Crossword based on a password database stolen from Adobe

    As you know, more than a month ago, Adobe announced a hacker attack on its servers, as a result of which a user database was stolen, including name, encrypted passwords and bank card numbers, as well as the source code of its main products. It was originally said about 2.9 million compromised accounts, but the reality was much worse.

    Soon, a file with 130,324,429 unique records weighing 10GB was posted in the public domain and anyone could download and dig into it.

    image

    Each encrypted password in the base dump has a length of 8, 16, 24, 32, 40 or 48 characters in the hexadecimal system. Although Adobe assured that the data was securely encrypted, upon careful examination of the password database, it turned out that the 3DES symmetric block cipher was used in the Electronic Code Book (ECB) mode, with a zero at the end (ASCII NUL) added to each password before encryption.

    image

    The Top 100 most popular passwords in the database were quickly compiled :



    Using a rather ancient mechanism instead of hashing with saltsymmetric encryption with a single key, for such a respectable company it seems unprecedented stupidity. The large database size makes it easier to find the master key, and the one who calculates it will be able to fully decrypt the entire dump. This Adobe epicfile has already generated a myriad of sad jokes among security guards:

    image

    Inspired by the xkcd comic , the guys made a crossword puzzle based on the 1000 most popular user passwords :) As an option, an encrypted version is suggested, for the answer you need to enter the password in plaitext. When you click in the white block, up to 50 of the most popular hints for this password are displayed. A fun weekend!




    Also popular now: