Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: Bitcoinica MtGox account compromised
by
bitcoinBull
on 13/07/2012, 23:21:38 UTC
Quote from: markm on July 13, 2012, 10:49:22 PM
Quote from: scribe on July 13, 2012, 10:42:37 PM
Quote from: markm on July 13, 2012, 08:27:02 PM
That still doesn't explain how the attacker knew that specific password should be tried at all.

We are talking about the password needed to convince LastPass to hand over your encrypted passwords right, not the passphrases needed to actually decrypt those passwords once having gotten a copy of them from LastPass?

-MarkM-


What's to say they "knew" at all? If the source was public and there were obviously duff security practices all round, wouldn't it be pretty straightforward to bruteforce LastPass with grepped strings from source and public e-mails?

Doesn't explain why the passwords were the same though. I guess laziness and hubris.

How can you brute-force a secure download protocol? If you fail to provide an initial response that proves you possess the correct decrypt password you don't get the file. Is all of this afterall a total comically silly fail on LastPass's part of delivering the crypted passwords to random anonymous hackers to have them brute-forced at leisure?

-MarkM-



That's right, you can't sync LastPass without the master password.

I still can't find any evidence of the bitcoinica source code leak, all google results are pointing back to genjix's original post in this thread. Does anyone know where it was first leaked?