tag:blogger.com,1999:blog-37798047.post962599705875343185..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: LinkedIn vs. password crackingDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger30125tag:blogger.com,1999:blog-37798047.post-84425325497249522862020-08-28T20:07:17.703-04:002020-08-28T20:07:17.703-04:00This comment has been removed by a blog administrator.No Namehttps://www.blogger.com/profile/14264017069184971911noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-68693450020743093112012-07-21T21:35:51.074-04:002012-07-21T21:35:51.074-04:00I'm up to 2,195,118 total cracked using JtR an...I'm up to 2,195,118 total cracked using JtR and RockYou + rules.nyxgeekhttps://www.blogger.com/profile/15803749397470158939noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-82101940533388661912012-06-18T10:48:19.384-04:002012-06-18T10:48:19.384-04:00No more Updates? Or are the calculations still run...No more Updates? Or are the calculations still running?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-32184660138217281102012-06-13T14:17:02.754-04:002012-06-13T14:17:02.754-04:00Great read, you could have used my PATH script to ...Great read, you could have used my PATH script to help with some automation. My script analyzes the results of a dictionary attack, sorts and generates the hashcat masks and feeds them into hashcat one at a time. http://infosecsee.com if you're interested.f8lerrorhttp://infosecsee.comnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-16767537305196401132012-06-10T16:59:44.440-04:002012-06-10T16:59:44.440-04:00Applying permutation entropy to LinkedIn password-...Applying permutation entropy to LinkedIn password-hash files: <a href="http://goo.gl/hZG8S" rel="nofollow">http://goo.gl/hZG8S</a><br /><br><br />PS:The Scum resource is interesting.Lo Sauerhttps://www.blogger.com/profile/10159332573378419485noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-33042558528164622392012-06-10T01:24:00.965-04:002012-06-10T01:24:00.965-04:00Scum posted 45 million hashes.
http://forum.inside...Scum posted 45 million hashes.<br />http://forum.insidepro.com/viewtopic.php?t=14887Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-14522664402377672682012-06-09T12:06:58.241-04:002012-06-09T12:06:58.241-04:00And some background to Database SQL Injections use...And some background to Database SQL Injections used by Hackers to get to the data: <a href="http://goo.gl/uxvHb" rel="nofollow">http://www.lsauer.com/2012/06/internet-security-sql-injection-attacks.html</a><br><br /><br />Meanwhile Jeremy might get some additional stats out of his processing tasks.Lo Sauerhttps://www.blogger.com/profile/10159332573378419485noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-64584426716998757842012-06-09T10:35:24.376-04:002012-06-09T10:35:24.376-04:00Hehe, nice article!Hehe, nice article!Anonymoushttps://www.blogger.com/profile/02565511201261052503noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-21518943776857977362012-06-09T07:34:30.855-04:002012-06-09T07:34:30.855-04:00@Christian Fuchs
It is something like ((size of a...@Christian Fuchs<br /><br />It is something like ((size of alphabet)^(size of password))/hashs_per_second<br /><br />so it is an exponentially functionAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-10479392073159860872012-06-09T04:31:05.140-04:002012-06-09T04:31:05.140-04:00Nice article, thanks!
