| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 2 Nov 2013 10:23:12 +0100 From: Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Adobe stored 130 million passwords using 3DES/ECB mode Any link to the database of encrypted passwords? Wondering what padding method they used... On Fri, Nov 1, 2013 at 8:00 PM, Poul-Henning Kamp <phk@....freebsd.dk> wrote: > In message <CAHOTMVK5CJOTKwO3ijLMz8AF9e7W-hMJsw57YMhktwxrQeLfsQ@...l.gmail.com> > , Tony Arcieri writes: >>--089e010d9730b1266f04ea2205af >>Content-Type: text/plain; charset=ISO-8859-1 >> >>On Fri, Nov 1, 2013 at 11:44 AM, Poul-Henning Kamp <phk@....freebsd.dk>wrote: >> >>> Has anybody been able to find out what hash they used ? >> >>They weren't hashing the passwords. They were using reversible encryption >>with 3DES in ECB mode > > ohh... > > I read it as the 3DES was for transfer purposes of the (I assumed) > hashed passwords... > > <facepalm/> > > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@...eBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence.
Powered by blists - more mailing lists