NVIDIA Forums Hack: Passwords Not Salted

btarunr · Jul 16, 2012

A group of hackers that claimed responsibility for hacking NVIDIA forums (forums.nvidia.com), which goes by the name "Team Apollo," posted the first piece of its exploits on Pastebin (find it here). The user data dump contains details of every fifth user of the forums. From what we can tell looking at the pasted data (which is now very much in the public domain), the passwords found in the user tables are not salted. NVIDIA was less than honest about that part.

The passwords are stored as raw MD5 hashes, which can be fairly-easily decrypted (when compared to hashes with salt values). To make matters worse, certain MD5 decryption websites have large databases of pre-decrypted MD5 phrases, potentially making decryption these hashes easy. Or you could just use a CUDA-accelerated MD5 decryption tool, which munches through unsalted MD5 hash values at the speed of a small supercomputer. If you have an NVIDIA Forums account, and your passwords on other websites (forums, email accounts, banks) even remotely resemble that of your NVIDIA forums account, it is strongly recommended that you change your passwords on each of those other websites.

View at TechPowerUp Main Site

Ikaruga · Jul 16, 2012

:shadedshu

m1dg3t · Jul 16, 2012

WOW! Good lookin' out bta :toast:

mayankleoboy1 · Jul 16, 2012

using CUDA enabled crackers to crack NVIDIA passwords....
:laugh:

MaKCuMyC · Jul 16, 2012

Again.

hhumas · Jul 16, 2012

hahahahhahahahah

Elmo · Jul 16, 2012

already decrypted one :roll:

Ikaruga · Jul 16, 2012

how do you know it's not salted? seriously please

newtekie1 · Jul 16, 2012

A good policy, and one I use, it to not use any similar passwords for important things. Each email address has a totally different password, my bank passwords are also totally different. I vary rarely use the same password for two things, though I do have one password that I use for sites that I'll probably only ever visit once and don't care about.

W1zzard · Jul 16, 2012

Ikaruga said:
how do you know it's not salted? seriously please

if you md5 12345678 you get 25d55ad283aa400af464c76d713c07ad

search for that text in the posted data and you will find it three times

newtekie1 · Jul 16, 2012

W1zzard said:
if you md5 12345678 you get 25d55ad283aa400af464c76d713c07ad

search for that text in the posted data and you will find it three times

OMG! That is the combination to my luggage!

Kreij · Jul 16, 2012

Hash "qwerty" and I'm sure you will get some matches too.

Ikaruga · Jul 16, 2012

W1zzard said:
if you md5 12345678 you get 25d55ad283aa400af464c76d713c07ad

search for that text in the posted data and you will find it three times

thank you dear good sir :toast:

TheMailMan78 · Jul 16, 2012

newtekie1 said:
A good policy, and one I use, it to not use any similar passwords for important things. Each email address has a totally different password, my bank passwords are also totally different. I vary rarely use the same password for two things, though I do have one password that I use for sites that I'll probably only ever visit once and don't care about.

Indeed. NONE of my passwords are the same.

newtekie1 · Jul 16, 2012

TheMailMan78 said:
Indeed. NONE of my passwords are the same.

Yeah, in a perfect world no one should have to worry about this. Then again, apparently some of the users used 12345678 as their passwords, so we obviously aren't in a perfect world. :ohwell:

Kreij · Jul 16, 2012

This is from a local WI news site.
Gives you an idea what people regularly use as passwords.

TheMailMan78 · Jul 16, 2012

newtekie1 said:
Yeah, in a perfect world no one should have to worry about this. Then again, apparently some of the users used 12345678 as their passwords, so we obviously aren't in a perfect world.

Well as dumb as I am compared to a few users on TPU about tech stuff I ain't THAT dumb. I think a lot of the older TPU crowd is far more tech savvy then the average user.

I once "fixed" a computer for someone who acted as if they pioneered software engineering yet couldn't figure out why he was getting BSOD's. I sat down on his OEM rig and discovered 32 viruses and his not so well hid porn stash. He said the viruses downloaded the porn. His wife kept asking me if that was true and I just said "Its possible" :laugh:

After she left I said to him "Dude come on. You hid your porn on the desktop in a folder called "(His name) Work Files" This virus knew your first name?" :laugh:

DarkOCean · Jul 16, 2012

newtekie1 said:
Yeah, in a perfect world no one should have to worry about this. Then again, apparently some of the users used 12345678 as their passwords, so we obviously aren't in a perfect world.

They obviously did not consider their accounts as being important.

W1zzard · Jul 16, 2012

I use asdfgh and variations on many sites that want me to register for some lame reason and I don't want to give them any hints of my real passwords

Elmo · Jul 16, 2012

TheMailMan78 said:
Well as dumb as I am compared to a few users on TPU about tech stuff I ain't THAT dumb. I think a lot of the older TPU crowd is far more tech savvy then the average user.

