Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Adobe leak of 150 million accounts.

Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action! :-)
User avatar

Topic Author
acid1c
Posts: 49
Joined: Sat Aug 31, 2013 5:42 am

Adobe leak of 150 million accounts.

Postby acid1c » Wed Nov 13, 2013 1:55 am

http://www.theguardian.com/technology/2 ... -can-check

Encryption error

As well as allowing the data to be stolen in the first place, Adobe made two other serious errors when storing the data. Firstly, it encrypted all the passwords with the same key; secondly, the encryption used a method which renders the encrypted data insecure.

The method, called ECB mode, means that every identical password also looks identical when encrypted. So if the database shows 1.9 million people whose password, when encrypted, reads “EQ7fIpT7i/Q”, then researchers know that they all have the same password. From there, they can look at the password hints, which Adobe didn’t encrypt at all, to try and guess what the password might be.
Bitmessage me with Questions, Help, or ChitChat :) - BM-2cV5BzWc9P7vufQREE8Be4U64GBgRJ3GnT
" Those who do not move, do not notice their chains." -Rosa Luxemburg


Rider
Posts: 97
Joined: Tue Jan 01, 2013 11:21 pm
Contact:

Re: Adobe leak of 150 million accounts.

Postby Rider » Wed Nov 13, 2013 3:07 am

My work got hit as well, forced everyone to reset the password on Friday.

User avatar

Topic Author
acid1c
Posts: 49
Joined: Sat Aug 31, 2013 5:42 am

Re: Adobe leak of 150 million accounts.

Postby acid1c » Wed Nov 13, 2013 3:35 am

Rider wrote:My work got hit as well, forced everyone to reset the password on Friday.


I read that Facebook notified all Adobe customers with the matching emails to change their passwords as well.
Bitmessage me with Questions, Help, or ChitChat :) - BM-2cV5BzWc9P7vufQREE8Be4U64GBgRJ3GnT
" Those who do not move, do not notice their chains." -Rosa Luxemburg


Sumerlove
Posts: 1
Joined: Wed Feb 18, 2015 5:28 pm

Re: Adobe leak of 150 million accounts.

Postby Sumerlove » Wed Feb 18, 2015 5:31 pm

Hi,

This is exceptionally decent and wonderful post.
I am very happy joined this forum.
I like it exceptionally much....!!!!


Thanks alot...
Join online Testking security+ certification and testking to pass exam istqb certification in first try. Our best quality and Northwestern University guide you well for real exam.

User avatar

parityboy
ForumHelper
Posts: 905
Joined: Wed Feb 05, 2014 3:47 am

Re: Adobe leak of 150 million accounts.

Postby parityboy » Wed Feb 18, 2015 6:40 pm

@OP

The method, called ECB mode, means that every identical password also looks identical when encrypted.


Hashing algorithms such as MD5 and SHA suffer exactly the same issue, which is why hashing passwords with a unique salt per user is a better idea. :)


Return to “general chat, suggestions, industry news”

Who is online

Users browsing this forum: No registered users and 10 guests

Login