Originally Posted by
artemm
true, but you should change all other instances of that password just in case. MD5 was probably used with no salting (worst case scenario.) That can be brute-forced in no time. Honestly, Mt. Gox is a one man operation. The guy running it didn't even notice the breach until the damage was done AND the market managed to correct itself.
The passwords were salted, you can test it yourself: the part between the start of the string and the third $ is the salt, and the rest is the output of PHP's crypt function.
The hash of my password in the leak is
Code:
$1$pbC0WhDK$06aoDZXms.RuV9gQB037B.
The following PHP script yields the correct hash, and you can use it yourself to see if your most current password was leaked.
PHP Code:
<?php
print(crypt('<my real password>', '$1$pbC0WhDK'));
?>
Bookmarks