Ashley Madison's passwords were badly encrypted, 15 million+ passwords headed for the Web

doctorow · September 10, 2015, 4:45pm

Originally published at: http://boingboing.net/2015/09/10/ashley-madisons-passwords-we.html
…

Papasan · September 10, 2015, 4:56pm

1234 is not a good password, I guess.

anon81034786 · September 10, 2015, 5:13pm

All these people on AM trying to get laid and now we’re all fucked.

Boundegar · September 10, 2015, 5:29pm

I’ll bet there’s some real amusing passwords on the list. Won’t it be choice to learn some prominent figure used “11Inches” as his pass?

renke · September 10, 2015, 7:47pm

yes, too short and easily broken

L_Mariachi · September 11, 2015, 12:08am

Before anyone starts freaking out about bcrypt or Blowfish being broken: The programming errors mentioned are not in those functions, they’re specific to how Ashley Madison handled password hashing and storage. They hashed them with (the very broken) MD5, which left them vulnerable to brute forcing in a way that bcrypt by itself would not have. Source.

Sigmund · September 11, 2015, 1:45pm

Like the article says, it was like locking your vault and putting the key on an envelope besides it…

(Or writting your superstrong password on a post-it)

jerwin · September 11, 2015, 1:59pm

Cynosure Prime is a literary reference. and I’m not sure it’s all that highbrow.

doctorow · September 15, 2015, 4:46pm

This topic was automatically closed after 5 days. New replies are no longer allowed.

Topic		Replies	Views
Ashley Madison users chose passwords like "whyareyoudoingthis" boing	5	1740	September 19, 2015
Worst passwords boing	24	10166	December 13, 2013
2015's worst password was 123456 boing	35	3551	January 25, 2016
Plaintext passwords galore in huge AdultFriendFinder hack boing	18	2568	November 18, 2016
Russian hackers steal 1.2 billion usernames, passwords: are you affected? boing	41	3969	August 11, 2014

Ashley Madison's passwords were badly encrypted, 15 million+ passwords headed for the Web

Related Topics