Monthly Archives: June 2012

Linkedin passwords compromised

Today, June 6th of 2012, the news came out that Linkedin passwords have been compromised. Over the years there have been a lot of discussions on what is a safe way to store, but also to choose a safe password. Assuming the provider of the service you are using is using a very insecure method to store password but are encoding them can give you some examples on how to choose a new one.

This example provides some links to find, test and create a password in md5 without the password being hashed _and_ salted.

Online there are some tools to help you disclose passwords for md5 encrypted passwords. They are also known as rainbow table services. You just grab an md5 encoded password and you check it on the website. One of them is used here, if you search for online rainbow table search you will find others too.

In the left box you paste up to 10 md5 hashed passwords and it will give you the password if it has it in the database. Some examples

password: linkedin
md5 string:  f1576406b382b7d1c8c2607f7c563d4f

password: gmail
md5 string  de01c1d48db6c321c637457113ed80d5

password: grandpa
md5 string: 224c1c878dec9c52ea8a8aaaf46a8872

password: semperfi
md5 string: 073de059ab0b79721180e1f87440d4fe

The checker displays the passwords for all of them:


As you can see the most common words are known already. If a site like linkedin is using md5 encryption only and someone is able to get the passwords they only need to run them through such a service (be aware, it is not hard to build something like this).

Use stronger password people. An unknown word combined with digits and other signs will make it very hard to decrypt it. Once you have chosen a password check it against a rainbow database to see if it is know there. If it is choose another one. It is not hard to imagine other encryption tools will have a simular database.

To generate md5 strings of a password you could use a database like mysql but I am sure there are some other tools for it too. In mysql you just run the following query:

select md5(‘linkedin’);

%d bloggers like this: