Bitcoin Forum>Other>Off-topic
Author

Topic: The dictionary attack (Read 603 times)

Fiyasko
legendary
Activity: 1428
Merit: 1001
Okey Dokey Lokey
The dictionary attack
March 27, 2013, 02:51:08 PM
#4
Quote from: Stephen Gornick on March 27, 2013, 02:01:28 AM
Quote from: Fiyasko on March 26, 2013, 10:46:44 PM
So i've been seeing Alot of "my mt.gox account was hacked" "my xbox account was hacked" "my facebook account has been hacked" Etc...

Fortunately there is also two-factor authentication, rendering dictionary attacks essentially worthless for compromising the login credentials.

Which Two-factor authentication methods are available at which exchanges?
 - http://bitcoin.stackexchange.com/a/4114/153
I know right? But for whatever rediculos reason, People feel that its not neccessary, Even with all the theft happening
Stephen Gornick
legendary
Activity: 2506
Merit: 1010
Re: The dictionary attack
March 27, 2013, 02:01:28 AM
#3
Quote from: Fiyasko on March 26, 2013, 10:46:44 PM
So i've been seeing Alot of "my mt.gox account was hacked" "my xbox account was hacked" "my facebook account has been hacked" Etc...

Fortunately there is also two-factor authentication, rendering dictionary attacks essentially worthless for compromising the login credentials.

Which Two-factor authentication methods are available at which exchanges?
 - http://bitcoin.stackexchange.com/a/4114/153
Mike Christ
legendary
Activity: 1078
Merit: 1003
Re: The dictionary attack
March 27, 2013, 12:09:57 AM
#2
I've attempted the random-phrase password before.  I got bored with trying to type it all out every single time I wanted to login tho Tongue  All things considered, I should probably switch back to the phrase.  You get so used to using the same few passwords that eventually it all crumbles down, so better to have one really oddball password than several easily found passwords.  Heck, several oddball passwords will ensure maximum security.  Only problem is, some sites have a strict limit on how many characters a password can be Undecided
Fiyasko
legendary
Activity: 1428
Merit: 1001
Okey Dokey Lokey
Re: The dictionary attack
March 26, 2013, 10:46:44 PM
#1
So i've been seeing Alot of "my mt.gox account was hacked" "my xbox account was hacked" "my facebook account has been hacked" Etc...
About a month or so ago i read (on twitter) that the group known as "anonymous" released a 10-11gb (compressed) Text file of known passwords and common words aswell as things like the Gutenburg dictionary, they also hinted that they were using hashcat.

So basically all im saying is that people seem to have forgotten what a "safe" password really is.
http://xkcd.com/936/ <-comical evidence

When someone has a 11gb dictionary file, and a good amount of hashpower, they can ram though hundreds of passwords
And no, things like "oh well they may know the password qwerty54321 like i used at one point, but how about if its qwerty554231"

Anyone who has the desire to run a dictionary attack, is going to be smart enough to add wildcards and compensations to "hit" your password.
I feel that the dictionary file that was released is being used on money related internet accounts, and as such, that is why we (or atleast I) are seeing so many incidents of "i got hacked"
Bitcoin Forum>Other>Off-topic
Jump to: