[Cryptography] millions of Ashley Madison bcrypt hashes cracked efficiently
bear at sonic.net
Fri Sep 11 01:16:39 EDT 2015
On 09/10/2015 09:42 PM, Tony Arcieri wrote:
> tl;dr: they cracked MD5 digests instead. The MD5 version was downcased.
> Once recovering the downcased password, they recovered the case sensitive
> version by brute forcing all possible case variants against the bcrypt
They've cracked 11.2 million accounts "so far". I'm completely stunned
that Ashley Madison had 11.2 million accounts in the first place, and
that counts only those who had signed up *before* they switched to more
secure methodology. That would be approximately one for every 30
people in the US, and Ghu alone knows how many new accounts since
then and how many more insecure accounts remain to be cracked. I
just didn't imagine that such a skeevy "service" would attract so
I guess I haven't been reading the news closely enough; I've been
treating it as 'ho hum more of the same.' But I guess it has the
scale to be significant after all.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the cryptography