Talk

Advanced search

to expect our usernames not to turn up on an internet decryption site?

(17 Posts)
Blueberties Tue 20-Sep-11 02:28:14

here

Google your username plus "decrypt" and see what you get.

Is anyone a geek? What does it all mean? What do those streams of letters mean to the left of the names?

TequillaMockingBird Tue 20-Sep-11 02:39:15

As far as I can tell, the website is a forum to help people break encryption on stored usernames. The lefthand column shows the encrypted version based on a standard algorithm (MD5?), the left hand appears to show the equivalent username. I'm guessing someone would use this list to try to brute-force hack a database or website.

Or something like that...

But don't think its specifically related to MN at all...

Blueberties Tue 20-Sep-11 02:42:31

thanks Tequila

no, I don't think we're specially picked out but what does it reveal? passwords? ISP details? what if yr password is the same one as yr bank or mail password?

sorry for all the questions (I have loads of passwords but would like to know what's going on!)

Blueberties Tue 20-Sep-11 02:43:16

And does it mean that mumsnet security is weak if our username computer details can be crawled and decrypted?

TequillaMockingBird Tue 20-Sep-11 03:25:45

Basically it doesn't seem to reveal anything at all, and it is not related to Mumsnet or us. It's just a list of usernames and how they would look if they were put into a code in a certain way. So I don't think its anything to be concerned about

But I would change your bank password to be something different from everything else. Not a good idea to have the same thing on every site. What I do is have the same basic password but put a few different letters in the middle which are related to that particular site (eg for Mumsnet perhaps I put "msnt" in the middle). That way, if someone figures out our password for one thing they can't go straight onto everything else.

scaevola Tue 20-Sep-11 06:41:54

So where would they have got user names from - visiting the site and using the ones they've seen?

And is it a good idea to visit this site? Would it be storing information on visitors and what they looked up?

ToothbrushThief Tue 20-Sep-11 07:01:42

Well I got this!

inmysparetime Tue 20-Sep-11 07:12:00

Mine's not on there either. Perhaps your name got there from somewhere else, or someone else has that username?

Blueberties Tue 20-Sep-11 11:00:06

Ha ha TBT v good grin

onagar Tue 20-Sep-11 11:06:23

I don't think you have anything to worry about.

This site will let you type in a username or any string and show you what it would look like as a hash

I put in testname and it gave me afe107acd2e1b816b5da87f79c90fdc7

Now it asked me if it was ok to add that to their database. I said yes so now if you google testname encrypt you will be taken there and told that the encoded version is afe107acd2e1b816b5da87f79c90fdc7

So they are not decoding anything. They are encoding it after they see the plain text word or username

They don't know anything they didn't know before.

Your usernames are public knowledge so either they got them by other people typing them in or they are skimming random websites and adding all the words they see to their list. Either way it's not a problem really.

Of course they will end up with a huge dictionary of popular words and what they look like encoded, but I'm not sure how much use that is. Username/Passwords combinations will be stored in a more complex way.

onagar Tue 20-Sep-11 11:09:34

googling testname encrypt might not work yet as it goes because it takes time for google to update lists, but if you go there and put in testname it will find it.

nocake Tue 20-Sep-11 11:30:35

MD5 encryption is a way of encrypting words that is commonly used in password controlled computer systems. Systems will store an MD5 encrypted version of the username and password on the database. When you enter your username and password on the screen the system will encrypt it then send it to the database where it is compared to the stored MD5 encrypted version. If they match then the system knows the username and password are correct. It is done this way to avoid passing the username and password between the screen and the database in plain text.

MD5 is a one way encryption so there's no process to get from the encrypted version back to the plain text version. That website simply shows what an MD5 encrypted version of each of those username looks like (I'm assuming it's MD5 because that's what it looks like). It is unlikely to help anyone hack a computer system because most of them encrypted the username and password together, rather than just the username.

Blueberties Tue 20-Sep-11 12:51:39

Thank you very much Tequila, Onagar, nocake and all. I feel reassured. Thank you.

Blueberties Tue 20-Sep-11 12:52:41

It's amazing the way people take the time to explain something and make an effort to help. I really appreciate that.

AdamTech (MNHQ) Tue 20-Sep-11 14:46:59

TequillaMockingBird and nocake have given informative answers (thanks!), but I thought I'd chip in to help put people at ease.

The content on this site is related to something called a cryptographic hash function. The sequence of letters on the left are the result of entering the corresponding text on the right hand side into one of a class of algorithms, consisting of MD5 among many others. There are several websites like the one linked to which provide reverse-lookup tables (called rainbow tables) for cryptographic hashes of corresponding input text, for various reasons. This particular one is part of a reverse lookup table for a MySQL hashing algorithms.

Put simply, people use lists like this to find, given a sequence of characters like "c5010012cec4620048adb4b2ed9574e9", the sequence of characters "ireenmvi", as long as they know the algorithm being used.

The fact that this site might list your nickname doesn't mean your password has been exposed or that any other information about your account is at risk, as the information by itself is not enough to do anything. Your computer details haven't been crawled. Since anyone can find Mumsnet nicknames by browsing Talk, as has been said, I would guess someone has just entered a bunch of text that they've found online (intentionally using Mumsnet nicknames or not), and the entries have been added to their database.

nocake

That website simply shows what an MD5 encrypted version of each of those username looks like (I'm assuming it's MD5 because that's what it looks like). It is unlikely to help anyone hack a computer system because most of them encrypted the username and password together, rather than just the username.

You're more or less right, nocake, though the algorithm isn't MD5. The URL has a give-away to the one used: "mysql". smile

Anyone interested in reading more about this stuff can check Wikipedia's articles on Cryptographic hash functions, and rainbow tables.

Blueberties Tue 20-Sep-11 15:44:48

Thanks SO much!

NetworkGuy Tue 20-Sep-11 16:56:16

Thanks for the links AdamTech.

Also, thanks for showing a post can be 'trimmed' before being quoted.

Join the discussion

Join the discussion

Registering is free, easy, and means you can join in the discussion, get discounts, win prizes and lots more.

Register now