Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAEo4CeM0PZFKH1E0YU7iH893tbb=35EWTVeAZBoA_cMhx7LwCQ@mail.gmail.com>
Date: Fri, 21 Aug 2015 14:03:02 +0200
From: Albert Veli <albert.veli@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Anyone looked at the Ashley Madison data yet?

Hi,
On Fri, Aug 21, 2015 at 11:11 AM, François <francois.pesce@...il.com> wrote:

> If it wasn't for the horribly slow cost 12 of bcrypt, that leak would
> be an amazing source of analysis for password forging, as it contains
> birthdates (where at least the year seems to be reliable), and
> country/city too.
>

Bcrypt is so slow it is impossible to work with a list that big. But it is
possible to split it into, say 1000 hashes per file. With a short list,
like this:
https://github.com/danielmiessler/SecLists/blob/master/Passwords/top_shortlist.txt
it still takes half an hour to just try these 26 words... And for 36
million hashes, you get 36000 files with 1000 hashes in each. I get dizzy
just thinking about the amount of work it would take to just try the
shortlist.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.