lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 2 Nov 2013 11:24:36 +0100
From: Per Thorsheim <per@...rsheim.net>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Adobe stored 130 million passwords using 3DES/ECB mode

If you haven't got the datadump yet, I've got it.

Best regards,
Per Thorsheim
CISA, CISM, CISSP-ISSAP
http://securitynirvana.blogspot.com/
+47 90999259


> Den 2. nov. 2013 kl. 10:23 skrev Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com>:
> 
> Any link to the database of encrypted passwords?
> 
> Wondering what padding method they used...
> 
>> On Fri, Nov 1, 2013 at 8:00 PM, Poul-Henning Kamp <phk@....freebsd.dk> wrote:
>> In message <CAHOTMVK5CJOTKwO3ijLMz8AF9e7W-hMJsw57YMhktwxrQeLfsQ@...l.gmail.com>
>> , Tony Arcieri writes:
>>> --089e010d9730b1266f04ea2205af
>>> Content-Type: text/plain; charset=ISO-8859-1
>>> 
>>> On Fri, Nov 1, 2013 at 11:44 AM, Poul-Henning Kamp <phk@....freebsd.dk>wrote:
>>> 
>>>> Has anybody been able to find out what hash they used ?
>>> 
>>> They weren't hashing the passwords. They were using reversible encryption
>>> with 3DES in ECB mode
>> 
>> ohh...
>> 
>> I read it as the 3DES was for transfer purposes of the (I assumed)
>> hashed passwords...
>> 
>> <facepalm/>
>> 
>> 
>> --
>> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
>> phk@...eBSD.ORG         | TCP/IP since RFC 956
>> FreeBSD committer       | BSD since 4.3-tahoe
>> Never attribute to malice what can adequately be explained by incompetence.

Powered by blists - more mailing lists