On 7 June 2012 11:28, Jon Spriggs <j...@sprig.gs> wrote: > Bear in mind the key here is to decrypt the hashes which are > publically circulating. If you give them a password to hash for you, > then they can then search for that hash and get a list of everyone > who's used that password. Even if it's just one person, that's one > password less they need to put through a rainbow table of hashes. > > All the best, > -- > Jon "The Nice Guy" Spriggs
That's a pretty fair assumption. It's a an easy way out, by the looks of it they were stored unsalted so it will indeed save them a job. As above though, unless they have a list of e-mail addresses, there's not really a great lot they can do with a list of passwords. -- Kris Douglas. www.krisd.eu -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
