Author

Topic: Hacker Had Access for 3 Days?! (Read 3624 times)

legendary
Activity: 1400
Merit: 1005
June 19, 2011, 06:55:39 PM
#18
Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.
I call lies.
member
Activity: 117
Merit: 10
June 19, 2011, 06:50:07 PM
#17
Quote
This simply isn't possible to have happened because of the leaked password file.  If someone found a way to reverse md5_crypt, or the quickly search the keyspace for non-trivial passwords, they would use it to make some real money, or maybe earn their PHD in mathematics.

Do you use the same passwords on any other sites?

If md5 is broke the planet would implode. heh. Yeah, I don't think anyone cracked your one-way hashed number+non-dict password. I call impossible.
kjj
legendary
Activity: 1302
Merit: 1026
June 19, 2011, 06:15:06 PM
#16
Someone PMed me my two passwords.

Both were salted, and both were long and a mix of nondict words with numbers.

This simply isn't possible to have happened because of the leaked password file.  If someone found a way to reverse md5_crypt, or the quickly search the keyspace for non-trivial passwords, they would use it to make some real money, or maybe earn their PHD in mathematics.

Do you use the same passwords on any other sites?
newbie
Activity: 22
Merit: 0
June 19, 2011, 06:01:06 PM
#15
Well, a 10length password (mix alpha-num-special) @ 33.1 BPS (Billion passwords a second) will take 226 hrs on 1000 machines running my password. ALSO, to get this speed, each machine needs 4 ATI 5970's.

I think mine is safe for a while.
newbie
Activity: 42
Merit: 0
June 19, 2011, 05:56:00 PM
#14
The funny/scary part about this.  Until 3 days ago my mtgox password was short and easy to crack (9 characters, dict word+numbers).  I don't know why I changed it.. I just did.  This DB leak is from after that password change.  I can verify that my new password + listed salt md5'd is the hash listed.

It had to be from 56 hours ago or sooner.  I installed google chrome after the CSRF scare, and the first thing I did with it was change my password.  This was exactly 56 hours ago.
newbie
Activity: 35
Merit: 0
June 19, 2011, 05:25:20 PM
#13
I find it hard to believe they brute-forced my password, along with all the rest, as it is long and secure.
A good password should be at least 15 alphanumeric characters, which at 1 billion comparisons a seconds takes 7 million years to test all combinations. It would take a humongous amount of computing power to crack that in a few days, even if you split it up amongst tens of millions of machines.
And that's just for one 15 character length password, and each character adds 36 times the number of combinations.
If you're using non-alphanumeric characters, like @,$ etc it takes exponentially longer to crack.
hero member
Activity: 994
Merit: 501
PredX - AI-Powered Prediction Market
June 19, 2011, 05:06:45 PM
#12
Someone PMed me my two passwords.

Both were salted, and both were long and a mix of nondict words with numbers.
newbie
Activity: 42
Merit: 0
June 19, 2011, 05:05:47 PM
#11
Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.

The vast majority of unsafe passwords are certainly cracked.  Not all of them have been.  It's simply not feasible to crack mine in any reasonable length of time.
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
June 19, 2011, 05:05:23 PM
#10
Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.

BS
Source?
Proof?
legendary
Activity: 2198
Merit: 1311
June 19, 2011, 05:04:35 PM
#9
Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.

Link to it please.  I'd really like to see if they got my password right.
hero member
Activity: 840
Merit: 1000
June 19, 2011, 05:03:54 PM
#8
Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.
Source?  I find this hard to believe.  I have only seen a file with around ~400 passwords cracked (only the few that were using unsalted md5)
member
Activity: 69
Merit: 10
June 19, 2011, 05:01:59 PM
#7
Where's that?
hero member
Activity: 854
Merit: 1000
June 19, 2011, 05:00:08 PM
#6
Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.
member
Activity: 71
Merit: 10
I can predict the future! Bitcoin will success!!!!
June 19, 2011, 04:58:33 PM
#5
So it was George Clooney all along. You'd think he has more money than he needs. But I guess not...
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
June 19, 2011, 04:57:44 PM
#4
Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
newbie
Activity: 28
Merit: 0
June 19, 2011, 04:56:03 PM
#3
Sucks for all those that got hacked anyway. It won't get rollbacked 3 days will it? Nope.
member
Activity: 84
Merit: 10
June 19, 2011, 04:54:32 PM
#2
I wonder how much damage has been done. Maybe we will find out tomorrow?






Lookie Here 1MXgbEABic6Up7e3SzHrmkdQTTSRpuUAxY

Get 10% discount for Life and up to 5% for referral
BitcoinConnection.com for the latest news on Bitcoins
full member
Activity: 196
Merit: 100
June 19, 2011, 04:48:23 PM
#1
According to @sirus on Twitter:

"hacker asking for hash cracks from the mtgox user db since the 16th had access for at least 3 days: http://t.co/c8FEfAu"




Jump to: