[153669] in North American Network Operators' Group
Re: Dear Linkedin,
daemon@ATHENA.MIT.EDU (valdis.kletnieks@vt.edu)
Sun Jun 10 11:33:05 2012
To: Joel jaeggli <joelja@bogus.com>
In-Reply-To: Your message of "Sun, 10 Jun 2012 08:24:41 -0700."
<4FD4BC39.5070100@bogus.com>
From: valdis.kletnieks@vt.edu
Date: Sun, 10 Jun 2012 11:31:53 -0400
Cc: John Souvestre <johns@sstar.com>, nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1339342313_2046P
Content-Type: text/plain; charset=us-ascii
On Sun, 10 Jun 2012 08:24:41 -0700, Joel jaeggli said:
> > I don't disagree, except regarding dictionary attacks. If the attack
> > isn't random then math based on random events doesn't apply. In the
> > case of a purely dictionary attack if you choose a non-dictionary
> > word and you are 100.000% safe. :)
>
> the search space for 6 8 10 character passwords is entirely too small...
Saw this over on Full-Disclosure. I'd love to know what inspired the HashCat software
to *try* those 2 40-character passwords that broke...
Subject: [Full-disclosure] Some stats about broken Linkedin passwds
From: Georgi Guninski <guninski@guninski.com>
Date: Sun, 10 Jun 2012 17:55:10 +0300
To: full-disclosure@lists.grok.org.uk
Stumbled upon this:
http://pastebin.com/5pjjgbMt
=======
LinkedIn Leaked hashes password statistics (@StefanVenken)
Based on the leaked 6.5 Million hashes,
1.354.946 were recovered within a few hours time with HashCat / Jtr and publicly found wordlists on a customer grade laptop.
This report was created with pipal from @Digininja
========
Ironically they broke some 40 chars pwd.
Another list that contains seemingly non-dictionary pwds is at:
http://pastebin.com/JmtNxcnB
--==_Exmh_1339342313_2046P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBT9S96QdmEQWDXROgAQJ1MQ/8DfJcCyl2lLrQMs3sRRxQi4p41WOH+Sng
2q/kqxdPTpgHkmQ8kswlYOrDo5PAIs3CIHgMQOsbn644D9H0DnzZSfOFrTK+liWO
UtQ5e1T2UVWUqVzfBM1U5JLsSVp8wuw0qHFuuKiZ3Ac13dlMNZoKrwj4sgrj0GXB
Qeaa+hcjddOXUXvZjMsnERiR86X6rYBtFmP5z7te7YFw+eB2MoDGIiyiW10JWdjP
hIeHdc541LawaWExeA+ZqnWMjYMJNFhFi6q8jY07f/dqEj/0NR5DnY9IKVzZG5pS
bldni9YKe3uJ7+WMNRrgdB+Z1Kefut4MTXWFZycF4SYy+L8DGHbBhhmbvI6z6JUI
bI2e4oZjxcAXURSQ3T06goyEMqkB//RfhWO43M9ME0cjZEvPBFEC/XfV/Y/+BMK8
M2byIaiKkTCfrH1DOT97AsvqU0/FMjYGb3KWSg+1zxJj/BT3NqIptG0zQqp7KEEg
a0M+ZECeQWXwjI5xeKtUDjCZIts1mXglqJ66V/ZAhWKvc7ooKTil5y08vIPc9G6C
OTqcTzXlQYltOtuCe5wAvAuUeh/yM030ViL4vBJtDTTvsDDf5RvYUQqEQrrNEeJz
We0JGi2kSI4Y7KvdllnEOiLw/vcQrxTLrCBbnC6Nv1v9GAPH5WLWkMVzM3YtPOhG
/zOQSjaYfEA=
=X8Xd
-----END PGP SIGNATURE-----
--==_Exmh_1339342313_2046P--
