I have it, I have your email too, I will send it on to you, along with a offer I have 10 million stuck in a bank in Nigeria, I just need your bank a/c number and u can keep half!!! Quick b4 somebody else volunteers

Is it sexygirl1234?

I’m not saying.

ahhh but I bet that you still get linkin requests everyother day informing you that all your friends have changed information or would you like to add….

Some men just want to watch the world burn :)

If him and crackers like him didn’t bother then companies wouldn’t bother putting any effort into securing your data. If this raises awareness then it’s a good thing.

A semi targeted list of that size would be pretty valuable on the black market. It could generate in the order of $100,000 .. Providing you had enough bandwidth , proxies, and processing power!

Cyber crime is an issue urgently needing attention.

Hon Rob!

80k CPU hours? OMG!
What cpu are you talking about? the one in my watch? or a standard machine?
How can you have such an exact number of hours, when every CPU and every hash is different?
or how about the combined resources of a 100k+ seat botnet? (this type of task is easily enough bought on the very same russian forum where the list first went public)

Secondly, you can compare the list of hashes to a list of already cracked hashes-> password table.
In other words, if your password was “password1″, that info can be easily gotten from the table that was posted.

You sound like a computer science student who knows the theory but not the practical use.
“nothing to worry about”, well… actually yes, many people do have something to worry about if they had used an insecure password that the attackers already know the hash to.

@Fulano
I think it said average dual core CPUs. Well you can say that if you say “average” :P

Well it took a super computer something like 13 hours to crack one password. These people are after a linkedin password which mightn’t necessarily by the same as people’s other account password. It seems like a waste of time to me. I think he’s simply showing off that he can get the passwords in the first place.

Ah don’t worry, I know aobut rainbow tables. I used them once for a college project, or at least something along the lines of them. You are right though that you’ll get the “password1″ people with them very quickly but anyone who put any effort into their password will be VERY hard to get.

Fulano is absolutely right. What this article is implying is that the data stored was unsalted and that a simple rainbow table lookup would sort out the problem. The only issue is generating said rainbow table, that’s where the botnet comes into play. Its child’s play when you know what you’re doing.

Some fairly reputable companies disagree with you on SHA-1 and suggest moving to SHA-256.
http://blogs.cisco.com/security/next-generation-encryption/

they were unsalted… like a poor mans chips.

Just saw this post on twitter from someone who’s password was compromised – not looking very good :(

“The leaked LinkedIn hash data contains a hash that matches my (now former) pw: P2X7\5b7″Q3YB}5 8e9d656b876e16b91a90ab53d94f6b1af010a581″

No salting, how ’bout that. Bloody eejits.

oops password1

No, I’ve taken that one