Lessons Learned From Cracking 2M LinkedIn Passwords 198
An anonymous reader writes "Qualys researcher Francois Pesce used open source password cracker John the Ripper to try to crack SHA-1 hashes of leaked LinkedIn passwords. He ran the John the Ripper default command on a small default password dictionary of less than 4,000 words. The program then switched to incremental mode based on statistical analysis of known password structures, which generated more probable passwords. The results? After 4 hours, approximately 900,000 passwords had been cracked. Francois then ran numerous iterations, incorporating older dictionaries to uncover less common passwords and ended up cracking a total of 2,000,000 passwords."
Did he crack any random passphrases? (Score:5, Funny)
Like "correct horse battery staple"?
slashdot (Score:5, Funny)
own up, who used the password slashdot - 0000003627a75d6c96a3d965247584a78779bc3d
Opportunity! (Score:2, Funny)
Send me your password and I will verify that
-No one else is using it
-It is safe
BONUS: If you send me your credit card information I will tell if you if it's lucky!
THANKS,
"HAPPY DUDE"
742 EVERGREEN TERRACE
Re:Do not use standard passwords (Score:3, Funny)
The real lesson here is just because your password database is hashed (with or without salt) doesn't mean you should let just whoever download the thing.
Genius. Pure genius. I hope the NSA snaps you right up. It's people like you with keen intellects that can come up with such a conclusion (that no one else has ever even considered) that will save this great nation of ours. Thank you. Thank you.
I'm going to go and change my setup so that my password databases aren't visible to the Internet anymore. It's just incredible. Are you the result of a Mensa genetic engineering experiment or something?
Re:Do not use standard passwords (Score:5, Funny)
What an excellent opportunity! I just told everybody on my LinkedIn account what I *really* thought of them, waited an hour, and told them all my password was hacked. Good times, good times.
Re:Do not use standard passwords (Score:5, Funny)
Yeah, me too. I told my brother that stealing my girlfriend in the 8th grade was a shitty thing to do and he should stop getting drunk in bars. Then an hour later I told him my account was hacked and that wasn't me who wrote that.
Re:Do not use standard passwords (Score:4, Funny)
I heard he left her... (Score:4, Funny)