[prev in list] [next in list] [prev in thread] [next in thread] 

List:       john-users
Subject:    Re: [john-users] Anyone looked at the Ashley Madison data yet?
From:       Christian Heinrich <christian.heinrich () cmlh ! id ! au>
Date:       2015-09-10 22:14:07
Message-ID: CAGKxTUT7c3t3MLKKJOZQjWqo+Up84eu7QbhbzE4k_LP22fWTZQ () mail ! gmail ! com
[Download RAW message or body]

Alexander,

"In the 10 percent of cases where the recovered password doesn't match
the bcrypt hash, CynoSure Prime members run case-modified changes to
the recovered password. For instance, assuming the recovered password
was "tworocks1" and it doesn't match the corresponding bcrypt hash,
the crackers will try "Tworocks1", "tWorocks1", "TWorocks1", and so on
until the case-modified guess generates the same bcrypt hash" is
quoted from the ArsTechnica article.

Also, the two algorithims have been added to release v1.42 of
https://hashes.org/mdxfind.php as MD5AM and MD5AM2.

On Thu, Sep 10, 2015 at 9:30 PM, Solar Designer <solar@openwall.com> wrote:
> On Wed, Sep 02, 2015 at 11:40:18PM -0500, JimF wrote:
> > My goal is to get to 10% (3.6 million), then 15%, then 20%.
> 
> 11,279,199 cracked:
> 
> http://cynosureprime.blogspot.com/2015/09/how-we-cracked-millions-of-ashley.html
> http://arstechnica.com/security/2015/09/once-seen-as-bulletproof-11-million-ashley-madison-passwords-already-cracked/
>  
> Alexander



-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact


[prev in list] [next in list] [prev in thread] [next in thread]