| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <18146.1383332457@critter.freebsd.dk> Date: Fri, 01 Nov 2013 19:00:57 +0000 From: "Poul-Henning Kamp" <phk@....freebsd.dk> To: Tony Arcieri <bascule@...il.com> cc: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: Re: [PHC] Adobe stored 130 million passwords using 3DES/ECB mode In message <CAHOTMVK5CJOTKwO3ijLMz8AF9e7W-hMJsw57YMhktwxrQeLfsQ@...l.gmail.com> , Tony Arcieri writes: >--089e010d9730b1266f04ea2205af >Content-Type: text/plain; charset=ISO-8859-1 > >On Fri, Nov 1, 2013 at 11:44 AM, Poul-Henning Kamp <phk@....freebsd.dk>wrote: > >> Has anybody been able to find out what hash they used ? > >They weren't hashing the passwords. They were using reversible encryption >with 3DES in ECB mode ohh... I read it as the 3DES was for transfer purposes of the (I assumed) hashed passwords... <facepalm/> -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@...eBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Powered by blists - more mailing lists