1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

NVIDIA Forums Hack: Passwords Not Salted

Discussion in 'News' started by btarunr, Jul 16, 2012.

  1. btarunr

    btarunr Editor & Senior Moderator Staff Member

    Joined:
    Oct 9, 2007
    Messages:
    28,223 (11.38/day)
    Thanks Received:
    13,580
    Location:
    Hyderabad, India
    A group of hackers that claimed responsibility for hacking NVIDIA forums (forums.nvidia.com), which goes by the name "Team Apollo," posted the first piece of its exploits on Pastebin (find it here). The user data dump contains details of every fifth user of the forums. From what we can tell looking at the pasted data (which is now very much in the public domain), the passwords found in the user tables are not salted. NVIDIA was less than honest about that part.

    The passwords are stored as raw MD5 hashes, which can be fairly-easily decrypted (when compared to hashes with salt values). To make matters worse, certain MD5 decryption websites have large databases of pre-decrypted MD5 phrases, potentially making decryption these hashes easy. Or you could just use a CUDA-accelerated MD5 decryption tool, which munches through unsalted MD5 hash values at the speed of a small supercomputer. If you have an NVIDIA Forums account, and your passwords on other websites (forums, email accounts, banks) even remotely resemble that of your NVIDIA forums account, it is strongly recommended that you change your passwords on each of those other websites.

    [​IMG]
    KissSh0t, m1dg3t and Ikaruga say thanks.
  2. Ikaruga

    Ikaruga

    Joined:
    Feb 18, 2011
    Messages:
    866 (0.69/day)
    Thanks Received:
    182
    :shadedshu
  3. m1dg3t

    m1dg3t

    Joined:
    May 22, 2010
    Messages:
    2,246 (1.47/day)
    Thanks Received:
    513
    Location:
    Canada
    WOW! Good lookin' out bta :toast:
  4. mayankleoboy1 New Member

    Joined:
    Apr 1, 2011
    Messages:
    12 (0.01/day)
    Thanks Received:
    6
    using CUDA enabled crackers to crack NVIDIA passwords....
    :laugh::roll:
  5. MaKCuMyC

    MaKCuMyC

    Joined:
    Mar 27, 2011
    Messages:
    59 (0.05/day)
    Thanks Received:
    4
    Location:
    Ukraine
  6. hhumas

    Joined:
    Jun 24, 2011
    Messages:
    551 (0.49/day)
    Thanks Received:
    22
    Location:
    Islamabad
    hahahahhahahahah
  7. Elmo

    Elmo

    Joined:
    May 27, 2012
    Messages:
    309 (0.39/day)
    Thanks Received:
    40
    Location:
    Malaysia
    already decrypted one:roll:
  8. Ikaruga

    Ikaruga

    Joined:
    Feb 18, 2011
    Messages:
    866 (0.69/day)
    Thanks Received:
    182
    how do you know it's not salted? seriously please
  9. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    19,696 (6.23/day)
    Thanks Received:
    5,858
    A good policy, and one I use, it to not use any similar passwords for important things. Each email address has a totally different password, my bank passwords are also totally different. I vary rarely use the same password for two things, though I do have one password that I use for sites that I'll probably only ever visit once and don't care about.
    Crunching for Team TPU 50 Million points folded for TPU
  10. W1zzard

    W1zzard Administrator Staff Member

    Joined:
    May 14, 2004
    Messages:
    14,639 (3.93/day)
    Thanks Received:
    11,374
    if you md5 12345678 you get 25d55ad283aa400af464c76d713c07ad

    search for that text in the posted data and you will find it three times
    theJesus and Ikaruga say thanks.
  11. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    19,696 (6.23/day)
    Thanks Received:
    5,858
    OMG! That is the combination to my luggage!
    Crunching for Team TPU 50 Million points folded for TPU
  12. Kreij

    Kreij Senior Monkey Moderator Staff Member

    Joined:
    Feb 6, 2007
    Messages:
    13,881 (5.10/day)
    Thanks Received:
    5,615
    Location:
    Cheeseland (Wisconsin, USA)
    Hash "qwerty" and I'm sure you will get some matches too.
  13. Ikaruga

    Ikaruga

    Joined:
    Feb 18, 2011
    Messages:
    866 (0.69/day)
    Thanks Received:
    182
    thank you dear good sir:toast:
  14. TheMailMan78

    TheMailMan78 Big Member

    Joined:
    Jun 3, 2007
    Messages:
    20,883 (8.01/day)
    Thanks Received:
    7,454
    Indeed. NONE of my passwords are the same.
  15. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    19,696 (6.23/day)
    Thanks Received:
    5,858
    Yeah, in a perfect world no one should have to worry about this. Then again, apparently some of the users used 12345678 as their passwords, so we obviously aren't in a perfect world.:ohwell:
    Crunching for Team TPU 50 Million points folded for TPU
  16. Kreij

    Kreij Senior Monkey Moderator Staff Member

    Joined:
    Feb 6, 2007
    Messages:
    13,881 (5.10/day)
    Thanks Received:
    5,615
    Location:
    Cheeseland (Wisconsin, USA)
    This is from a local WI news site.
    Gives you an idea what people regularly use as passwords.
    theJesus says thanks.
  17. TheMailMan78

    TheMailMan78 Big Member

    Joined:
    Jun 3, 2007
    Messages:
    20,883 (8.01/day)
    Thanks Received:
    7,454
    Well as dumb as I am compared to a few users on TPU about tech stuff I ain't THAT dumb. I think a lot of the older TPU crowd is far more tech savvy then the average user.

    I once "fixed" a computer for someone who acted as if they pioneered software engineering yet couldn't figure out why he was getting BSOD's. I sat down on his OEM rig and discovered 32 viruses and his not so well hid porn stash. He said the viruses downloaded the porn. His wife kept asking me if that was true and I just said "Its possible" :laugh:

    After she left I said to him "Dude come on. You hid your porn on the desktop in a folder called "(His name) Work Files" This virus knew your first name?" :laugh:
    Last edited: Jul 16, 2012
    theJesus and 1c3d0g say thanks.
  18. DarkOCean

    DarkOCean

    Joined:
    Jan 28, 2009
    Messages:
    1,613 (0.81/day)
    Thanks Received:
    348
    Location:
    on top of that big mountain on mars(Romania)
    They obviously did not consider their accounts as being important.
  19. W1zzard

    W1zzard Administrator Staff Member

    Joined:
    May 14, 2004
    Messages:
    14,639 (3.93/day)
    Thanks Received:
    11,374
    I use asdfgh and variations on many sites that want me to register for some lame reason and I don't want to give them any hints of my real passwords
    TRWOV and theJesus say thanks.
  20. Elmo

    Elmo

    Joined:
    May 27, 2012
    Messages:
    309 (0.39/day)
    Thanks Received:
    40
    Location:
    Malaysia
    Now this deserves a gold award as it made me laugh.
  21. Major_A

    Major_A

    Joined:
    Jun 2, 2009
    Messages:
    143 (0.08/day)
    Thanks Received:
    29
    Location:
    Houston, TX
    After having a few friends get their email accounts hacked I started using 16-32 character passwords. I know that they are still vulnerable but the hope is they are harder to crack than lazier people. Kind of like the expression about 2 people and a bear, "I don't have to run faster than the bear, just faster than you".

    If you want a totally random password then I'd suggest using PCTools Secure Password Generator.
    http://www.pctools.com/guides/password/
  22. johnnyfiive

    johnnyfiive

    Joined:
    Apr 17, 2008
    Messages:
    3,891 (1.70/day)
    Thanks Received:
    876
    Location:
    Tucson, AZ
    Pfft. I use 'passw0rd' and never have been hacked. [0_o]/
  23. Aleksander

    Joined:
    Dec 2, 2009
    Messages:
    3,254 (1.92/day)
    Thanks Received:
    304
    Why did they publish the passwords???
  24. 1c3d0g

    1c3d0g

    Joined:
    Dec 9, 2007
    Messages:
    685 (0.28/day)
    Thanks Received:
    59
    On a more serious note: are TPU's forum passwords salted? You just never know what these script kiddie fuckers will target next... :shadedshu
  25. pantherx12

    pantherx12 New Member

    Joined:
    Jan 2, 2009
    Messages:
    9,714 (4.79/day)
    Thanks Received:
    1,699
    Location:
    ENGLAND-LAND-LAND
    To prove that they had them.

    Is anyone elses Techpowerup password techpowerup.....

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page