[Cryptography] millions of Ashley Madison bcrypt hashes cracked efficiently

[Tony Arcieri]

tl;dr: they cracked MD5 digests instead. The MD5 version was downcased.
Once recovering the downcased password, they recovered the case sensitive
version by brute forcing all possible case variants against the bcrypt
digests.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150910/d92cdda6/attachment.html>