Security is paramount

**mudskipper** · 10 June 2012, 07:08

Originally posted by doodab View Post

I think I will sign in and delete my account you ******* half witted protomonkeys.

wtf? really? I already reset my password.

**Diver** · 10 June 2012, 07:12

Originally posted by doodab View Post

I think I will sign in and delete my account you ******* half witted protomonkeys.

You can't now

I knew your email address so I simply hijacked your account

**doodab** · 10 June 2012, 07:13

Originally posted by k2p2 View Post

wtf? really? I already reset my password.

Don't worry, they'll broadcast the new one for you shortly.

**MarillionFan** · 10 June 2012, 07:13

Originally posted by Diver View Post

You can't now

I knew your email address so I simply hijacked your account

Does doodab use [email protected] then?

**OwlHoot** · 10 June 2012, 08:28

My linkedin password is about 30 characters long now, with numbers, symbols, upper & lowercase etc.

I'd like to see hackers figure out that one with a dictionary search

**Doggy Styles** · 10 June 2012, 09:21

Originally posted by OwlHoot View Post

My linkedin password is about 30 characters long now, with numbers, symbols, upper & lowercase etc.

I'd like to see hackers figure out that one with a dictionary search

They can just look it up.

**doodab** · 10 June 2012, 10:37

I only really use it for finding people with comedy names. I see MF really has taken a job in the states:

randy gaylord profiles | LinkedIn

**mudskipper** · 10 June 2012, 21:28

Originally posted by doodab View Post

I only really use it for finding people with comedy names. I see MF really has taken a job in the states:

randy gaylord profiles | LinkedIn

Hairy arsed bloke isn't there any more

Anyone heard from him? Is he OK? His fanclub miss him!

**Sysman** · 10 June 2012, 22:46

Originally posted by Doggy Styles View Post

They can just look it up.

They need some rather large rainbow tables to do that.

On the other hand one of the reports I read last week cited a >30 GB (compressed size) set of tables out there somewhere.

I have a feeling that checksums will give collisions so that my-extravagantly-long-password will give the same checksum as something-shorter.

Details of the LinkedIn Hash Brute-Force

LinkedIn was using the SHA-1 digest for passwords, so the folks looking to reverse the passwords are using the following brute-force to match the posted hash:

echo -n "password" | openssl dgst -sha1

If you want to determine if your password was in one of the dumps, that's how. Match the SHA-1 hash that was generated from that sequence against one in the dump, and your password was in that dump.

...

And SHA-1 is intended to be fast to calculate; it's not a good general choice for hashing passwords.

And the GPU-based attacks are gonzo fast, based on the timestamps on some of the follow-up postings related to the original password dumps.

Security is paramount