Lessons Learned From Cracking 2M LinkedIn Passwords

Posted by samzenpus on Monday June 11, 2012 @02:23AM from the listen-to-the-learnings dept.

An anonymous reader writes "Qualys researcher Francois Pesce used open source password cracker John the Ripper to try to crack SHA-1 hashes of leaked LinkedIn passwords. He ran the John the Ripper default command on a small default password dictionary of less than 4,000 words. The program then switched to incremental mode based on statistical analysis of known password structures, which generated more probable passwords. The results? After 4 hours, approximately 900,000 passwords had been cracked. Francois then ran numerous iterations, incorporating older dictionaries to uncover less common passwords and ended up cracking a total of 2,000,000 passwords."

2 of 198 comments (clear)

Min score:

Reason:

Sort:

Do not use standard passwords by Anonymous Coward · 2012-06-11 02:27 · Score: 5, Insightful

Surely this is not news.
Re:Value of a linkedin account by Anonymous Coward · 2012-06-11 02:43 · Score: 5, Insightful

It probably has little value, but the account name is an email address. Many people use the same account/pass combination for multiple sites, including perchance their paypal account. If they manage to pull a few million email/password combos from linkedin, I can guarantee you that some of those combinations will match paypal exactly.