Author

Topic: use mining rig to crack passwords? (Read 4796 times)

AGD
legendary
Activity: 2070
Merit: 1164
Keeper of the Private Key
September 14, 2017, 09:54:35 AM
#10
panicky

You bring up a 6 ys old dead topic just to say "panicky"? Whats wrong with you?
full member
Activity: 196
Merit: 100
June 21, 2011, 12:44:19 AM
#9
Never thought that the world would be just as predicted in the movies:



member
Activity: 84
Merit: 10
June 20, 2011, 11:17:51 PM
#8
Interesting. With all these hacking going on these days on the internet, it makes me wonder really what is secure anymore.

nothing at all, not even your own mind.
you just have to try thinking securely and roll with the punches.

I guarantee you every thought you have, someone at that very same moment or even earlier is also thinking it.
It's all in what you do with that thought, and most of the time those thoughts are fleeting.
member
Activity: 79
Merit: 10
June 20, 2011, 11:05:54 PM
#7
Interesting. With all these hacking going on these days on the internet, it makes me wonder really what is secure anymore.
newbie
Activity: 52
Merit: 0
June 20, 2011, 10:55:03 PM
#6
The thing to realize is that because the passwords were salted with different salt, except for some of the early ones on the list, a person using a mining rig to hash them can't go against the entire list at once.

Google password salting for more details, but basically, your password had some random characters, called salt, added to them before hashing to make these type of attacks more difficult.  The leaked userid/password db includes the salt, so if someone wanted to target your password and it wasn't 10+ characters with more than just the alphabet, cracking it is possible.

The challenge for the attacker is to know which passwords to hack.  If the leaked db the hacker used included balance data, then it's easy.  You look at who has the largest balance, point a couple of mining rigs at the hashes of the biggest targets and hope that someone had a shorter password.

To me this makes the most sense, and I am doubtful that Kevin was the hacker, if only because I find it hard to believe that someone sophisticated enough to accomplish this hack would be unsophisticated enough to make it easy to find his e-mail address, home address and phone number.  Not that I think the attack necessarily has the hallmarks of real finesse, just that it has enough that I find it hard to believe Kevin was in collusion.

By the same token, I also find it difficult to believe that one or a few users had over 500K bitcoins sitting in their accounts at MtGox, particularly when the 400K transactions that have been discussed were supposed to be MtGox moving stuff around.

But, I've gotten off-topic.  To answer your question, if your password is less than 10+ characters and someone wanted to determine your password, it is probably doable with bitcoin mining equipment.
member
Activity: 79
Merit: 10
June 20, 2011, 10:41:24 PM
#5
Some almost immediately, some would take practically forever. It depends on the strength of the password.
newbie
Activity: 39
Merit: 0
June 20, 2011, 10:40:02 PM
#3
This question is impossible to answer definitively. The time it would take to brute force those passwords depends on the strength of the salt. As for the unsalted passwords, many of them were already publicly in rainbow tables.
member
Activity: 84
Merit: 10
June 20, 2011, 10:39:36 PM
#2
try it yourself
http://forum.bitcoin.org/index.php?topic=19729.msg249307#msg249307

spread this around so all the exchanges will take note.

http://www.golubev.com/hashgpu.htm



it uses the same hardware we are mining with.
member
Activity: 79
Merit: 10
June 20, 2011, 10:31:05 PM
#1
So how long would it take to crack those leaked passwords from MtGox? Let's say someone use their mining rig of 5G/Hash for it?
Jump to: