Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CANWtx02yWVZz=rG2K65=F83NUNKdQF4NMwNV8mZwh3LmiET7Ng@mail.gmail.com>
Date: Wed, 19 Aug 2015 19:10:29 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Anyone looked at the Ashley Madison data yet?

On Wed, Aug 19, 2015 at 6:33 PM, Solar Designer <solar@...nwall.com> wrote:
> On Wed, Aug 19, 2015 at 05:25:22PM -0500, Jerry Kemp wrote:
>> Wondering if anyone has looked at the Ashley Madison data dump yet?
>>
>> According to this article:
>>
>> <http://arstechnica.com/security/2015/08/data-from-hack-of-ashley-madison-cheater-site-purportedly-dumped-online/>
>>
>> The dump contains 10 Gb of data and passwds are in the bcrypt format.
>
> I haven't looked at the dump, but I tweeted a summary of other tweets:
>
> <solardiz> Ashley Madison is 36.1M bcrypt cost 12 salts so 1 CPU-week/password, says @jmgosney; dozens already cracked with "john -single", says @JokFP
>
> In other words: strong hashes, but many weak passwords.  The weak
> passwords are slowly, but crackable.  The stronger passwords are only
> potentially crackable in a targeted attack (on a specific user), but
> won't likely be cracked in typical mass password dump cracking fun that
> we've seen for other mass password hash leaks.  This one is different.
> It's probably the largest bcrypt hash leak so far.
>
Small sample appeared in twitter:
https://twitter.com/sambowne/status/633754116804620288

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.