[Cryptography] millions of Ashley Madison bcrypt hashes cracked efficiently

Tony Arcieri bascule at gmail.com
Fri Sep 11 00:42:25 EDT 2015

tl;dr: they cracked MD5 digests instead. The MD5 version was downcased.
Once recovering the downcased password, they recovered the case sensitive
version by brute forcing all possible case variants against the bcrypt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150910/d92cdda6/attachment.html>

More information about the cryptography mailing list