Editing 1286: Encryptic
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 8: | Line 8: | ||
==Explanation== | ==Explanation== | ||
− | + | {{w|Triple DES}} is an older but still relatively secure encryption algorithm that works on 64-bit (8 character) blocks. Assuming that the passwords are stored in plain ASCII, this means that each sequence of 8 characters on the same position is always encrypted to the same result and therefore two passwords starting with “12345678” would start with the same block after being encrypted. Furthermore, this means that you can actually get a very good idea of the length of the password since anything with only one block is a password with length between 1 and 8 characters, with two blocks it has between 9 and 16 characters etc. | |
− | + | This way of storing passwords does not follow the recommended way of using a suitable cryptographically-secure {{w|Hash function|hash function}} that yields only a single block so that there is no way to tell the length of the password from the result. It is also a good practice to {{w|Salt (cryptography)|add a salt}} specific to each user (like their username) so that two users with the same password would not have the same hash. | |
− | + | Adobe also stored hints users created for their passwords. That means that an attacker knows not only if the same 8 characters are used for multiple passwords but also has some hints for guessing them. That means that common password portions should be easy to recover and that any user may be “compromised” by someone else using a part of the same password and providing a good hint. As an example, a password having three hints “Big Apple”, “Twin Towers” and “If you can make it there” is probably “New York” (or a simple variation on that). The weakness here is that no decryption and therefore no hard cracking has to take place, you just group the passwords by their encrypted blocks and try to solve them like a crossword puzzle. | |
− | + | It seems the examples are not taken from the actual leaked file as that [http://arstechnica.com/security/2013/11/how-an-epic-blunder-by-adobe-could-strengthen-hand-of-password-crackers/ uses a different format]. | |
− | The | + | The title text makes a reference to [[792|Black Hat’s trouble with what to do with stolen passwords]]. It also states that users of pirated Photoshop are the winners here. This is because in order to make Photoshop pirate-able, it was modified (cracked) by removing the requirement for registration so their passwords were not sent to Adobe and therefore are not present in the leaked file. |
− | + | The title itself is a reference to [http://en.wikipedia.org/wiki/Cryptic_crossword cryptic crosswords] | |
− | |||
− | |||
− | + | ==Passwords== | |
− | + | Note that characters in the passwords could be upper or lower case, and they may involve common substitutions like "0" (number zero) for "O" (letter O); therefore, the clues cannot guarantee that the answer shown here is precisely correct. Nevertheless, we have plenty of information for a brute force attack. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | Note that characters in the passwords could be upper or lower case, and they may involve common substitutions like "0" (number zero) for "O" (letter O); therefore, the clues cannot guarantee that the answer shown here is precisely correct. Nevertheless, we have plenty of information for a brute force attack. | ||
{|class="wikitable" | {|class="wikitable" | ||
Line 51: | Line 31: | ||
|<tt>4e18acc1ab27a2d6</tt> | |<tt>4e18acc1ab27a2d6</tt> | ||
|weather vane sword | |weather vane sword | ||
− | |<tt> | + | |<tt>matthias</tt> |
− | |In '' | + | |In ''Redwall'', several characters are associated with a sword hung from a weather vane, but only Matthias shares the name of an apostle (6 lines down). |
|- | |- | ||
|<tt>4e18acc1ab27a2d6</tt> | |<tt>4e18acc1ab27a2d6</tt> | ||
Line 59: | Line 39: | ||
|Although no hint was used, we know this password too, since it matches the previous one. | |Although no hint was used, we know this password too, since it matches the previous one. | ||
|- | |- | ||
− | |<tt>4e18acc1ab27a2d6 | + | |<tt>4e18acc1ab27a2d6 a0a2876eb1ea1fea</tt> |
|name1 | |name1 | ||
|<tt>matthias1</tt> | |<tt>matthias1</tt> | ||
Line 69: | Line 49: | ||
|Unfortunately, this is all too common, and the user practically told us that it's an easy one. | |Unfortunately, this is all too common, and the user practically told us that it's an easy one. | ||
|- | |- | ||
− | |<tt>8babb6299e06eb6d | + | |<tt>8babb6299e06eb6d a0a2876eb1ea1fea</tt> |
| | | | ||
|<tt>password1</tt> | |<tt>password1</tt> | ||
Line 80: | Line 60: | ||
|- | |- | ||
|<tt>4e18acc1ab27a2d6</tt> | |<tt>4e18acc1ab27a2d6</tt> | ||
− | |favorite of | + | |favorite of 12 apostles |
− | |<tt> | + | |<tt>matthias</tt> |
− | | | + | |This has only 12 possibilities to begin with (actually a few more, given variant spellings, variant lists, and one replacement), but actually we know already which one by combining with the clue 6 lines up. |
|- | |- | ||
|<tt>1ab29ae86da6e5ca 7a2d6a0a2876eb1e</tt> | |<tt>1ab29ae86da6e5ca 7a2d6a0a2876eb1e</tt> | ||
|with your own hand you have done all this | |with your own hand you have done all this | ||
|<tt>Judith1510</tt> | |<tt>Judith1510</tt> | ||
− | |This is a quotation from | + | |This is a quotation from Judith 15:10. |
|- | |- | ||
|<tt>a1f9b2b6299e7a2b eadec1e6ab797397</tt> | |<tt>a1f9b2b6299e7a2b eadec1e6ab797397</tt> | ||
|sexy earlobes | |sexy earlobes | ||
− | |<tt> | + | |<tt>Charlie Sheen</tt> |
− | |This refers to an episode of '' | + | |This refers to an episode of ''Two and a Half Men''. Other answers are possible, but only this one fits the next line. |
|- | |- | ||
|<tt>a1f9b2b6299e7a2b 617ab0277727ad85</tt> | |<tt>a1f9b2b6299e7a2b 617ab0277727ad85</tt> | ||
|best TOS episode | |best TOS episode | ||
− | |<tt> | + | |<tt>Charlie X</tt> |
− | |" | + | |"TOS" refers to the original series of ''Star Trek''. Although this had dozens of episodes, only one fits the previous line. |
|- | |- | ||
|<tt>39738b7adb0b8af7 617ab0277727ad85</tt> | |<tt>39738b7adb0b8af7 617ab0277727ad85</tt> | ||
|Sugarland | |Sugarland | ||
|<tt>HoustonTX</tt> | |<tt>HoustonTX</tt> | ||
− | | | + | |Sugarland is a suburb of Houston, Texas. This fits with the previous line. |
|- | |- | ||
|<tt>1ab29ae86da6e5ca</tt> | |<tt>1ab29ae86da6e5ca</tt> | ||
Line 112: | Line 92: | ||
|alpha | |alpha | ||
|<tt>abc</tt> | |<tt>abc</tt> | ||
− | |This password is also far too common, but this clue still isn't enough to narrow it down. Combine with the clue | + | |This password is also far too common, but this clue still isn't enough to narrow it down. Combine with the clue 3 lines below, however, and it's quite easy. |
|- | |- | ||
|<tt>877ab7889d3862b1</tt> | |<tt>877ab7889d3862b1</tt> | ||
Line 123: | Line 103: | ||
|<tt>abc</tt> | |<tt>abc</tt> | ||
|No hint, but the same as the surrounding passwords. | |No hint, but the same as the surrounding passwords. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
|<tt>877ab7889d3862b1</tt> | |<tt>877ab7889d3862b1</tt> | ||
|Michael Jackson | |Michael Jackson | ||
|<tt>abc</tt> | |<tt>abc</tt> | ||
− | + | |Michael Jackson did many songs, but only one was alphabetical (3 lines up). | |
|- | |- | ||
|<tt>38a7c9279cadeb44 9dca1d79d4dec6d5</tt> | |<tt>38a7c9279cadeb44 9dca1d79d4dec6d5</tt> | ||
| | | | ||
− | | | + | | |
|No hint, but the same as the one below. | |No hint, but the same as the one below. | ||
|- | |- | ||
|<tt>38a7c9279cadeb44 9dca1d79d4dec6d5</tt> | |<tt>38a7c9279cadeb44 9dca1d79d4dec6d5</tt> | ||
− | |he did the | + | |he did the MASH, he did the |
− | |<tt> | + | |<tt>Monster Mash</tt> |
− | | | + | | |
+ | | | ||
|- | |- | ||
|<tt>38a7c9279cadeb44</tt> | |<tt>38a7c9279cadeb44</tt> | ||
− | | | + | |Purloined |
− | | | + | | |
− | | | + | | |
|- | |- | ||
− | |<tt> | + | |<tt>a8ae5754a2b7af7a 9dca1d79d4dec6d5</tt> |
− | |fav water-3 | + | |fav water-3 Pokemon |
− | | | + | | |
− | | | + | | |
|- | |- | ||
|} | |} | ||
==Transcript== | ==Transcript== | ||
− | |||
:Hackers recently leaked '''''153 million''''' Adobe user emails, encrypted passwords, and password hints. | :Hackers recently leaked '''''153 million''''' Adobe user emails, encrypted passwords, and password hints. | ||
:Adobe encrypted the passwords improperly, misusing block-mode 3DES. The result is something wonderful: | :Adobe encrypted the passwords improperly, misusing block-mode 3DES. The result is something wonderful: | ||
Line 167: | Line 142: | ||
4e18acc1ab27a2d6 weather vane sword | 4e18acc1ab27a2d6 weather vane sword | ||
4e18acc1ab27a2d6 | 4e18acc1ab27a2d6 | ||
− | 4e18acc1ab27a2d6 | + | 4e18acc1ab27a2d6 a0a2876eb1ea1fea name1 |
8babb6299e06eb6d duh | 8babb6299e06eb6d duh | ||
− | 8babb6299e06eb6d | + | 8babb6299e06eb6d a0a2876eb1ea1fea |
8babb6299e06eb6d 85e9da81a8a78adc 57 | 8babb6299e06eb6d 85e9da81a8a78adc 57 | ||
4e18acc1ab27a2d6 favorite of 12 apostles | 4e18acc1ab27a2d6 favorite of 12 apostles | ||
Line 184: | Line 159: | ||
877ab7889d3862b1 Michael Jackson | 877ab7889d3862b1 Michael Jackson | ||
38a7c9279cadeb44 9dca1d79d4dec6d5 | 38a7c9279cadeb44 9dca1d79d4dec6d5 | ||
− | 38a7c9279cadeb44 9dca1d79d4dec6d5 he did the | + | 38a7c9279cadeb44 9dca1d79d4dec6d5 he did the MASH, he did the |
− | 38a7c9279cadeb44 | + | 38a7c9279cadeb44 Purloined |
− | + | a8ae5754a2b7af7a 9dca1d79d4dec6d5 fav water-3 pokemon | |
</pre> | </pre> | ||
− | |||
:The greatest crossword puzzle in the history of the world | :The greatest crossword puzzle in the history of the world | ||
{{comic discussion}} | {{comic discussion}} | ||
+ | |||
[[Category:Comics with color]] | [[Category:Comics with color]] | ||
− | |||
− | |||
− | |||
− |