to expect our usernames not to turn up on an internet decryption site?

[Blueberties]

here

Google your username plus "decrypt" and see what you get.

Is anyone a geek? What does it all mean? What do those streams of letters mean to the left of the names?

As far as I can tell, the website is a forum to help people break encryption on stored usernames. The lefthand column shows the encrypted version based on a standard algorithm (MD5?), the left hand appears to show the equivalent username. I'm guessing someone would use this list to try to brute-force hack a database or website.

Or something like that...

But don't think its specifically related to MN at all...

thanks Tequila

no, I don't think we're specially picked out but what does it reveal? passwords? ISP details? what if yr password is the same one as yr bank or mail password?

sorry for all the questions (I have loads of passwords but would like to know what's going on!)

And does it mean that mumsnet security is weak if our username computer details can be crawled and decrypted?

Basically it doesn't seem to reveal anything at all, and it is not related to Mumsnet or us. It's just a list of usernames and how they would look if they were put into a code in a certain way. So I don't think its anything to be concerned about

But I would change your bank password to be something different from everything else. Not a good idea to have the same thing on every site. What I do is have the same basic password but put a few different letters in the middle which are related to that particular site (eg for Mumsnet perhaps I put "msnt" in the middle). That way, if someone figures out our password for one thing they can't go straight onto everything else.

So where would they have got user names from - visiting the site and using the ones they've seen?

And is it a good idea to visit this site? Would it be storing information on visitors and what they looked up?

Well I got this!

Mine's not on there either. Perhaps your name got there from somewhere else, or someone else has that username?

Ha ha TBT v good

I don't think you have anything to worry about.

This site will let you type in a username or any string and show you what it would look like as a hash

I put in testname and it gave me afe107acd2e1b816b5da87f79c90fdc7

Now it asked me if it was ok to add that to their database. I said yes so now if you google testname encrypt you will be taken there and told that the encoded version is afe107acd2e1b816b5da87f79c90fdc7

So they are not decoding anything. They are encoding it after they see the plain text word or username

They don't know anything they didn't know before.

Your usernames are public knowledge so either they got them by other people typing them in or they are skimming random websites and adding all the words they see to their list. Either way it's not a problem really.

Of course they will end up with a huge dictionary of popular words and what they look like encoded, but I'm not sure how much use that is. Username/Passwords combinations will be stored in a more complex way.

googling testname encrypt might not work yet as it goes because it takes time for google to update lists, but if you go there and put in testname it will find it.

MD5 encryption is a way of encrypting words that is commonly used in password controlled computer systems. Systems will store an MD5 encrypted version of the username and password on the database. When you enter your username and password on the screen the system will encrypt it then send it to the database where it is compared to the stored MD5 encrypted version. If they match then the system knows the username and password are correct. It is done this way to avoid passing the username and password between the screen and the database in plain text.

MD5 is a one way encryption so there's no process to get from the encrypted version back to the plain text version. That website simply shows what an MD5 encrypted version of each of those username looks like (I'm assuming it's MD5 because that's what it looks like). It is unlikely to help anyone hack a computer system because most of them encrypted the username and password together, rather than just the username.

Thank you very much Tequila, Onagar, nocake and all. I feel reassured. Thank you.

It's amazing the way people take the time to explain something and make an effort to help. I really appreciate that.

TequillaMockingBird and nocake have given informative answers (thanks!), but I thought I'd chip in to help put people at ease.

The content on this site is related to something called a cryptographic hash function. The sequence of letters on the left are the result of entering the corresponding text on the right hand side into one of a class of algorithms, consisting of MD5 among many others. There are several websites like the one linked to which provide reverse-lookup tables (called rainbow tables) for cryptographic hashes of corresponding input text, for various reasons. This particular one is part of a reverse lookup table for a MySQL hashing algorithms.

Put simply, people use lists like this to find, given a sequence of characters like "c5010012cec4620048adb4b2ed9574e9", the sequence of characters "ireenmvi", as long as they know the algorithm being used.

The fact that this site might list your nickname doesn't mean your password has been exposed or that any other information about your account is at risk, as the information by itself is not enough to do anything. Your computer details haven't been crawled. Since anyone can find Mumsnet nicknames by browsing Talk, as has been said, I would guess someone has just entered a bunch of text that they've found online (intentionally using Mumsnet nicknames or not), and the entries have been added to their database.

@nocake

That website simply shows what an MD5 encrypted version of each of those username looks like (I'm assuming it's MD5 because that's what it looks like). It is unlikely to help anyone hack a computer system because most of them encrypted the username and password together, rather than just the username.

You're more or less right, nocake, though the algorithm isn't MD5. The URL has a give-away to the one used: "mysql". :)

Anyone interested in reading more about this stuff can check Wikipedia's articles on Cryptographic hash functions, and rainbow tables.

Thanks SO much!

Thanks for the links AdamTech.

Also, thanks for showing a post can be 'trimmed' before being quoted.