SR2 DB Analysis - No duplicated passwords

I've been running over the supposed SR2 leak, comparing what the leaker gave us against other well-known leaks.

The leaker said that SR2 used the following hash method: sha1( salt, password). Without the salt, we won't be able to verify our accounts. But we can look for patterns in the hashes. What I found is that there are no duplicated passwords in the 10% released leak. This doesn't necessarily mean that the leak is fake, but it is suspicious.

This is not meant to be conclusive as to whether or not the leak is fake, just a point to consider before participating in this auction.


Comments


[2 Points] brand0x:

476,122 users in total, 47,532 released, not a single dupe. I'm getting stats about other leaks


[2 Points] sr_doug:

Sorry about that. I've updated the post accordingly.

EDIT: While rushing this post I neglected to include the fact that UIDs are included in the hashing process as additional salt.

https://bitcointalk.org/index.php?topic=952177.msg10447311#msg10447311

The database is authentic. I have been releasing tidbits to help confirm with people (see my post history) and will continue to do so. Please also read gwern's post at https://bitcointalk.org/index.php?topic=952177.msg10450148#msg10450148 and my response to it.


[1 Points] pinkpanther227:

How many accounts were in that leak? Maybe the amount was too small.


[1 Points] dn_vendor:

I used the same passwords for a large number of the accounts I had both buyer and vendor (see my other post here).

I'm calling bullshit, rolling a fucking blunt, and going to bed.

I suggest anyone that is even the remotely concerned about this should do the same with their preferred drug.