Dear Linkedin,

• Previous message (by thread): Dear Linkedin,
• Next message (by thread): Dear Linkedin,
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 10 Jun 2012 08:24:41 -0700, Joel jaeggli said:
> > I don't disagree, except regarding dictionary attacks.  If the attack
> > isn't random then math based on random events doesn't apply.  In the
> > case of a purely dictionary attack if you choose a non-dictionary
> > word and you are 100.000% safe.  :)
>
> the search space for 6 8 10 character passwords is entirely too small...

Saw this over on Full-Disclosure.  I'd love to know what inspired the HashCat software
to *try* those 2 40-character passwords that broke...

Subject: [Full-disclosure] Some stats about broken Linkedin passwds
From: Georgi Guninski <guninski at guninski.com>
Date: Sun, 10 Jun 2012 17:55:10 +0300
To: full-disclosure at lists.grok.org.uk

Stumbled upon this:
http://pastebin.com/5pjjgbMt
=======
LinkedIn Leaked hashes password statistics (@StefanVenken)

Based on the leaked 6.5 Million hashes,
1.354.946 were recovered within a few hours time with HashCat / Jtr and publicly found wordlists on a customer grade laptop.

This report was created with pipal from @Digininja
========

Ironically they broke some 40 chars pwd.

Another list that contains seemingly non-dictionary pwds is at:

http://pastebin.com/JmtNxcnB


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120610/769f6a30/attachment.sig>

• Previous message (by thread): Dear Linkedin,
• Next message (by thread): Dear Linkedin,
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]