

MtGox new password scheme SHA512 still insecure - Ixiaus

https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback<p>"<i>SHA-512 multi-iteration salted hashing</i> is in enabled and ready for when we get users reactivating their accounts."<p>I used to use a SHA-512 multi-iteration salted hashing scheme for my website's account passwords and after the Gawker attack and about 5 other HNers telling me it <i>was not</i> as secure as bcrypt, I decided to test cracking my own hashed password with a GPU brute force.<p>All I can tell you, is that it is NOT secure. Even with multi-iteration salting. It's just too FAST, that's the problem. BCRYPT allows you to adjust the WORK FACTOR to make it SLOWER and therefore <i>not economical</i> to brute force passwords.<p>----<p>After the hacks and now knowing that they are UPGRADING their password hashing scheme to a process I used TWO YEARS ago; I will safely say that I will not use MtGox now or in the future.
======
drtse4
Or SCrypt: <http://www.tarsnap.com/scrypt.html>

The question here is, considering what they are doing(i.e. handling monetary
transactions), shouldn't they have implemented a better hashing strategy from
the beginning? After this, i'd say they are not the best source for security
advices...

~~~
Ixiaus
I known I'm a bit late here, you probably won't see this. I originally _did_
use scrypt, actually, because I'm a fan of Colin's work but I was turned off
by the lack of rigorous 3rd party crypto analysis of his reference
implementation. Something bcrypt has...

Also, the python scrypt wrapper kept erroring out when I would use it in an
app running in mod_wsgi... (which has probably since been fixed)

~~~
drtse4
Agreed, the lack of peer reviews seems to be main reason people choose to go
with bcrypt, i've seen this pointed out frequently on other sites.

------
drivebyacct2
I spammed Manny at onlyonetv the first day that they spoke with someone at
mt.gox. I believe my exact words were:

Manny-Only1Tv, PLEASE scream bcrypt at him

He asked their dev (who asked Mark). Mark replied "bcrypt really isn't that
secure. We're using SHA-512. Like 1000 times".

I had a further comment about where he should play "his SHA-512" but we can
leave that out.

