[Cryptography] millions of Ashley Madison bcrypt hashes cracked efficiently
Tom Mitchell
mitch at niftyegg.com
Fri Sep 11 19:30:14 EDT 2015
On Fri, Sep 11, 2015 at 2:06 PM, John Kelsey <crypto.jmk at gmail.com> wrote:
> I wonder how that ratio (90%+ of the women there were fake) compares with
> other dating sites. My uninformed guess is that it's probably comparable
> to other sites.
three in 10,000 were real if these guys are correct:
http://www.independent.co.uk/life-style/gadgets-and-tech/news/ashley-madison-hack-just-three-in-every-10000-female-accounts-on-infidelity-website-are-real-10475310.html
Knowing the real from the invented accounts is interesting in the context
of a class
action. Converting abandoned accounts to live accounts by recovering a
pass word
and updating the profile to have a valid enough contact could collect free
cans of tuna.
<http://www.metzdowd.com/mailman/listinfo/cryptography>
Apparently insiders made many invented accounts early on, I doubt the
password generator used was very inventive.
That might further assist the cracking and sorting the real from the
invented.
http://www.independent.co.uk/news/ashley-madison-hack-former-employee-claims-she-made-hundreds-of-fake-alluring-female-profiles-as-millionpound-lawsuits-launched-10466900.html
WP has been updated
https://en.wikipedia.org/wiki/Ashley_Madison
This attack on accounts and cracking what might have a worthy security
model is a lesson
for the text books.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150911/df987a2f/attachment.html>
More information about the cryptography
mailing list