Pages:
Author

Topic: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE) - page 5. (Read 36695 times)

hero member
Activity: 546
Merit: 500
On the other hand, if they coded is smartly, they also used extra salt that is only in the source code and not in database  - that one should help indeed.

They didn't. My details are in there and I reproduced the hash for my password with the following perl:

#! /usr/bin/perl
$salt = '$1$SALT$'; # this is the at the start of the salted password in the accounts.csv, it's 8 alphanumeric characters
$pw = 'MY_PLAIN_PASSWORD'; # do this on a secure box, you're entering your password into a text editor.
$encpw = crypt($pw, $salt);
print "Encrypted password: $encpw\n";

Observe how the printed hash equals the bit after the salt in the accounts.csv. Thus no hidden salt or trickery.
member
Activity: 70
Merit: 10
so obviously its md5, and the salt is contained within db entry, but what method are they using to get the unicode characters back into hex strings that most password crackers utilize for reversing md5?

Mother of god...

I'm usually coding a web game page (no money) more securely...
sr. member
Activity: 280
Merit: 250
is there a way to "search" this csv list for my username instead of scrolling 60K names?
control+f and type in Smiley
donator
Activity: 3108
Merit: 1166
I do not know if this is real or fake. However, this is an direct download link that I hosted. Please comment...

http://bit.ly/kE3Q4D

[Edit: Holy shit, this is real. I found my email & password in the CSV. Shit just got real...]

I cant believe that.

This is completely against every privacy consideration that this file is openly distributed.


Sig:
>12y experience in trading.
Donations accepted: 14TeeHy4igXUgfnjXmCFG5MwkcRKZRkprS

Please always do your own due diligence, and consult your financial advisor. Never invest unless you can afford to lose your entire investment.

http://twitter.com/BitcoinAnalyst

lols @ Sig irony
newbie
Activity: 22
Merit: 0
So, WTF happened to websites being responsible and hashing emails as well?

Just my .02btc
member
Activity: 70
Merit: 10
Which is why we salt passwords before hashing them. It might take seconds to find "monkey" but it'll take ages to find "monkeyefweug#%_#Tsafwef24g" and the user doesn't have to remember that second part. Really if the database is compromised the salt is in there with the hash so it doesn't help much but it DOES at least make it so that two people using the same password won't both be compromised by simply compromising one of them. It also makes "rainbow tables" (giant tables of common passwords and what they hash to) ineffective.

It depends - if (if, I'm not sure how this is in case of mtgox) entire users database was leaked, then usually you also have the salts for each user right there in the database.

On the other hand, if they coded is smartly, they also used extra salt that is only in the source code and not in database  - that one should help indeed.
sr. member
Activity: 280
Merit: 250
I'm a member but I couldn't find mine Huh
member
Activity: 70
Merit: 10
so obviously its md5, and the salt is contained within db entry, but what method are they using to get the unicode characters back into hex strings that most password crackers utilize for reversing md5?

I don't think they're salting their passwords.

I'm using John The Ripper to crack these worthless "123456" md5-crypt passwords.
full member
Activity: 131
Merit: 100
so obviously its md5, and the salt is contained within db entry, but what method are they using to get the unicode characters back into hex strings that most password crackers utilize for reversing md5?
newbie
Activity: 48
Merit: 0
is there a way to "search" this csv list for my username instead of scrolling 60K names?
ctrl+f
hero member
Activity: 1148
Merit: 501
Oh... nice.. so much for anonymity

how easy is that password hash to crack?
 
member
Activity: 70
Merit: 10
is there a way to "search" this csv list for my username instead of scrolling 60K names?

Ctrl + Find. I opened it up in Google Docs.
member
Activity: 84
Merit: 10
I changed my password the other day when someone said the account was hacked.
legendary
Activity: 1764
Merit: 1002
is there a way to "search" this csv list for my username instead of scrolling 60K names?
full member
Activity: 238
Merit: 100
I am not able to get the file, has it been removed or am i just having problems on my end
member
Activity: 70
Merit: 10
Maybe this file is actually a virus/keylogger that will steal your wallet.dat or find your new password once Mt.Gox comes up again? That's the only thing from preventing me from downloading this file.

Really tempted tho...

Or maybe im just stupid/paranoid.

Dude, its a fucking CSV file. Check the extension, open the URL up in Google Docs if you're too scared. Tongue
full member
Activity: 336
Merit: 100
Maybe this file is actually a virus/keylogger that will steal your wallet.dat or find your new password once Mt.Gox comes up again? That's the only thing from preventing me from downloading this file.

Really tempted tho...

Or maybe im just stupid/paranoid.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
Give mine a shot. User ID 11195

I consider the account compromised anyway, and it's empty, regardless... But I would like a difficulty test on my password. Which, to be clear, is unique to Mt. Gox.
member
Activity: 70
Merit: 10
These guys deserved their accounts to be hacked...


abcde:abcde
endeavormac:endeavormac
jallen:jallen
shecnu3:shecnu3
edocasper:edocasper
demodash:demodash
niky89:niky89
hehehe\':NO PASSWORD:$1$ZJVxD1Xi$8MuO2/IEK2ITAOiRVH8nD/::::::
bubbles:bubbles
kendomastr:kendomastr
BenCardwell1:bencardwell1
test23:test23
test2323:test2323
gibberish:gibberish
themandarax:themandarax
goodbrod:goodbrod
5FDERZ$:NO PASSWORD:$1$WV1exL20$LGjDyermelSynowyWSjaW0::::::
Pete Butter:butter
feefeefeefee:feefeefeefee
daniellobel:daniellobel
Phantom_Knight:phantom
25toro:25toro
sheef1:sheef1
yui9:NO PASSWORD:$1$tRf6y.pr$EWaJXMzwRfyXvq5zI3.y..::::::
Johnster:johnster
loppyer:loppyer
Amaresh:amaresh
[email protected]:meinseins
faceb:faceb
mueller:mueller
heatherington:Heatherington
stupid!:stupid!
mintslice:mintslice
sfhdusfhd:sfhdusfhd
Qba-da-Intrepid:intrepid
monkeys:monkeys
robot:robot
twatty:twatty
Mr.LKS:Mr.LKS
xxxxx:xxxxx
xxxxxxxxx:xxxxx
1qayxcvbnm:1qayxcvbnm
newbie
Activity: 20
Merit: 0
I'm number 905. Don't remember when I signed up really, but I only got into bitcoin once you could get bitcoins from europe. Which was pretty late in the game.
Pages:
Jump to: