Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 11 Sep 2015 08:14:07 +1000
From: Christian Heinrich <christian.heinrich@...h.id.au>
To: john-users@...ts.openwall.com
Subject: Re: Anyone looked at the Ashley Madison data yet?

Alexander,

"In the 10 percent of cases where the recovered password doesn't match
the bcrypt hash, CynoSure Prime members run case-modified changes to
the recovered password. For instance, assuming the recovered password
was "tworocks1" and it doesn't match the corresponding bcrypt hash,
the crackers will try "Tworocks1", "tWorocks1", "TWorocks1", and so on
until the case-modified guess generates the same bcrypt hash" is
quoted from the ArsTechnica article.

Also, the two algorithims have been added to release v1.42 of
https://hashes.org/mdxfind.php as MD5AM and MD5AM2.

On Thu, Sep 10, 2015 at 9:30 PM, Solar Designer <solar@...nwall.com> wrote:
> On Wed, Sep 02, 2015 at 11:40:18PM -0500, JimF wrote:
>> My goal is to get to 10% (3.6 million), then 15%, then 20%.
>
> 11,279,199 cracked:
>
> http://cynosureprime.blogspot.com/2015/09/how-we-cracked-millions-of-ashley.html
> http://arstechnica.com/security/2015/09/once-seen-as-bulletproof-11-million-ashley-madison-passwords-already-cracked/
>
> Alexander



-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.