Slashdot Mirror


Lessons Learned From Cracking 2M LinkedIn Passwords

An anonymous reader writes "Qualys researcher Francois Pesce used open source password cracker John the Ripper to try to crack SHA-1 hashes of leaked LinkedIn passwords. He ran the John the Ripper default command on a small default password dictionary of less than 4,000 words. The program then switched to incremental mode based on statistical analysis of known password structures, which generated more probable passwords. The results? After 4 hours, approximately 900,000 passwords had been cracked. Francois then ran numerous iterations, incorporating older dictionaries to uncover less common passwords and ended up cracking a total of 2,000,000 passwords."

4 of 198 comments (clear)

  1. Did he crack any random passphrases? by khendron · · Score: 4, Funny

    Like "correct horse battery staple"?

    --
    Life is like a web application. Sometime you need cookies just to get by.
  2. slashdot by rapiddescent · · Score: 5, Funny

    own up, who used the password slashdot - 0000003627a75d6c96a3d965247584a78779bc3d

  3. Re:Do not use standard passwords by RenderSeven · · Score: 5, Funny

    What an excellent opportunity! I just told everybody on my LinkedIn account what I *really* thought of them, waited an hour, and told them all my password was hacked. Good times, good times.

  4. Re:Do not use standard passwords by hoggoth · · Score: 4, Funny

    Yeah, me too. I told my brother that stealing my girlfriend in the 8th grade was a shitty thing to do and he should stop getting drunk in bars. Then an hour later I told him my account was hacked and that wasn't me who wrote that.

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)