For the cracking-capability ...Nice article, thanks!<br />For the cracking-capability graphs, what parameters did you use to generate those? The look at bit extreme... that's why I'm wondering.Anonymoushttps://www.blogger.com/profile/00160766259085512324noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-89750154837968169962012-06-09T03:55:10.849-04:002012-06-09T03:55:10.849-04:00This comment has been removed by the author.Anonymoushttps://www.blogger.com/profile/11336099339134840809noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-3305244288603502002012-06-09T03:48:45.589-04:002012-06-09T03:48:45.589-04:00This comment has been removed by the author.Anonymoushttps://www.blogger.com/profile/11336099339134840809noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-32220180951685684512012-06-09T03:43:11.659-04:002012-06-09T03:43:11.659-04:00This comment has been removed by the author.Anonymoushttps://www.blogger.com/profile/11336099339134840809noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-40891187509614627342012-06-08T16:19:35.146-04:002012-06-08T16:19:35.146-04:00I wrote a script to generate permutations of linke...I wrote a script to generate permutations of linkedin word that can be added to dictionary (<br />you can control the complexity of permutations by extending array)<br /><br />http://pastebin.com/iuXEQa80Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-64687197878887007252012-06-08T15:35:39.939-04:002012-06-08T15:35:39.939-04:00I did a follow up
analysis
http://www.lsauer.c...I did a <b>follow up</b> <br /> <a href="http://www.lsauer.com/2012/06/linkedin-lastfm-eharmony-analysis-of.html" rel="nofollow">analysis</a><br /><br />http://www.lsauer.com/2012/06/linkedin-lastfm-eharmony-analysis-of.htmlLo Sauerhttps://www.blogger.com/profile/10159332573378419485noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-26596711958587378762012-06-08T15:33:11.262-04:002012-06-08T15:33:11.262-04:00This comment has been removed by the author.Lo Sauerhttps://www.blogger.com/profile/10159332573378419485noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-62821567552540389112012-06-08T05:49:50.976-04:002012-06-08T05:49:50.976-04:00@Jeremy Collake,
Raw SHA-256 is about 2.8x slower...@Jeremy Collake,<br /><br />Raw SHA-256 is about 2.8x slower to crack than SHA-1, and raw SHA-512 is about 21x slower than SHA-1.<br /><br />However, the choice of algorithm is only one of the problems. Yes, SHA-1 was a poor choice, but the deeper issues are 1. they used a raw hash, and 2. the hashes were unsalted.<br /><br />Anything less than using a crypt() algorithm with random, unique salts for each password in the database is unacceptable IMO.epixoiphttps://www.blogger.com/profile/02532325931226796404noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-57290959720700743062012-06-08T05:42:01.671-04:002012-06-08T05:42:01.671-04:00This comment has been removed by the author.epixoiphttps://www.blogger.com/profile/02532325931226796404noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-48374157865217006532012-06-08T03:35:06.309-04:002012-06-08T03:35:06.309-04:00Is Possible? Have Fear Of Crack Of LinkdinIs Possible? Have Fear Of Crack Of Linkdincheap hostinghttp://allkeygen.blogspot.innoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-7658611310173780002012-06-08T02:59:17.211-04:002012-06-08T02:59:17.211-04:00I must admit, 50% *already* is faster and more tha...I must admit, 50% *already* is faster and more than I would have guessed. I still say that you have proved the point and nothing further needs be done.<br /><br />I wonder if the site had simply been using at least SHA2-256 (unsalted) how much more time it would have taken, or SHA2-512.Anonymoushttps://www.blogger.com/profile/11336099339134840809noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-45916392918773093362012-06-07T23:35:24.374-04:002012-06-07T23:35:24.374-04:00My cracked password was two antonyms, like Smart%S...My cracked password was two antonyms, like Smart%Stuped, misspelled, not in English, and more than 15 characters long. How did they crack it? With Cain & Abel and foreign dictionaries?<br /><br />What are the real rules for a strong and memorable password? Would four random words work? What about a sentence? They cracked stuff like ilovemyson and iwantanewjob. Would a 20-digit number composed of other numbers be secure?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-4972227960618908002012-06-07T18:39:28.356-04:002012-06-07T18:39:28.356-04:00All your base are belong to us
Joe BuffufnaAll your base are belong to us<br /><br />Joe BuffufnaAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-72738407963682399242012-06-07T13:58:05.986-04:002012-06-07T13:58:05.986-04:00Don't forget rainbow tables.Don't forget <a href="http://regenboog.yellosoft.us/" rel="nofollow">rainbow tables</a>.MCAndrehttps://www.blogger.com/profile/10025555896996100599noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-4097338772706771402012-06-07T09:28:19.333-04:002012-06-07T09:28:19.333-04:00Haha we won new dictionary...I cracked 150.000 wit...Haha we won new dictionary...I cracked 150.000 with inremental john 2 days i'll wait more and i will crack 3.000.000Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-76215809002716888192012-06-07T07:10:49.255-04:002012-06-07T07:10:49.255-04:00having alot of luck with the GAWKER dictionary :)having alot of luck with the GAWKER dictionary :)Anonymousnoreply@blogger.com