Ashley Madison's passwords were badly encrypted, 15 million+ passwords headed for the Web

Originally published at: http://boingboing.net/2015/09/10/ashley-madisons-passwords-we.html

1234 is not a good password, I guess.

2 Likes

All these people on AM trying to get laid and now we’re all fucked.

4 Likes

I’ll bet there’s some real amusing passwords on the list. Won’t it be choice to learn some prominent figure used “11Inches” as his pass?

yes, too short and easily broken

1 Like

Before anyone starts freaking out about bcrypt or Blowfish being broken: The programming errors mentioned are not in those functions, they’re specific to how Ashley Madison handled password hashing and storage. They hashed them with (the very broken) MD5, which left them vulnerable to brute forcing in a way that bcrypt by itself would not have. Source.

1 Like

Like the article says, it was like locking your vault and putting the key on an envelope besides it…

(Or writting your superstrong password on a post-it)

Cynosure Prime is a literary reference. and I’m not sure it’s all that highbrow.

This topic was automatically closed after 5 days. New replies are no longer allowed.