[Cryptography] [FORGED] Re: millions of Ashley Madison bcrypt hashes cracked efficiently

Phillip Hallam-Baker phill at hallambaker.com
Sun Sep 13 22:28:32 EDT 2015


On Sun, Sep 13, 2015 at 6:14 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:

> John Kelsey <crypto.jmk at gmail.com> writes:
>
> >I wonder how that ratio (90%+ of the women there were fake) compares with
> >other dating sites.  My uninformed guess is that it's probably comparable
> to
> >other sites.
>
> From a talk a few years ago by someone who worked in security for a major
> dating site, the number of (obviously) fake profiles is actually quite
> small
> because they very actively police the site for scammers.  "Obviously fake"
> means people who sign up, create a fake profile, and then start contacting
> other members to take them off-site.


Yes, but they were taking them off-site TO ASHLEY MADISON. That's where
they got their associate fees from.

So you really can't judge AM fake profiles by the same standards. Nobody
was spamming AM to sign folk up for other sites, they would have to pay for
each contact.

Basically, the site seems to have worked on the same basis as those in-room
porn movies that weren't actual porn because that might get them into
trouble. Collecting $15 from enough mugs trying the wares in the hope of
getting the good stuff was enough to make a pretty pile...


Still, how do we do AM right with cryptography? That should be the thing we
look at!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150913/0c173d5e/attachment.html>


More information about the cryptography mailing list