Author

Topic: Encrypted info found??? (Read 1066 times)

full member
Activity: 224
Merit: 100
November 13, 2013, 03:36:41 AM
#9
Yes I meant hashed.
full member
Activity: 231
Merit: 100
November 12, 2013, 08:13:14 PM
#8
The passwords are likely encrypted with a salt so would be very hard to reverse.

Sort of. Passwords should be hashed, not encrypted. Encryption is reversible and would require an encryption key that has to get stored as well on the server. If somebody obtains access to the encrypted passwords and the key, obtaining the actual passwords is straightforward.

Luckily, this is not the case here. The first two lines of the dump say:

Code:
UserID,Username,Email,Password
1,jed,[email protected],$1$E1xAsgR1$vPt0d/L3f81Ys3SxJ7rIh/

"$1" means that the MD5 hash of the user's password salted with "E1xAsgR1" is "vPt0d/L3f81Ys3SxJ7rIh/". As long as somebody is using a strong enough password, MD5 works reasonably well for this purpose, i.e., it isn't possible to obtain the password from the salted hash.

However, MD5's speed makes brute-force attacks on weak passwords considerably less expensive than deliberately slow functions like bcrypt, scrypt of simply thousands of iterations of SHA-512. Even my OS uses the latter by default. I'd expect the same fro a service handling my money...

Bottom line: Don't use weak passwords! Never, ever, reuse a password!
full member
Activity: 224
Merit: 100
November 12, 2013, 01:02:13 PM
#7
Well email could be (and probably has been) used for bitcoin spam /.fishing.

The passwords are likely encrypted with a salt so would be very hard to reverse.
hero member
Activity: 700
Merit: 500
November 12, 2013, 02:35:45 AM
#6
IDK but i was searching for someone on Google and found this

http://cryptolingus.net/dls/hashes/Raw_Dumps/PasswordFile_12.txt

can anyone tell me what it is?? I'm scared to say it may be our info but idk and hopefully everyone has changed their passwords ASAP.

This appears to be the Mt Gox dump from way back.
ok so no harm correct?

No idea. Is your username in there?
I didn't get to check cause after i saw Theymos i assumed it belonged here

Jed being user number 1 seems like a giveaway that it is the old MtGox dump.
newbie
Activity: 42
Merit: 0
November 12, 2013, 02:19:20 AM
#5
IDK but i was searching for someone on Google and found this

http://cryptolingus.net/dls/hashes/Raw_Dumps/PasswordFile_12.txt

can anyone tell me what it is?? I'm scared to say it may be our info but idk and hopefully everyone has changed their passwords ASAP.

This appears to be the Mt Gox dump from way back.
ok so no harm correct?

No idea. Is your username in there?
I didn't get to check cause after i saw Theymos i assumed it belonged here
hero member
Activity: 700
Merit: 500
November 12, 2013, 01:55:27 AM
#4
IDK but i was searching for someone on Google and found this

http://cryptolingus.net/dls/hashes/Raw_Dumps/PasswordFile_12.txt

can anyone tell me what it is?? I'm scared to say it may be our info but idk and hopefully everyone has changed their passwords ASAP.

This appears to be the Mt Gox dump from way back.
ok so no harm correct?

No idea. Is your username in there?
newbie
Activity: 42
Merit: 0
November 12, 2013, 12:48:26 AM
#3
IDK but i was searching for someone on Google and found this

http://cryptolingus.net/dls/hashes/Raw_Dumps/PasswordFile_12.txt

can anyone tell me what it is?? I'm scared to say it may be our info but idk and hopefully everyone has changed their passwords ASAP.

This appears to be the Mt Gox dump from way back.
ok so no harm correct?
hero member
Activity: 700
Merit: 500
November 12, 2013, 12:30:04 AM
#2
IDK but i was searching for someone on Google and found this

http://cryptolingus.net/dls/hashes/Raw_Dumps/PasswordFile_12.txt

can anyone tell me what it is?? I'm scared to say it may be our info but idk and hopefully everyone has changed their passwords ASAP.

This appears to be the Mt Gox dump from way back.
newbie
Activity: 42
Merit: 0
November 12, 2013, 12:20:04 AM
#1
 IDK but i was searching for someone on Google and found this

http://cryptolingus.net/dls/hashes/Raw_Dumps/PasswordFile_12.txt

can anyone tell me what it is?? I'm scared to say it may be our info but idk and hopefully everyone has changed their passwords ASAP.
Jump to: