Hacker News new | past | comments | ask | show | jobs | submit login

Ehm, how we you know that? Maybe the salts were stored another place? Or simply the attacker didn't release them? Or maybe MtGox used a site-wide salt that's stored in their codebase somewhere?

EDIT: Okay, they appear to be unsalted (according to nbpoole): http://news.ycombinator.com/item?id=2671714




http://news.ycombinator.com/item?id=2671714 (Summary: Because you can Google at least some of the hashes and find they're already cracked)


open that file and search for the most famous MD5 hash - 5f4dcc3b5aa765d61d8327deb882cf99


Fortunately they all look like test accounts.


Meaning what?


That is the md5 digest of 'password'




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: