LinkedIn and Hashcat, or why you need a better password

This was just posted: Linkedin password statistics – Stefan Venken used easy to access tools (“HashCat / Jtr and publicly found wordlists on a customer grade laptop”) and turned it on the 6.5 million linked in passwords and it turns out “1.354.946 were recovered within a few hours time”.  No special software, and no massive hardware. (Of course he knows what he is doing, but so would anyone determined to access them).

It would be ideal if every site had strong security methods to protect passwords: you need to assume the opposite and take steps to make your password strong, as well as making sure you have different passwords for different sites (especially for sites that are strongly associated with money or your identity).

For more on hashcat, go here: oclHashcat-plus – advanced password recovery

One response to “LinkedIn and Hashcat, or why you need a better password

  1. I would certainly recommend changing LinkedIn passwords!

    For some background information, your readers might like to read my article on the LinkedIn Security Breach.

    Alastair Revell
    Chartered IT Professional

    Managing Consultant
    Revell Research Systems