|
Message-ID: <CAGKxTUT7c3t3MLKKJOZQjWqo+Up84eu7QbhbzE4k_LP22fWTZQ@mail.gmail.com> Date: Fri, 11 Sep 2015 08:14:07 +1000 From: Christian Heinrich <christian.heinrich@...h.id.au> To: john-users@...ts.openwall.com Subject: Re: Anyone looked at the Ashley Madison data yet? Alexander, "In the 10 percent of cases where the recovered password doesn't match the bcrypt hash, CynoSure Prime members run case-modified changes to the recovered password. For instance, assuming the recovered password was "tworocks1" and it doesn't match the corresponding bcrypt hash, the crackers will try "Tworocks1", "tWorocks1", "TWorocks1", and so on until the case-modified guess generates the same bcrypt hash" is quoted from the ArsTechnica article. Also, the two algorithims have been added to release v1.42 of https://hashes.org/mdxfind.php as MD5AM and MD5AM2. On Thu, Sep 10, 2015 at 9:30 PM, Solar Designer <solar@...nwall.com> wrote: > On Wed, Sep 02, 2015 at 11:40:18PM -0500, JimF wrote: >> My goal is to get to 10% (3.6 million), then 15%, then 20%. > > 11,279,199 cracked: > > http://cynosureprime.blogspot.com/2015/09/how-we-cracked-millions-of-ashley.html > http://arstechnica.com/security/2015/09/once-seen-as-bulletproof-11-million-ashley-madison-passwords-already-cracked/ > > Alexander -- Regards, Christian Heinrich http://cmlh.id.au/contact
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.