LinkedIn Hacked ?

Dist said:
Well anyone who wants the list of hashes themselves and wants to hash their own password can just google it, there are tons of sites out there hosting the list of hashes. If it wasn't for the fact that this uses javascript and even suggests you look at the source to see for yourself that you don't ever send out your password to them then I wouldn't have suggested it, but it's all good and helps people who don't want to have to download anything, or read how to hash their password themselves.
Click to expand...

Please, that wasn't a dig at you posting the link, or anyone using it. I just posted my (probably unwanted) views for all to see ;)
 
Lol I use a set of 7+ core passwords in varying random orders, use of all brings me up to around 80 alpha/num/char.

Nice and secure and ensures that I can remember immensely large strings for my most secure assets.

Not to say my linkedin is the strongest though! Time for a revamp of the cores!
 
Last edited:
Ah I see. The 00000 is the code the hacker guys have used when that hash has already been cracked, and they have the plain text version. God damn it.
 
Account deleted, password was a generic rubbish one I only used on worthless sites anyway, to be honest it's one more social network I don't need to be part of!
 
Why are they storing your password strings anyway? I assumed all website passwords were passed and saved to their servers in a one-way cryptographic hash format?
 
Last edited:
estebanrey said:
Why are they storing your password strings anyway? I assumed all website passwords were passed and saved to their servers in a one-way cryptographic hash format?
Click to expand...

They are? :confused: Unless I've misunderstood your question.

The file available contains all of those hashes. Unfortunately, they've just used a 'simple' SHA1 hash, with NO salt so (at a guess) using a rainbow table into an SHA1 hash generator is making fairly quick work of the simpler password hashes.
 
I only used my linkedin password on one other site so I've changed that now! Cheers for the heads up!
 
squerble said:
They are? :confused: Unless I've misunderstood your question.

The file available contains all of those hashes. Unfortunately, they've just used a 'simple' SHA1 hash, with NO salt so (at a guess) using a rainbow table into an SHA1 hash generator is making fairly quick work of the simpler password hashes.
Click to expand...

Why on Earth they didn't salt the hashes I'll never know. It is trivial to do, and means brute forcing would be specific to that site.
 
If anyones interested in more security here's what you can get for £27 from Yubico

A Vip Yubikey
1 Year sucscription to Lastpass

This gives you a Symantec VIP credential that you can use on sites like ebay / paypal for extra security.

You can also program it to give two factor authentication to Lastpass.


 
You must log in or register to reply here.
Back
Top Bottom