lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <89E7D04D-BACE-46CC-8566-6A89B4F76386@thorsheim.net> Date: Sat, 2 Nov 2013 11:24:36 +0100 From: Per Thorsheim <per@...rsheim.net> To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: Re: [PHC] Adobe stored 130 million passwords using 3DES/ECB mode If you haven't got the datadump yet, I've got it. Best regards, Per Thorsheim CISA, CISM, CISSP-ISSAP http://securitynirvana.blogspot.com/ +47 90999259 > Den 2. nov. 2013 kl. 10:23 skrev Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com>: > > Any link to the database of encrypted passwords? > > Wondering what padding method they used... > >> On Fri, Nov 1, 2013 at 8:00 PM, Poul-Henning Kamp <phk@....freebsd.dk> wrote: >> In message <CAHOTMVK5CJOTKwO3ijLMz8AF9e7W-hMJsw57YMhktwxrQeLfsQ@...l.gmail.com> >> , Tony Arcieri writes: >>> --089e010d9730b1266f04ea2205af >>> Content-Type: text/plain; charset=ISO-8859-1 >>> >>> On Fri, Nov 1, 2013 at 11:44 AM, Poul-Henning Kamp <phk@....freebsd.dk>wrote: >>> >>>> Has anybody been able to find out what hash they used ? >>> >>> They weren't hashing the passwords. They were using reversible encryption >>> with 3DES in ECB mode >> >> ohh... >> >> I read it as the 3DES was for transfer purposes of the (I assumed) >> hashed passwords... >> >> <facepalm/> >> >> >> -- >> Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 >> phk@...eBSD.ORG | TCP/IP since RFC 956 >> FreeBSD committer | BSD since 4.3-tahoe >> Never attribute to malice what can adequately be explained by incompetence.
Powered by blists - more mailing lists