I once "fixed" a computer for someone who acted as if they pioneered software engineering yet couldn't figure out why he was getting BSOD's. I sat down on his OEM rig and discovered 32 viruses and his not so well hid porn stash. He said the viruses downloaded the porn. His wife kept asking me if that was true and I just said "Its possible"

After she left I said to him "Dude come on. You hid your porn on the desktop in a folder called "(His name) Work Files" This virus knew your first name?"

Now this deserves a gold award as it made me laugh.

Major_A · Jul 16, 2012

After having a few friends get their email accounts hacked I started using 16-32 character passwords. I know that they are still vulnerable but the hope is they are harder to crack than lazier people. Kind of like the expression about 2 people and a bear, "I don't have to run faster than the bear, just faster than you".

If you want a totally random password then I'd suggest using PCTools Secure Password Generator.
http://www.pctools.com/guides/password/

johnnyfiive · Jul 16, 2012

Pfft. I use 'passw0rd' and never have been hacked. [0_o]/

GSquadron · Jul 16, 2012

Why did they publish the passwords???

1c3d0g · Jul 16, 2012

On a more serious note: are TPU's forum passwords salted? You just never know what these script kiddie fuckers will target next... :shadedshu

pantherx12 · Jul 16, 2012

Aleksander Dishnica said:
Why did they publish the passwords???

To prove that they had them.

Is anyone elses Techpowerup password techpowerup.....

System Name	RBMK-1000
Processor	AMD Ryzen 7 5700G
Motherboard	Gigabyte B550 AORUS Elite V2
Cooling	DeepCool Gammax L240 V2
Memory	2x 16GB DDR4-3200
Video Card(s)	Galax RTX 4070 Ti EX
Storage	Samsung 990 1TB
Display(s)	BenQ 1440p 60 Hz 27-inch
Case	Corsair Carbide 100R
Audio Device(s)	ASUS SupremeFX S1220A
Power Supply	Cooler Master MWE Gold 650W
Mouse	ASUS ROG Strix Impact
Keyboard	Gamdias Hermes E2
Software	Windows 11 Pro

System Name	m1dg3t \| DeathBox \| HairPi 3
Processor	3570k @ 4.0 1.15v BIOS \| q9550 @ 3.77 1.325v BIOS
Motherboard	Asrock z77e iTX \| p5q Dlx 2301 BIOS
Cooling	Custom Water \| D-14 & HR-03gt \| Passive HSF
Memory	Samsung MV-3V4G3D 4g x 2 @ 1866 1.35v \| OcZ RpR 2g x 4 @ 1067 2.2v
Video Card(s)	MSi 7950 tf3 @1000 / 1350 \| Asus 5870 V2 @ 900 / 1275
Storage	Adata sx900 256Gb / WD 2500 HHTZ \| WD 1001 FALS x 2
Display(s)	BenQ gw2750hm \| 46" Sharp Quatron
Case	BitFenix Prodigy - m0dd3d \| Antec Fusion Remote MAX
Audio Device(s)	Onboard Toslink > Yamaha HTR 6290 \| Xonar HDAV1.3 > Yamaha DSP z7
Power Supply	Ocz mXp700w \| Ocz zx850w \| Cannakit 5v 2.5a
Mouse	Logitech G700s \| Logitech G9x - Cable Repaired
Keyboard	TT Meka G1 - Black w Cherry Blacks\| Logitech G11
Software	Win7 Home \| Xp sp3 & Vista ultimate \| Raspbian
Benchmark Scores	Epeen!! Who needs epeen??

System Name	Avalon
Processor	Intel® Core™ i7-3770K @ 1C: 42x, 2C: 41x, 3C: 40x, 4C: 39x (scalped, Coollaboratory Liquid Pro)
Motherboard	ASUS P8Z77-V
Cooling	Thermalright HR-02 Macho Rev. A (B&W Edition) @ Passive
Memory	2x SK Hynix HMT451U6MFR8C-PB @ 2400 11-13-12-27 CR1 1.575 V
Video Card(s)	Intel® HD Graphics 4000
Storage	SSD: OCZ Vertex 4 128 GB; RAID0: 2x WDC WD10JPVT
Display(s)	SΛMSUNG S27A550
Case	Cooler Master CM 690 II Advanced White
Power Supply	Seasonic X-460 FANLESS
Software	Windows 7 SP1 64-bit

System Name	Hhumas-PC
Processor	Intel(R) Core(TM)2 Extreme CPU X9650 @ 3.00GHz (4 CPUs), ~3.0GHz
Motherboard	Asus P5W DH Deluxe
Cooling	ZALMAN CNPS 9700 NT 110mm 2 Ball Ultra Quiet
Memory	OCZ Platinium 2x2GB
Video Card(s)	ZOTAC GeForce GTX 680 2GB 256-bit GDDR5
Storage	WD Green 500 GB , WD 500 GB
Display(s)	Dell U2410F
Case	Casecom
Audio Device(s)	Creative Sound Blaster X-Fi Titanium Fatal1ty Pro
Power Supply	Corsair HX1000
Software	Windows 7 Ultimate 32 Bit

