Home » Gadgets » Cyno Sure Prime: Password crackers take Troy Hunts hashes apart

Cyno Sure Prime: Password crackers take Troy Hunts hashes apart

Tuesday, September 5th, 2017 | Gadgets

Members of the Cyno SureSpring group have succeeded in cracking the overwhelming number of Trojan Hashes published by Troy Hunt in August. The majority of the hashes used the algorithm Sha-1, which is considered obsolete and insecure, only a few passwords were re-heashed with further algorithms ('nested hashes').

Recently, Cyno Sure Prime had cracked numerous hashes from the database of the hacked website Ashley Madison. The site had actually used the algorithm bcrypt, which was considered to be much safer, but did not re-heave old passwords, so they were crackable.
Troy Hunts record contains 320 million SHA-1 hashes
A total of 320 million hashes are included in the now published data set. Some 1 million of these hashes did not contain plaintext passwords, but new hashes. According to Cyno SurePrime, the Hashes published by Troy Hunt are not just passwords. Some of the strings contained, for example, e-mail addresses or user names. According to the group, Hunt wants to remove the affected hashes from the database, according to The Register.
Cyno SurePrime found some restrictions on the tools used, such as Hashcat, during the process. The program apparently has problems to process output files with hashes, whose string begins with $ HEX []. A new version of the program is intended to correct this error.

Hunt had published the data because he wanted to allow websites and users to automatically reject frequently used passwords. Users can also check on a website whether certain passwords are already in use, but should not do this with actively used passwords.
Hunt has been running the hasibeenpwned.com service for many years, where users can check if their passwords appear in public password dumps, such as from the dropbox hack. Users will receive notifications after registering when new records are uploaded and their account is affected. The service is financed through voluntary donations.
Supplement of 5 September 2017, 2:05 pm
Information on the business model of haveibeenpwned.com corrected.

Related

Bitcoin Price On Bitstamp

Bitcoin Price On Bitstamp An exchange based in Slovenia, where users can trade

Project 1v1: Gearbox working on Shooter

Action plus collecting cards – does that fit together? The US developer studio

Real Madrid Mbappe

Real Madrid Mbappe Real Madrid manager Zinedine Zidane has reportedly told AS Monaco's

Location competition - Administrative of

The administrative boards of Swiss companies lack digitalization competences. This was the result