NVIDIA Forums Hack: Passwords Not Salted

Oberon · Jul 16, 2012

Aleksander Dishnica said:
Why did they publish the passwords???

Do they really need justification after stealing them in the first place? Looks like they kind of threw that whole "integrity" thing out the window already.

newtekie1 · Jul 16, 2012

Oberon said:
Do they really need justification after stealing them in the first place? Looks like they kind of threw that whole "integrity" thing out the window already.

It might sound backwards, but some hackers do have integrity. Some hack into somewhere just to do it, then alert whoever they hacked to inform them how they did it so their security can be strengthened.

Though the people that hacked nVidia were obviously just doing it to be dicks.

GSquadron · Jul 16, 2012

First of all, if i hack a password, i never tell anyone i stole (hacked) the password. I never use it to block their account
No matter what would be my 'nickname'
This all was made and payed very well to the programmers who cracked the forum for just that script in the pastebin. Read what they wrote very well. (i am referring to all)
That is the true reason why they hacked the forum.
Bear in mind that no matter how much i 'love god' i am never going to pay a hacker to hack nvidia forums. So the real reason, is to make you believe that these GREAT HACKERS, achieved that greatness on what they wrote on pastebin. It is just like phishing mind. The hack was payed very well. There is no real reason why the Apollo would hack the forum.
Why exactly Nvidia? What is the real matter? If you find this, you will surely find the next hacking, not only on internet, but in real life!

Actually reading it again, why apollo? Really he says religion and political and other stuff? Where is the real name he should have used?
(You know what i am talking about)

tacosRcool · Jul 16, 2012

good thing I don't have an account there!

TheMailMan78 · Jul 16, 2012

newtekie1 said:
It might sound backwards, but some hackers do have integrity. Some hack into somewhere just to do it, then alert whoever they hacked to inform them how they did it so their security can be strengthened.

Though the people that hacked nVidia were obviously just doing it to be dicks.

I agree. But with that being said such hackers don't brag. The ones that brag are dicks as you said.

KissSh0t · Jul 16, 2012

All I can say to "Team Apollo" is....

0101100101101111011101010010000001110000011000010111010001101000011001010111010001101001011000110010000001101000011000010110001101101011011001010111001000100000011100110110001101110101011011010010110000100000011001110110111100100000011100000110110001100001011110010010000001110111011010010111010001101000001000000111001101101111011011010110010101110100011010000110100101101110011001110010000001100101011011000111001101100101001000000110110001101001011010110110010100100000010100110110111101101110011110010010000001101111011100100010000001010101011000100110100101110011011011110110011001110100001011100010111000101110

Disruptor4 · Jul 17, 2012

tacosRcool said:
good thing I don't have an account there!

I don't remember if I do or not. Is there a way to find out?

theJesus · Jul 17, 2012

johnnyfiive said:
Pfft. I use 'passw0rd' and never have been hacked. [0_o]/

Apparently you don't use that for here.

pantherx12 said:
Is anyone elses Techpowerup password techpowerup.....

Apparently not you.

Disruptor4 said:
I don't remember if I do or not. Is there a way to find out?

One would hope that they'd send an email to anybody with an account warning them to change their passwords . . .

Disruptor4 · Jul 17, 2012

KissSh0t said:
All I can say to "Team Apollo" is....

0101100101101111011101010010000001110000011000010111010001101000011001010111010001101001011000110010000001101000011000010110001101101011011001010111001000100000011100110110001101110101011011010010110000100000011001110110111100100000011100000110110001100001011110010010000001110111011010010111010001101000001000000111001101101111011011010110010101110100011010000110100101101110011001110010000001100101011011000111001101100101001000000110110001101001011010110110010100100000010100110110111101101110011110010010000001101111011100100010000001010101011000100110100101110011011011110110011001110100001011100010111000101110

What's wrong with Ubi?

theJesus said:
One would hope that they'd send an email to anybody with an account warning them to change their passwords . . .

One would hope so... and I think they are/have. Just haven't received one yet so yeah.

KissSh0t · Jul 17, 2012

Disruptor4 said:
What's wrong with Ubi?

Not allowing me to play the game I bought for my laptop where I don't have constant internet access.. lol.

Interesting Sony wasn't mentioned xD

TRWOV · Jul 17, 2012

W1zzard said:
I use asdfgh and variations on many sites that want me to register for some lame reason and I don't want to give them any hints of my real passwords

I use akjwss (an old Geocities isued password) for the same reason. I must have 30-40 forum accounts with that password (pro tip: my user name for those isn't TRWOV either) :cool:

Mussels · Jul 17, 2012

actually, techpowerup has some cool password theft protection technology.

if you type your password, it appears in plain text to you, and asterisks to everyone else:

Mussels
***********

TRWOV · Jul 17, 2012

wow it's true

TRWOV
******************

theJesus · Jul 17, 2012

Mussels said:
actually, techpowerup has some cool password theft protection technology.

if you type your password, it appears in plain text to you, and asterisks to everyone else:

Mussels
***********

lemme try that:

*********

TRWOV · Jul 17, 2012

I feel safer already :toast:

remixedcat · Jul 17, 2012

the password is:
bellybutton

jigar2speed · Jul 17, 2012

remixedcat said:
the password is:
bellybutton

Thanks i have you now :laugh:

Ikaruga · Jul 17, 2012

Guys, I was talking to someone at Nvidia yesterday, and he told me that the software they use doesn't even has an option to store the passwords in plain md5, and they are all salted. I understand this is something Nvidia would not rush to admit, but do you think it's possible that the pastebin info is fake?

GSquadron · Jul 17, 2012

Really stupid. I was learning today that passwords with sha1 are extremely easy to implement, though they didn't waste money on their website.
And even want to earn millions!

Mussels · Jul 17, 2012

Ikaruga said:
Guys, I was talking to someone at Nvidia yesterday, and he told me that the software they use doesn't even has an option to store the passwords in plain md5, and they are all salted. I understand this is something Nvidia would not rush to admit, but do you think it's possible that the pastebin info is fake?

entirely possible.

Disparia · Jul 17, 2012

The notice is still up: http://www.nvidia.com/content/forums/index.html

If faked, it would have taken less than 5 minutes for nVidia to discredit the hacking. So it's either real and they're investigating how it happened... or it's an nVidia plot to frame Apollo!

TheMailMan78 · Jul 17, 2012

Jizzler said:
The notice is still up: http://www.nvidia.com/content/forums/index.html

If faked, it would have taken less than 5 minutes for nVidia to discredit the hacking. So it's either real and they're investigating how it happened... or it's an nVidia plot to frame Apollo!

Yes I'm sure its a vast conspiracy to frame Team Apollo. I can see it all now. Jen-Hsun dressed up like M. Bison from Street Fighter telling his minions to frame and stop Team Apollo and all their righteous endeavors to bring down evil corporations via the Nvidia forums. MASTER PLAN INDEED.

Aquinus · Jul 17, 2012

Aleksander Dishnica said:
Really stupid. I was learning today that passwords with sha1 are extremely easy to implement, though they didn't waste money on their website.
And even want to earn millions!

They do use a hashing algorithm, but what good is the hash if you're not salting the password. It doesn't take a lot of brute force power for a short password like "foobarpass," you add a salt to make it something like, "supersaltfoobarpasssuperpepper," that is much harder to brute force.

You also don't need to implement SHA1, many languages already have functions or classes and methods that handle hashing.

claylomax · Jul 18, 2012

newtekie1 said:
OMG! That is the combination to my luggage!

Priceless!

Kreij · Jul 18, 2012

Aquinus said:
They do use a hashing algorithm, but what good is the hash if you're not salting the password. It doesn't take a lot of brute force power for a short password like "foobarpass," you add a salt to make it something like, "supersaltfoobarpasssuperpepper," that is much harder to brute force.

That has got to be the worst example of what using a random salt does to a password that I've ever seen. :laugh:

But you are right, Aquinus, salting makes it a lot harder to crack as well as using other things like multiple passes of encryption in combination with salts.

That being said, if you use a strong password and it's not salted, it still will have to be brute forced which is quite time consuming even with very powerful hardware.

Processor	AMD Ryzen 5900X
Motherboard	MSI MAG X570 Tomahawk
Cooling	Dual custom loops
Memory	4x8GB G.SKILL Trident Z Neo 3200C14 B-Die
Video Card(s)	AMD Radeon RX 6800XT Reference
Storage	ADATA SX8200 480GB, Inland Premium 2TB, various HDDs
Display(s)	MSI MAG341CQ
Case	Meshify 2 XL
Audio Device(s)	Schiit Fulla 3
Power Supply	Super Flower Leadex Titanium SE 1000W
Mouse	Glorious Model D
Keyboard	Drop CTRL, lubed and filmed Halo Trues

Processor	Intel Core i7 10850K@5.2GHz
Motherboard	AsRock Z470 Taichi
Cooling	Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory	32GB DDR4-3600
Video Card(s)	RTX 2070 Super
Storage	500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s)	Acer Nitro VG280K 4K 28"
Case	Fractal Design Define S
Audio Device(s)	Onboard is good enough for me
Power Supply	eVGA SuperNOVA 1000w G3
Software	Windows 10 Pro x64

System Name	Dark Stealth
Processor	Ryzen 5 5600x
Motherboard	Gigabyte B450M Gaming rev 1.0
Cooling	Snowman, arctic p12 x2 fans
Memory	16x2 DDR4 Corsair Dominator Pro
Video Card(s)	3080 10gb
Storage	2TB NVME PCIE 4.0 Crucial P3 Plus, 1TB Crucial MX500 SSD, 4TB WD RED HDD
Display(s)	HP Omen 34c (34" monitor 3440x1440 165Hz VA panel)
Case	Zalman S2
Power Supply	Corsair 750TX
Mouse	Logitech pro superlight, mx mouse s3, Razer Basiliskx with battery
Keyboard	Custom mechanical keyboard tm680
Software	Windows 11
Benchmark Scores	70-80 fps 3440x1440 on cyberpunk 2077 max settings

Processor	AMD Ryzen 5 1600X
Motherboard	AsRock X370 Taichi
Cooling	Corsair H60 Liquid Cooling
Memory	16 GB CORSAIR Vengeance LPX 3000 Mhz (Running at 2933)
Video Card(s)	EVGA FTW2 GTX 1070Ti
Storage	740GB of SSDs, 7 TB's of HDDs
Display(s)	LG 27UD58P-B 27” IPS 4K
Case	Phanteks Enthos Pro M
Audio Device(s)	Integrated
Power Supply	EVGA 750 P2
Mouse	Mionix Naos 8200
Keyboard	G Skill Ripjaws RGB Mechanical Keyboard
Software	Windows 10 Pro

System Name	TheMailbox 5.0 / The Mailbox 4.5
Processor	RYZEN 1700X / Intel i7 2600k @ 4.2GHz
Motherboard	Fatal1ty X370 Gaming K4 / Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling	MasterLiquid PRO 280 / Scythe Katana 4
Memory	ADATA RGB 16GB DDR4 2666 16-16-16-39 / G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s)	MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz / ASUS 780ti
Storage	256Gb M4 SSD / 128Gb Agelity 4 SSD , 500Gb WD (7200)
Display(s)	LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080 / Dell 27"
Case	Cooler Master MASTERBOX 5t / Cooler Master 922 HAF
Audio Device(s)	Realtek ALC1220 Audio Codec / SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply	Seasonic FOCUS Plus Series SSR-750PX 750W Platinum / SeaSonic X Series X650 Gold
Mouse	SteelSeries Sensei (RAW) / Logitech G5
Keyboard	Razer BlackWidow / Logitech (Unknown)
Software	Windows 10 Pro (64-bit)
Benchmark Scores	Benching is for bitches.

