Ashley Madison's passwords were badly encrypted, 15 million+ passwords headed for the Web


#1

Originally published at: http://boingboing.net/2015/09/10/ashley-madisons-passwords-we.html


#2

1234 is not a good password, I guess.


#3

All these people on AM trying to get laid and now we’re all fucked.


#4

I’ll bet there’s some real amusing passwords on the list. Won’t it be choice to learn some prominent figure used “11Inches” as his pass?


#5

yes, too short and easily broken


#6

Before anyone starts freaking out about bcrypt or Blowfish being broken: The programming errors mentioned are not in those functions, they’re specific to how Ashley Madison handled password hashing and storage. They hashed them with (the very broken) MD5, which left them vulnerable to brute forcing in a way that bcrypt by itself would not have. Source.


#7

Like the article says, it was like locking your vault and putting the key on an envelope besides it…

(Or writting your superstrong password on a post-it)


#8

Cynosure Prime is a literary reference. and I’m not sure it’s all that highbrow.


#9

This topic was automatically closed after 5 days. New replies are no longer allowed.