Nmap Development mailing list archives
Re: Gawker hacked: Another trove of password data
From: Matthew Finkel <matthew.finkel () gmail com>
Date: Tue, 14 Dec 2010 00:50:34 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/13/2010 08:15 PM, Brandon Enright wrote:
Just as a follow-up note, even though they are using bcrypt() as well as crypt(), every account that has a bcrypt() hash also has a crypt() hash. Of course this is as dumb as Microsoft's choice to store LM and NTLM hashes at the same time. There are 748081 users with crypt() hashes and 195178 of those also have bcrypt() hashes. With crypt(), there's a chance we'll crack enough of these to use them for password statistics. Brandon
I can help with a (small) portion of the crypt list, If you'd like some help. - -Matt -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNBwWqAAoJEMeo5KNiP3z1y0YH/iDjazNed1KxG6B4XbmpUPpY u7v/z6p01bplfNFLhIfMtjI/ch5Q5E9ImFLaUenEmMNfXVyHwi+aaucfTfIxriy9 nutre+uuAIfHZ1541tXDrs90Ddh5WqcEFW4ej6SXTpI5KKj9ftoZCi0BktZyOolP AfVMwALhNQj0nFNbMKumQ9LvMl0H8sgF4t0FzJ4TtXJt+8m+P54/6KaCDE3REZSF e9WOFFt8DBJL5aQSYe/4Oo3gs63+4j6smfMHx3h6oC/hq/QfcYCEvL9pfNlb7Mkh OMF6bC7lfNVB7HC+r5dfWuYbnxGyOxRwlY4m8mxQg6MyRsh+9SWUrj67YTMrApY= =4SIM -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Gawker hacked: Another trove of password data Fyodor (Dec 12)
- Re: Gawker hacked: Another trove of password data Brandon Enright (Dec 12)
- Re: Gawker hacked: Another trove of password data Brandon Enright (Dec 13)
- Re: Gawker hacked: Another trove of password data Matthew Finkel (Dec 13)
- Re: Gawker hacked: Another trove of password data Henri Doreau (Dec 16)
- Re: Gawker hacked: Another trove of password data TeĆ³filo Couto (Dec 16)
- Re: Gawker hacked: Another trove of password data Brandon Enright (Dec 13)
- Re: Gawker hacked: Another trove of password data Brandon Enright (Dec 12)
- Re: Gawker hacked: Another trove of password data Brandon Enright (Dec 16)
- Re: Gawker hacked: Another trove of password data Florian Roth (Dec 17)
- Re: Gawker hacked: Another trove of password data Brandon Enright (Dec 17)