Many salts: 20465K c/s real, 2562K c/s virtual This puppy can crank out a decent number of cracks/second: b0x ~ # john -testīenchmarking: Traditional DES. I ran our cracking session on a 8-core Xeon box: b0x ~ # uname -a If possible, I'd highly recommend using the available patches for JtR, allowing the parallelization of the cracking process using OpenMP. The defacto tool for cracking password hashes is John the Ripper (also known as JtR), written by Solar Designer.
Gawker because internet we cranks now cracked#
Attackers will undoubtedly be testing the cracked passwords against both personal and corporate services such as email accounts, online banking sites, VPN remote access logins.Īs it's not very often that we get a glimpse into the human psychology of password selection, let's dig deeper into the password dump! John the Ripper Services that lack a strong secondary authentication and host users who are sharing passwords (which, let's be honest, most users probably do) face the greatest risk. While users may not care about an attacker having access to their Gawker account, the danger of password sharing across websites and services poses a much bigger threat. While this dump is not nearly on the scale of the RockYou incident, it is certainly a serious exposure.Īs a two-factor authentication provider, situations like the Gawker hack are key illustrations of why strong auth is a necessity. The hacker group Gnosis posted a torrent containing a full dump of Gawker's source code as well as the entire user database consisting of ~1.3 million usernames, email addresses, and DES-based crypt(3) password hashes. If you haven't heard yet, the Gawker Media network, which includes popular websites such as Lifehacker, Gizmodo, Jezebel, io9, Jalopnik, Kotaku, Deadspin, Fleshbot, and of course Gawker, was compromised yesterday.
Gawker because internet we cranks now update#
UPDATE 3: Due to popular demand, we've posted the top 250 most common cracked passwords. UPDATE 2: We've launched a site that allows you to easily check if your username or email address was included in the Gawker password dump: UPDATE 1: We've updated our analysis with approximately 200k additional cracked passwords. Duo labs DecemJon Oberheide Brief Analysis of the Gawker Password Dump
0 kommentar(er)