NVIDIA Forums Hack: Passwords Not Salted

Oberon

newtekie1

Semi-Retired Folder

GSquadron

tacosRcool

TheMailMan78

Big Member

KissSh0t

Disruptor4

theJesus

Disruptor4

KissSh0t

TRWOV

Mussels

Freshwater Moderator

TRWOV

theJesus

TRWOV

remixedcat

jigar2speed

Ikaruga

GSquadron

Mussels

Freshwater Moderator

Disparia

TheMailMan78

Big Member

Aquinus

Resident Wat-man

claylomax

Kreij

Senior Monkey Moderator

System Name	Uh, my build?
Processor	Intel Core i7 3770k 3.5GHz (3.9GHz turbo)
Motherboard	Gigabyte Z77X-UD5H (F8 BIOS)
Cooling	Coolermaster Hyper 212 Evo
Memory	G.Skill 8GB DDR3 1600MHz CL9
Video Card(s)	Gigabyte Radeon HD7970 3GB 1GHz Core/5.5GHz Memory
Storage	SanDisk Extreme Pro 960GB & 2TB WD Black & 1TB WD Green
Display(s)	1x Samsung 23" Syncmaster P2350 1x LG 23"
Case	Coolermaster HAF X
Audio Device(s)	Onboard now since store didn't RMA properly
Power Supply	Corsair HX 850W
Software	Win 10 Pro 64bit
Benchmark Scores	3DMark 11 - P8456 - http://3dmark.com/3dm11/3372758

System Name	Desktop\|\| Virtual Host 0
Processor	Intel Core i5 2500-K @ 4.3ghz \|\| 2x Xeon L5630 (total 8 cores, 16 threads)
Motherboard	ASUS P8Z68-V \|\| Dell PowerEdge R710 (Intel 5520 chipset)
Cooling	Corsair Hydro H100 \|\| Stock hotplug fans and passive heatsinks
Memory	4x4gb Corsair Vengeance DDR3 1600 \|\| 12x4gb Hynix DDR3 1066 FB-DIMMs
Video Card(s)	MSI GTX 760 Gaming Twin Frozr 4GB OC \|\| Don't know, don't care
Storage	Hitachi 7K3000 2TB \|\| 6x300gb 15k rpm SAS internal hotswap, 12x3tb Seagate NAS drives in enclosure
Display(s)	ViewSonic VA2349S \|\| remote iDRAC KVM console
Case	Antec P280 \|\| Dell PowerEdge R710
Audio Device(s)	HRT MusicStreamer II+ and Focusrite Scarlett 18i8 \|\| Don't know, don't care
Power Supply	SeaSonic X650 Gold \|\| 2x870w hot-swappable
Mouse	Logitech G500 \|\| remote iDRAC KVM console
Keyboard	Logitech G510 \|\| remote iDRAC KVM console
Software	Win7 Ultimate x64 \|\| VMware vSphere 6.0 with vCenter Server 6.0
Benchmark Scores	Over 9000 on the scouter

System Name	Dell-y Driver
Processor	Core i5-10400
Motherboard	Asrock H410M-HVS
Cooling	Intel 95w stock cooler
Memory	2x8 A-DATA 2999Mhz DDR4
Video Card(s)	UHD 630
Storage	1TB WD Green M.2 - 4TB Seagate Barracuda
Display(s)	Asus PA248 1920x1200 IPS
Case	Dell Vostro 270S case
Audio Device(s)	Onboard
Power Supply	Dell 220w
Software	Windows 10 64bit

System Name	Rainbow Sparkles (Power efficient, <350W gaming load)
Processor	Ryzen R7 5800x3D (Undervolted, 4.45GHz all core)
Motherboard	Asus x570-F (BIOS Modded)
Cooling	Alphacool Apex UV - Alphacool Eisblock XPX Aurora + EK Quantum ARGB 3090 w/ active backplate
Memory	2x32GB DDR4 3600 Corsair Vengeance RGB @3866 C18-22-22-22-42 TRFC704 (1.4V Hynix MJR - SoC 1.15V)
Video Card(s)	Galax RTX 3090 SG 24GB: Underclocked to 1700Mhz 0.750v (375W down to 250W))
Storage	2TB WD SN850 NVME + 1TB Sasmsung 970 Pro NVME + 1TB Intel 6000P NVME USB 3.2
Display(s)	Phillips 32 32M1N5800A (4k144), LG 32" (4K60) \| Gigabyte G32QC (2k165) \| Phillips 328m6fjrmb (2K144)
Case	Fractal Design R6
Audio Device(s)	Logitech G560 \| Corsair Void pro RGB \|Blue Yeti mic
Power Supply	Fractal Ion+ 2 860W (Platinum) (This thing is God-tier. Silent and TINY)
Mouse	Logitech G Pro wireless + Steelseries Prisma XL
Keyboard	Razer Huntsman TE ( Sexy white keycaps)
VR HMD	Oculus Rift S + Quest 2
Software	Windows 11 pro x64 (Yes, it's genuinely a good OS) OpenRGB - ditch the branded bloatware!
Benchmark Scores	Nyooom.

