Mac Developer: Once seen as bulletproof, 11 million+ Ashley Madison passwords already cracked | Ars Technica
Once seen as bulletproof, 11 million+ Ashley Madison passwords already cracked | Ars Technica When the Ashley Madison hackers leaked close to 100 gigabytes' worth of sensitive documents belonging to the online dating service for people cheating on their romantic partners, there seemed to be one saving grace. User passwords were cryptographically protected using bcrypt, an algorithm so slow and computationally demanding it would literally take centuries to crack all 36 million of them.
Security researcher could only crack weak passwords—just 0.0668% of trove. Now, a crew of hobbyist crackers has uncovered programming errors that make more than 15 million of the Ashley Madison account passcodes orders of magnitude faster to crack.
Security is quite difficult to do right. I think it starts with the choice of FreeBSD.
Labels: security flaw