LastPass Updates

https://lastpass.com/adobe
If you ever created an account on Adobe.com or connected service... This is a good time to use this tool to find out if your password is floating around on the web for anyone to pick up.
 
Your Adobe account was one of the ones that was compromised.We have sent an email to you with instructions on how to obtain your Adobe password hint.We strongly urge you to follow our recommendations and immediately change your Adobe and related passwords!!
Click to expand...
Damn!
That's another thing that I haven't received any email from lastpass.
 
My account was compromised. I changed the password. Problem? I don't remember what password I used for the original account. It was not saved on LastPass so could not find it in the local database.
So, I have no way of finding which password of mine is now compromised linked to my email id. What a freaking nightmare.
Here is an article on how bad Adobe's policy were with respect to password security.
http://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/
And here are the most popular passwords from the database:
 
They did last month I think. I definitely got the email. I think it was from an account I created to play with Acorbat.com service they launched few years ago.
The dump is 3.77GB big. Wondering if I should download it and search for my email id. I would get the encrypted version of my password. I wonder if I can find out what password it is by using MD5 converters?
Anyone technical enough to tell me if there is an easy way to convert mypassword to encrypted format that is available in this dump? :P
http://filippo.io/analyzing-the-adobe-leaked-passwords/ has some details.
 

Oh okay. Maybe I don't remember.
Well according to above post they didn't hash the passwords. So a md5 decrypter won't help. Infact I don't think there is any point in doing that now.
 
I am not looking for a decrypter. I am looking for an encrypter :D
I mean... Let's say I have 3 common passwords...
ABCDEF
GHIJKLM
NOPQRST
I can encrypt all three of them and see which one matches the encrypted form in the dump. And then change that password from other important online services...
 
Ah. Still you would need the ciphertext against which they were encrypted. I don't think the sites you mentioned above have managed to crack that. They just guessed the algorithm and found the most common passwords thanks to the obvious password hints.
 
hehe. guess so.
The latest update of LastPass is very solid. If you are not using some password manager, this is a good time to start using it!
 
Back