System Name	RemixedBeast-NX
Processor	Intel Xeon E5-2690 @ 2.9Ghz (8C/16T)
Motherboard	Dell Inc. 08HPGT (CPU 1)
Cooling	Dell Standard
Memory	24GB ECC
Video Card(s)	Gigabyte Nvidia RTX2060 6GB
Storage	2TB Samsung 860 EVO SSD//2TB WD Black HDD
Display(s)	Samsung SyncMaster P2350 23in @ 1920x1080 + Dell E2013H 20 in @1600x900
Case	Dell Precision T3600 Chassis
Audio Device(s)	Beyerdynamic DT770 Pro 80 // Fiio E7 Amp/DAC
Power Supply	630w Dell T3600 PSU
Mouse	Logitech G700s/G502
Keyboard	Logitech K740
Software	Linux Mint 20
Benchmark Scores	Network: APs: Cisco Meraki MR32, Ubiquiti Unifi AP-AC-LR and Lite Router/Sw:Meraki MX64 MS220-8P

Processor	i5 4670K - @ 4.8GHZ core
Motherboard	MSI Z87 G43
Cooling	Thermalright Ultra-120 *(Modded to fit on this motherboard)
Memory	16GB 2400MHZ
Video Card(s)	HD7970 GHZ edition Sapphire
Storage	Samsung 120GB 850 EVO & 4X 2TB HDD (Seagate)
Display(s)	42" Panasonice LED TV @120Hz
Case	Corsair 200R
Audio Device(s)	Xfi Xtreme Music with Hyper X Core
Power Supply	Cooler Master 700 Watts

Processor	Intel i5-6600
Motherboard	ASRock H170M-ITX
Cooling	Cooler Master Geminii S524
Memory	G.Skill DDR4-2133 16GB (8GB x 2)
Video Card(s)	Gigabyte R9-380X 4GB
Storage	Samsung 950 EVO 250GB (mSATA)
Display(s)	LG 29UM69G-B 2560x1080 IPS
Case	Lian Li PC-Q25
Audio Device(s)	Realtek ALC892
Power Supply	Seasonic SS-460FL2
Mouse	Logitech G700s
Keyboard	Logitech G110
Software	Windows 10 Pro

System Name	Apollo
Processor	Intel Core i9 9880H
Motherboard	Some proprietary Apple thing.
Memory	64GB DDR4-2667
Video Card(s)	AMD Radeon Pro 5600M, 8GB HBM2
Storage	1TB Apple NVMe, 4TB External
Display(s)	Laptop @ 3072x1920 + 2x LG 5k Ultrafine TB3 displays
Case	MacBook Pro (16", 2019)
Audio Device(s)	AirPods Pro, Sennheiser HD 380s w/ FIIO Alpen 2, or Logitech 2.1 Speakers
Power Supply	96w Power Adapter
Mouse	Logitech MX Master 3
Keyboard	Logitech G915, GL Clicky
Software	MacOS 12.1

System Name	Jaspe
Processor	Ryzen 1500X
Motherboard	Asus ROG Strix X370-F Gaming
Cooling	Stock
Memory	16Gb Corsair 3000mhz
Video Card(s)	EVGA GTS 450
Storage	Crucial M500
Display(s)	Philips 1080 24'
Case	NZXT
Audio Device(s)	Onboard
Power Supply	Enermax 425W
Software	Windows 10 Pro