Yes, them use md5, the auroracoin forum use the traditional forum salt that is more hard to decrypt.
but with a good pay decoder with trillion hashes decode it no can be hard.
examples (hashes get from freecoinworld):
30fca77cebf16fe3c5b5b4db4371dee4 - cinta3segi
842df9fecdc99ad5aea6deb7ab117ae0 - me4ta12345
One question, how does anybody crack those codes? Isn't it right that it takes long time to bruteforce those codes? Isn't that the whole point of hashing passwords, to make them practically uncrackable?
The problem is that hash functions are very fast on their own. Modern computers can check millions and sometimes billions per second. For example, although php isn't a good choice, I could break md5 with something like this:
EDIT: As Cortex noted below, the attacker would likely target the database at once making the process much faster, especially if salts aren't used.
// this is the hash of the password I'm trying to break
$hash_to_crack = '30fca77cebf16fe3c5b5b4db4371dee4';
$found = false;
// until $found is changed to true, keep trying!
while (!$found)
{
// $this->next_try would be a method designed to supply the next possible password.
$attempt = md5($this->next_try);
// compare the next hash to the target hash
if ($attempt == $hash_to_crack)
{
// end the loop when we've found the hash
$found = true;
}
}
There's NO way they hacked Bitcoin.de, they need confirmation emails for everything. Unlike this site btw, this site needs confirmation email for everything too, i mean give me a break. How in hell it doesnt?
Having confirmation emails doesn't automatically secure a site against having its database stolen.