Author

Topic: No MTGOX user hacked!! (Read 2048 times)

sr. member
Activity: 428
Merit: 254
June 20, 2011, 08:24:54 AM
#8
Wait till you hear today's show...

Do you mean episode 005 or an upcoming 006? Is there a way to have the information written somewhere? (I'm a really quick reader but I miss a lot of stuffs during a 48min show, especially because English is not my native language)
full member
Activity: 213
Merit: 100
June 20, 2011, 08:21:05 AM
#7
Why would someone release the passwords? How would that help anyone?

It's proof they accessed the database. The real treasure is the rest of the database, which we should assume an auditor also had access to:  balances, account history, bitcoin addresses, and possibly: Dwolla account numbers and IP addresses used to access mtgox, none of which were included publically. The thief still intends to sell this information, and probably already has.
newbie
Activity: 75
Merit: 0
June 20, 2011, 08:20:22 AM
#6
 My account was hacked and they stole my money from my mybitcoin.com account this morning.
full member
Activity: 209
Merit: 100
June 20, 2011, 07:39:51 AM
#5
A good chunk of the passwords use MD5 hashing, I think it's the early ones. Those have already been cracked and posted online. The later ones, those past 3000 or so are indeed salted as far as I know. But either way, it's much safer to change passwords once mtgox is back up. Also, mtgox should go to great lenghts to assure people this will never happen again.

Looking at the csv file, it seems that all accounts beyond the 3040 mark have "$1$" in the beginning of them.  And many of the ones prior have it as well -- probably those who changed their password after the salting feature was added.

Quote
The benefit provided by using a salted password is rendering a simple dictionary attack against the stored values rather impractical provided the salt is large enough. That is, an attacker would not be able to create a precomputed lookup table (i.e. a rainbow table) of hashed values (password + salt), because it would take too much space.

http://en.wikipedia.org/wiki/Salt_%28cryptography%29
sr. member
Activity: 336
Merit: 252
June 20, 2011, 07:30:51 AM
#4
Wait till you hear today's show...
hero member
Activity: 602
Merit: 500
June 20, 2011, 07:22:40 AM
#3
Why would someone release the passwords? How would that help anyone?
sr. member
Activity: 242
Merit: 251
June 20, 2011, 06:41:11 AM
#2
A good chunk of the passwords use MD5 hashing, I think it's the early ones. Those have already been cracked and posted online. The later ones, those past 3000 or so are indeed salted as far as I know. But either way, it's much safer to change passwords once mtgox is back up. Also, mtgox should go to great lenghts to assure people this will never happen again.
newbie
Activity: 18
Merit: 0
June 20, 2011, 05:14:42 AM
#1
The only one losing BTC is the same admin that got stuck in a botnet and lost the FTP password.

thats why the botnet spreader(not hacker.....) released the Datepase Smiley becouse its useless without the salt


K STOP WORRYING
Jump to: