A list of the worst passwords in the Ashley Madison breach just got longer -- and a lot more depressing.
Security research group CynoSure Prime were able to find out the most common passwords that were used on Ashley Madison, a site which helps married people cheat on their partners, which suffered a massive data breach earlier this year when it was targeted by hackers.
The list of the 100 most commonly-used passwords was first posted on Ars Technica.
As many as 36 million passwords were leaked, but they were hashed, meaning they were cryptographically scrambled using a feature known as bcrypt. An earlier analysis of just 4,000 decrypted passwords (about 0.0006 percent of the entire cache) took days of constant crunching. By comparison, 2.6 million of the hashed passwords were cracked with just one computer in a mere few hours.
But by analyzing the source code of the site -- also leaked in the data dump -- the researchers found that some of the login tokens used MD5, a far weaker hashing algorithm.
"Instead of cracking the slow bcrypt hashes directly, which is the hot topic at the moment, we took a more efficient approach and simply attacked the [MD5] tokens instead," the researchers wrote.
At the time of the team's posting on Thursday, more than 11.2 million passwords had been successfully hacked, or about one-third of the total cache. With that in mind, the list will likely change slightly over time.
(Passwords is via Ars Technica)