Topic: Recreating Mt. Gox password hash from password plus salt (Read 1371 times)
Its MD5(Unix). Also known as FreeBSD MD5.
Yeah, I knew what my password was. I just wasn't sure at what stage the csv had been taken. It was advertised for sale as being less than a day old, a few days ago.
When you try to claim your account you have to get the password correct. I kept trying the wrong one. Eventually I tried a different password and it worked. So if you can make a claim then you have your password correct.
I still have yet to see a link to the csv file.. can someone please provide it
No worries, I can answer my own question. A bit more digging and reading came up with this website for calculating MD5 hashes with salt: http://www.insidepro.com/hashes.php?lang=eng
It computes out with my changed (strong and unique) password in the database.
It computes out with my changed (strong and unique) password in the database.
I changed my Mt. Gox password after hearing about people's accounts being hacked from one I use on other sites to a keepass generated one. I'm starting to educate myself on password security. I'm trying to find out whether the password database hacked from Mt. Gox has my old password or my new one in it. Does anyone know the exact algorithm that was used to apply the salt? I've tried various online MD5 converters but have been unable to recreate the hash listed in the leaked DB.
Obviously, if the hash is listed as $1$saltsalt$hashedhash it's not as simple as doing an md5 conversion on passwordsaltsalt to get the hash.
As I understand, the salt could be apply in various ways, such as saltsaltpassword or some other combination. Does anyone know how Mt. Gox did it?
Obviously, if the hash is listed as $1$saltsalt$hashedhash it's not as simple as doing an md5 conversion on passwordsaltsalt to get the hash.
As I understand, the salt could be apply in various ways, such as saltsaltpassword or some other combination. Does anyone know how Mt. Gox did it?
Jump to: