Gawker (Jalopnik, Gizmodo) Database leaked, 188.000 passwords decrypted

narf · Dec 14, 2010

calvinhobbes said:
Oh, the stick was emptied as soon as I had it back. Better to be safe than sorry. I now have that file and a couple others in an encrypted .dmg on my laptop. I figured that if I lose my laptop, I'm royally screwed anyway, so if some inaccessible personal info is lost along with it, it won't add to my worries.

You could keep it on the stick along with a program to use for decryption for several operating systems to be ubersafe :nod:

calvinhobbes · Dec 14, 2010

narf said:
You could keep it on the stick along with a program to use for decryption for several operating systems to be ubersafe

Funny you should recommend this - I just put the dmg on the stick, which I've been keeping in a drawer at home for a while anyway. My better half and my brother both have Macs, so somebody should always be able to open it for me if the SHTF.

narf · Dec 14, 2010

The decryption program stored on the stick was more geared towards using it on other computers such as the public ones at your uni.

WillDAQ · Dec 14, 2010

narf said:
The decryption program stored on the stick was more geared towards using it on other computers such as the public ones at your uni.

http://portableapps.com/apps/utilities/keepass_portable

Does the job very well, there's also KeePassX for Macfags.

calvinhobbes said:
I figured that if I lose my laptop, I'm royally screwed anyway, so if some inaccessible personal info is lost along with it, it won't add to my worries.

(1) Enable FileVault for your homedrive
(2) Use timemachine for regular backups

If you really want to go OTT (like me) use one of these for the backup (has AES256 in hardware):
http://www.freecom.com/news.asp?Id=4212

Kip_6666 · Dec 14, 2010

narf said:
Whether they have enough hashes or not depends on the size of the hash. Even if the hash is long enough though, chances are high that a collision exists. Let me give you an example: The days in the year are our hash values. Our input is people's date of birth. There are 365 possible hash values, so it should be easy to fit 23 input values into those 365 output values without collision. However, chances are 50/50 that you will get one collision (ie two people out of 23 share their birthday). For 57 people (less than 16% of the hash size) chances of a collision already are over 99%. Simply said, collisions always exist. Do they matter? No. Why? How likely is it that someone attempts to log in to your account not knowing the real password and by chance picks out a password that is not the real one but results in the same hash? Virtually nil. It's much more likely they'll have guessed the real password.

Clear, thanks

mooglebunny · Dec 14, 2010

Never had an actual account, but I have used an email to comment on a rare occasion.

That doesn't count as technically having an account though I think. No password.

Gawker (Jalopnik, Gizmodo) Database leaked, 188.000 passwords decrypted

narf

Sgt. Maj. Buzzkill

calvinhobbes

Forum Addict

narf

Sgt. Maj. Buzzkill

WillDAQ

Well-Known Member

Kip_6666

I Bought This Title :o

mooglebunny

Well-Known Member