On September 6, we posted for the first time the 10 worst passwords from the hack on Ashley Madison's page.
One month after the Ashley Madison website was reported, hackers released the first package of stolen data. Email addresses, passwords, and credit card transactions leaked from 18 August. A few days later, more data came in, including: internal emails with Avid Media Life's parent company.
The tens of millions of passwords, leaked from Ashley Madison's page, were encrypted, with bcrypt. Robert Graham security researcher at Errata Security, Reported on their blog, that the event was a "refreshing change." This means that users with strong passwords are "secure."
But we can not say the same about weak passwords.
Security expert Dean Pierce Reported how he managed to break the encryption of weak passwords with "cracking rig."
The results should not surprise us. Using weak passwords on the site was terrible.
Pierce spent five days running an automated "break" of passwords, and stopped about 0,0006 percent of all data leaked. However, this means 4.000 decrypted passwords.
It is worth noting that in the case of Ashley Madison, it is not clear at what point in time the data with the passwords leaked. It is likely that the website allowed weak passwords in the first days of its operation, and later required stronger when signing up for the site. .
"It may also be impossible to break any bcrypt password, but given that many users are using weak codes, it does not matter if the passwords are bcrypted and salted. Some will break. "
See 100's worst passwords from Ashley Madison's hack
Registration in iGuRu.gr via Email
|p *** y||10,683|
|f ** kme||7,893|
|f ** kyou||7458|
|and ** sticks||5,052|
|I love you||3,671|
|bigd ** k||3,058|
|f ** koff||2,794|
|but I do not understand what you wrote||2,617|