LinkedIn and Hashcat, or why you need a better password

This was just posted: Linkedin password statistics – Stefan Venken used easy to access tools (“HashCat / Jtr and publicly found wordlists on a customer grade laptop”) and turned it on the 6.5 million linked in passwords and it turns out “1.354.946 were recovered within a few hours time”.  No special software, and no massive hardware. (Of course he knows what he is doing, but so would anyone determined to access them).

It would be ideal if every site had strong security methods to protect passwords: you need to assume the opposite and take steps to make your password strong, as well as making sure you have different passwords for different sites (especially for sites that are strongly associated with money or your identity).

For more on hashcat, go here: oclHashcat-plus – advanced password recovery

One response to “LinkedIn and Hashcat, or why you need a better password

  1. I would certainly recommend changing LinkedIn passwords!

    For some background information, your readers might like to read my article on the LinkedIn Security Breach.

    Alastair Revell
    Chartered IT Professional

    Managing Consultant
    Revell Research Systems

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.