[ubuntu-uk] phishing and LinkedIn
Kris Douglas
krisdouglas at gmail.com
Thu Jun 7 10:33:09 UTC 2012
On 7 June 2012 11:28, Jon Spriggs <jon at sprig.gs> wrote:
> Bear in mind the key here is to decrypt the hashes which are
> publically circulating. If you give them a password to hash for you,
> then they can then search for that hash and get a list of everyone
> who's used that password. Even if it's just one person, that's one
> password less they need to put through a rainbow table of hashes.
>
> All the best,
> --
> Jon "The Nice Guy" Spriggs
That's a pretty fair assumption. It's a an easy way out, by the looks
of it they were stored unsalted so it will indeed save them a job.
As above though, unless they have a list of e-mail addresses, there's
not really a great lot they can do with a list of passwords.
--
Kris Douglas.
www.krisd.eu
More information about the ubuntu-uk
mailing list