![]() ![]() Forgot your password? Click here and follow our simple instructions to set up a new password. If you have already created a new password but have received a message. C program for arithmetic coding in digital image. The analysis shows some of the popular types of passwords used on eHarmony. SpiderLabs An analysis of passwords stolen from eHarmony and leaked to the Web recently reveals several problems with the way the dating site handled password encryption and policies, according to a security expert. The biggest problem clearly was that the passwords, although encrypted and obscured with a hashing algorithm, were not 'salted,' which would have increased the amount of work password crackers would need to do, writes Mike Kelly, a security analyst at Trustwave SpiderLabs, in a today. But there were two other less obvious problems. First, the lowercase characters in passwords were converted to uppercase before hashing, Kelly says, writing: This drastically reduces the time it takes to crack, as there are far less possibilities. Using a full 95 character keyboard, brute forcing an 8 character password gives us 6.6342x1015 possibilities. For eHarmony, this is reduced to 5.13798374 x 1014, due to the loss of the lowercase characters. And secondly, during resets the passwords were changed to a five-character password using only letters and digits, he said, adding: During our tests, we reset the password for an eHarmony account several times. Each time, we found that the passwords were reset to a five-character password using only letters and digits. While the password appears to be using uppercase and lowercase letters, we know that the hashes use only uppercase. Bruteforcing five characters, under these circumstances, can be done in less than 10 seconds while utilizing at least one GPU. EHarmony spokeswoman Becky Teraoka provided this comment to the SpiderLabs post: 'The security of our users is of the utmost importance to us. Due to our ongoing investigation and cooperation with law enforcement authorities, we cannot comment on these specific points.'
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |