Unless you’ve been living under a rock for the past few months you have probably heard about the dump from the 2012 LinkedIn hack being released. TrustedSec was able to acquire a copy of the list and use it for research purposes. Our friends over at Korelogic have already posted an excellent analysis of the list showing the most common words, patterns, and other statistics so we are not going to rehash that information. The LinkedIn list offers an opportunity for us at TrustedSec to share our password recovery methodology step by step and show how we attack large password breach lists. The passwords gained from these types of breaches are very valuable to us on penetration tests because people often reuse passwords across work and social media. Our hope is that by now everyone on this list has reset their password and is no longer using the password they used for LinkedIn in 2012, however since we cannot be sure, we have no plans to share the list so please don’t ask.
The list we received contained 167,370,909 entries in a SHA1 unsalted hash format. The list contains a large number of duplicate hashes which is valuable for statistical analysis but we don’t need that to go over cracking methodology. After removing all of the duplicates and blank lines we were left with 117,205,871 unique hashes to crack.
* * *