[Cryptography] millions of Ashley Madison bcrypt hashes cracked efficiently

Tom Mitchell mitch at niftyegg.com
Fri Sep 11 19:30:14 EDT 2015

On Fri, Sep 11, 2015 at 2:06 PM, John Kelsey <crypto.jmk at gmail.com> wrote:

> I wonder how that ratio (90%+ of the women there were fake) compares with
> other dating sites.  My uninformed guess is that it's probably comparable
> to other sites.

three in 10,000 were real if these guys are correct:


Knowing the real from the invented accounts is interesting in the context
of a class
action.   Converting abandoned accounts to live accounts by recovering a
pass word
and updating the profile to have a valid enough contact could collect free
cans of tuna.
Apparently insiders made many invented accounts early on, I doubt the
password generator used was very inventive.
That might  further assist the cracking and sorting the real from the


WP has been updated

This attack on accounts and cracking what might have a worthy security
model is a lesson
for the text books.

  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150911/df987a2f/attachment.html>

More information about the cryptography mailing list