Few days ago, the linkedin password dump was released. It’s made of 6458020 sha1 unsalted-hashes. Yes, we are in 2012 and big websites still use unsalted hashes to store your passwords…
The dump is made of two different sort of hashes :
- there are 3.521.180 “00000” masked hashes (e.g. 0000054bc8172921062252506762fd36a5f8a6ca)
- and 2.936.840 “normal” hashes.
While the origin of the masked hashes remains unknown, some people think that the hacker who released the dump masked the hashes he had already recovered. Anyway, we can recover those hashes. The hashcat author released two special versions of his tools (hashcat and oclhashcat) which support those zeroed hashes.