System Name	Elmo
Processor	i9 7900x
Motherboard	MSI x299 gaming pro ac
Cooling	Noctua NH D-14
Memory	32GB DDR4 3600 Mhz
Video Card(s)	Zotac AMP Extreme RTX 2070 Super
Storage	1TB Samsung 860 Evo, Samsung 970 Evo Plus 500GB, 1 & 2TB Barracuda, Hyperx 120GB, WD Green 500GB
Display(s)	Samsung 23" led 1080p X 3
Case	Nzxt Switch 810
Power Supply	Corsair HX 750W
Software	Windows 10 Pro

NVIDIA Forums Hack: Passwords Not Salted

btarunr

Editor & Senior Moderator

Ikaruga

m1dg3t

mayankleoboy1

New Member

MaKCuMyC

hhumas

Elmo

Ikaruga

newtekie1

Semi-Retired Folder

W1zzard

Administrator

newtekie1

Semi-Retired Folder

Kreij

Senior Monkey Moderator

Ikaruga

TheMailMan78

Big Member

newtekie1

Semi-Retired Folder

Kreij

Senior Monkey Moderator

TheMailMan78

Big Member

DarkOCean

W1zzard

Administrator

Elmo

Major_A

johnnyfiive

GSquadron

1c3d0g

pantherx12

Processor	Intel Core i7 10850K@5.2GHz
Motherboard	AsRock Z470 Taichi
Cooling	Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory	32GB DDR4-3600
Video Card(s)	RTX 2070 Super
Storage	500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s)	Acer Nitro VG280K 4K 28"
Case	Fractal Design Define S
Audio Device(s)	Onboard is good enough for me
Power Supply	eVGA SuperNOVA 1000w G3
Software	Windows 10 Pro x64

Processor	Ryzen 7 5700X
Memory	48 GB
Video Card(s)	RTX 4080
Storage	2x HDD RAID 1, 3x M.2 NVMe
Display(s)	30" 2560x1600 + 19" 1280x1024
Software	Windows 10 64-bit

System Name	TheMailbox 5.0 / The Mailbox 4.5
Processor	RYZEN 1700X / Intel i7 2600k @ 4.2GHz
Motherboard	Fatal1ty X370 Gaming K4 / Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling	MasterLiquid PRO 280 / Scythe Katana 4
Memory	ADATA RGB 16GB DDR4 2666 16-16-16-39 / G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s)	MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz / ASUS 780ti
Storage	256Gb M4 SSD / 128Gb Agelity 4 SSD , 500Gb WD (7200)
Display(s)	LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080 / Dell 27"
Case	Cooler Master MASTERBOX 5t / Cooler Master 922 HAF
Audio Device(s)	Realtek ALC1220 Audio Codec / SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply	Seasonic FOCUS Plus Series SSR-750PX 750W Platinum / SeaSonic X Series X650 Gold
Mouse	SteelSeries Sensei (RAW) / Logitech G5
Keyboard	Razer BlackWidow / Logitech (Unknown)
Software	Windows 10 Pro (64-bit)
Benchmark Scores	Benching is for bitches.

System Name	2600k
Processor	i7 2600K
Motherboard	ASUS P8Z77-V PRO
Cooling	Phanteks PH-TC14PE_BK
Memory	16GB
Video Card(s)	ASUS GTX 760 OC
Storage	120GB Agility 3/2TB WD Caviar Black x 2/Intel 311 (Cache Drive)
Display(s)	Dell S2340M
Case	Lian Li PC-8FIR (Silver)
Audio Device(s)	X-Fi Titanium Fata1ity
Power Supply	Cooler Master Silent Pro M 1000W
Software	Win 7 Pro x64 SP1
Benchmark Scores	Logitech G500 \| Razer Lycosa Mirror \| Logitech Z-5300

System Name	Dark Stealth
Processor	Ryzen 5 5600x
Motherboard	Gigabyte B450M Gaming rev 1.0
Cooling	Snowman, arctic p12 x2 fans
Memory	16x2 DDR4 Corsair Dominator Pro
Video Card(s)	3080 10gb
Storage	2TB NVME PCIE 4.0 Crucial P3 Plus, 1TB Crucial MX500 SSD, 4TB WD RED HDD
Display(s)	HP Omen 34c (34" monitor 3440x1440 165Hz VA panel)
Case	Zalman S2
Power Supply	Corsair 750TX
Mouse	Logitech pro superlight, mx mouse s3, Razer Basiliskx with battery
Keyboard	Custom mechanical keyboard tm680
Software	Windows 11
Benchmark Scores	70-80 fps 3440x1440 on cyberpunk 2077 max settings

System Name	My pc
Processor	Ryzen 5 3600
Motherboard	Asus Rog b450-f
Cooling	Cooler master 120mm aio
Memory	16gb ddr4 3200mhz
Video Card(s)	MSI Ventus 3x 3070
Storage	2tb intel nvme and 2tb generic ssd
Display(s)	Generic dell 1080p overclocked to 75hz
Case	Phanteks enthoo
Power Supply	650w of borderline fire hazard
Mouse	Some wierd Chinese vertical mouse
Keyboard	Generic mechanical keyboard
Software	Windows ten