OT - Password Cracking
- From: "K Miller" <i09172@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 7 Jun 2012 08:06:15 -0700
Hey there, mr horne. As we weere discussing a while back - here's the
results of some recent password cracking:
"Hackers crack more than 60% of breached LinkedIn passwords
More than 60% of the unique hashed passwords that were accessed by hackers
from a LinkedIn password database and posted online this week have already
been cracked, according to security firm Sophos.
It's very likely the remaining passwords have also been cracked, said
security researcher Chester Wisniewski late Wednesday.
In all, a total of 6.5 million hashed password believed to belong to
LinkedIn members was posted on a Russian hacker forum earlier this week. The
crooks posted the data in an effort to get help in cracking the passwords.
Sophos said it identified about 5.8 million hashed passwords as unique.
Based on an analysis of the 118MB password dump, Wisniewski said close to
3.5 million of the unique passwords had been cracked and made available in
plain text by late last night. It's only a matter of time before the
remaining passwords are similarly cracked using automated password guessing
tools, he added.
The speed at which so many hashed passwords were cracked underscores the
weakness of the passwords protection scheme used by LinkedIn, Wisniewski
The breached LinkedIn member passwords were all hashed, or masked, using a
hashing protocol known as SHA-1.
Though SHA-1 offers a degree of protection against password cracking
attempts, the protocol is by no means foolproof.
Therefore, many organizations theses day use a process known as salting --
where a random string of characters are appended to a password before it is
hashed-- to make password cracking much harder. The process ensures that
even if two passwords are identical, their hashes will be unique.
Salting is considered something of a best practice for protecting passwords,
especially those used by employees of large companies.
That LinkedIn apparently chose to protect passwords using just SHA-1 is
disappointing, Wisniewski said. "They chose a moderate security method. For
an organization as large as LinkedIn, I would expect better," he said. "
- Prev by Date: Re: Elvis has left Arizona - a trip report of sorts
- Next by Date: Re: OT: Passports
- Previous by thread: US elections being sponsored by terrorist organisation , RK
- Next by thread: Re: OT - Password Cracking