Users of the Ashley Madison website often used their username and password, so researchers have discovered. The group of researchers called Cynosure Prime showed last week that by some programming errors crack the password hashes of Ashley Madison are simple. At the hack of the cheaters website approximately 36 million password hashes were stolen.
Hashes to ensure that the user passwords are not immediately visible to an attacker in case the website is hacked. Ashley Madison used before a strong hashing algorithm, but by various programming errors hashes prove yet easy to crack. The researchers have cracked 11.7 million password hashes.
It shows that mainly weak and insecure passwords were used. So there were three million passwords of six characters and there were slightly less than 3 million, which consisted of eight males kara. The shortest password was cracked one character long. Nearly 10 million passwords only consisted of small letters or lowercase letters and numbers.
User Name
The researchers were also curious how many users are using their username and password. A total of 630 000 passwords were found that matched the user name. The investigators noted that the actual number is higher as possible, since there are obvious only obvious mutations were used. If there was more combinations of uppercase and lowercase letters sought was the true number is likely higher. The researchers argue that these passwords could be cracked too easily without programming errors found.
Striking Passwords
Instead of publishing a list of the Top 10 most common passwords, the researchers decided to create a collection of distinctive passwords. It is about passwords as allthegoodpasswordshavegone ',' youwillneverfindout ',' everynameitriedwastaken ',' goodguydoingthewrongthing ',' thisisagoodpassword 'and' correct horse battery staple ", known from the xkcd strip.
No comments:
Post a Comment