Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 7 Jun 2012 15:44:12 +0400
From: "Elijah [W&P]" <smarteam.support@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: JtR to process the LinkedIn hash dump

interesting findings from the internet:

grep `echo -n l1nked0ut | shasum | cut -c6-40` combo_not.txt

    000000afef5f2ba94b104126d04db1837f423816
    e7bf10afef5f2ba94b104126d04db1837f423816

so it is very likely that there are hashes listed both in their original
state and with zeroes

$ cat combo_not.txt |cut -c7-40 |sort |dups |wc -l
  670781

and those couples occupy around 10% of the file

my guess there were at least two cracking attempts made (by the same person
or by different people) and after that the results were combined and
deduped (but the 00000-modification was made before combining what lead to
this situation)

On 7 June 2012 11:33, Frank Dittrich <frank_dittrich@...mail.com> wrote:

> On 06/07/2012 09:30 AM, Frank Dittrich wrote:
> > Even the rockyou list without any mangling rules cracked 93 hashes out
> > of those not beginning with '00000'.
> > This suggests, that prior to releasing the uncracked hashes, just
> > ascii-only rainbow tables have been used.
>
> I forgot to mention that those 93 passwords contained non-ascii characters.
>
> Frank
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.