Author

Topic: Recreating Mt. Gox password hash from password plus salt (Read 1386 times)

newbie
Activity: 39
Merit: 0
Its MD5(Unix). Also known as FreeBSD MD5.
hero member
Activity: 518
Merit: 500
Yeah, I knew what my password was. I just wasn't sure at what stage the csv had been taken. It was advertised for sale as being less than a day old, a few days ago.
hero member
Activity: 1008
Merit: 531
When you try to claim your account you have to get the password correct.  I kept trying the wrong one.  Eventually I tried a different password and it worked.  So if you can make a claim then you have your password correct.
legendary
Activity: 1876
Merit: 1000

I still have yet to see a link to the csv file..  can someone please provide it
hero member
Activity: 518
Merit: 500
No worries, I can answer my own question. A bit more digging and reading came up with this website for calculating MD5 hashes with salt: http://www.insidepro.com/hashes.php?lang=eng

It computes out with my changed (strong and unique) password in the database.
hero member
Activity: 518
Merit: 500
I changed my Mt. Gox password after hearing about people's accounts being hacked from one I use on other sites to a keepass generated one. I'm starting to educate myself on password security. I'm trying to find out whether the password database hacked from Mt. Gox has my old password or my new one in it. Does anyone know the exact algorithm that was used to apply the salt? I've tried various online MD5 converters but have been unable to recreate the hash listed in the leaked DB.

Obviously, if the hash is listed as $1$saltsalt$hashedhash it's not as simple as doing an md5 conversion on passwordsaltsalt to get the hash.

As I understand, the salt could be apply in various ways, such as saltsaltpassword or some other combination. Does anyone know how Mt. Gox did it?
Jump to: