be good.
Could somebody find the source of this list. I would really like to know how this was done. Is it really possible? I suspect this list is at least partially fake. My real password should have been easy to crack but is not on the list.
Sam
Could somebody find the source of this list. I would really like to know how this was done. Is it really possible? I suspect this list is at least partially fake. My real password should have been easy to crack but is not on the list.
Sam
What is the possibility of the hash collision? There is no such need those long characters number combination to be the true user password, as far as those hash match the users true hash, then the server will consider them to be the same. Though I would expect the collision password should be much uglier than the one shown in the file.
As written in wikipedia, there is already methods to generate collision 5 years before with some requirements, so it is not surprise that there is a generic method to find collision particular for the password.
As written in wikipedia, there is already methods to generate collision 5 years before with some requirements, so it is not surprise that there is a generic method to find collision particular for the password.
I'm surprised I'm not on the list.
And the uncracked password list that was released had the salts along with each password, so being 'salted' or 'unsalted' shouldn't matter...
Yes, it matters. A lot. Salted means you have to crack each password individually. You have to run through the entire list of candidates (until a match) for each and every salted password (given unique salts). With unsalted passwords you can run through the wordlist once, and get all matching passwords with a single MD5 run for each word in your wordlist. It doesn't matter for one single password, but for 60000 salting means 60000 times more work. And salting renders rainbow tables useless, because you'd have to build one rainbow table for each possible salt.
I guess i dont understand how password cracking works. I don't understand how they get multiple chances figuring out a password.
how could saab9000aeroskodafabiavrs or 7XiBKeJe5ochSqVW be cracked in such a short amount of time? Even unsalted...
And the uncracked password list that was released had the salts along with each password, so being 'salted' or 'unsalted' shouldn't matter...
And the uncracked password list that was released had the salts along with each password, so being 'salted' or 'unsalted' shouldn't matter...
Now that you've publicly stated this, it should be trivial to get a tool up that searches the block chain for bitcoin addresses and attempts to crack your password with each of them. 
Yeah, but look how many characters it has - there's just NO WAY any cracking program could guess this: 1GryC1TD9bXdwrV1YbDX3RnJrS2Ak87Vbw. It's perfect!
I can verify that 7XiBKeJe5ochSqVW is in fact the correct password, he was unsalted, and using "simple" md5. I cannot verify the salted passwords, they seem to be a different type of md5 then I am using. Why are there two different types of md5, and what do I call the second one?
http://www.insidepro.com/hashes.php?lang=eng
MD5(unix)
Edit: And the salted passwords match, too, at least the 3 I've checked:
60x8760b6k328vc3v24kw8y1
acy7zkprddv2k3iFd&
8W3G7Pds9712++
Curioser and curioser
Jump to: