a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment
NoTroop  ·  3364 days ago  ·  link  ·    ·  parent  ·  post: CynoSure Prime: How we cracked millions of Ashley Madison bcrypt hashes efficiently

Let me make sure I have this straight, they essentially had a list of potential keys for the hashes, and all they had to do was brute force different capitalizations for the hashes to figure out which belonged to which? It sounds like they just brute forced them after greatly, greatly decreasing the number of potential inputs via other vulnerabilities with the way the site managed passwords.