Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Gawker hacked: Another trove of password data

From: Matthew Finkel <matthew.finkel () gmail com>
Date: Tue, 14 Dec 2010 00:50:34 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/13/2010 08:15 PM, Brandon Enright wrote:

Just as a follow-up note, even though they are using bcrypt() as
well as crypt(), every account that has a bcrypt() hash also has a
crypt() hash. Of course this is as dumb as Microsoft's choice to
store LM and NTLM hashes at the same time.

There are 748081 users with crypt() hashes and 195178 of those
also have bcrypt() hashes. With crypt(), there's a chance we'll
crack enough of these to use them for password statistics.

Brandon



I can help with a (small) portion of the crypt list, If you'd like
some help.

- -Matt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNBwWqAAoJEMeo5KNiP3z1y0YH/iDjazNed1KxG6B4XbmpUPpY
u7v/z6p01bplfNFLhIfMtjI/ch5Q5E9ImFLaUenEmMNfXVyHwi+aaucfTfIxriy9
nutre+uuAIfHZ1541tXDrs90Ddh5WqcEFW4ej6SXTpI5KKj9ftoZCi0BktZyOolP
AfVMwALhNQj0nFNbMKumQ9LvMl0H8sgF4t0FzJ4TtXJt+8m+P54/6KaCDE3REZSF
e9WOFFt8DBJL5aQSYe/4Oo3gs63+4j6smfMHx3h6oC/hq/QfcYCEvL9pfNlb7Mkh
OMF6bC7lfNVB7HC+r5dfWuYbnxGyOxRwlY4m8mxQg6MyRsh+9SWUrj67YTMrApY=
=4SIM
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: