publication . Preprint . 2017

The Cryptographic Implications of the LinkedIn Data Breach

Gune, Aditya;
Open Access English
  • Published: 19 Mar 2017
Data security and personal privacy are difficult to maintain in the Internet age. In 2012, professional networking site LinkedIn suffered a breach, compromising the login of over 100 million accounts. The passwords were cracked and sold online, exposing the authentication credentials millions of users. This manuscript dissects the cryptographic failures implicated in the breach, and explores more secure methods of storing passwords.
free text keywords: Computer Science - Cryptography and Security
Download from
17 references, page 1 of 2

[1] CAPEC-55: Rainbow Table Password Cracking, 2015.

[2] LinkedIn Revisited - Full 2012 Hash Dump Analysis, 2016.

[3] Alabaichi, A., Ahmad, F., and Mahmod, R. Security analysis of blowfish algorithm. Informatics and Applications, Second International Conference (2013).

[4] Eastlake, D., and Jones, P. US Secure Hash Algorithm 1 (SHA1). RFC 3174, RFC Editor, September 2001.

[5] Franceschi-Biccherai, L. Another Day, Another Hack: 117 Million LinkedIn Emails And Passwords, 2016.

[6] Goldman, D. More than 6 million LinkedIn passwords stolen, 2012.

[7] Gosney, J. Password Cracking HPC, 2012.

[8] Gosney, J. How LinkedIn's password sloppiness hurts us all, 2016.

[9] Krawczyk, H. Cryptographic Extraction and Key Derivation: The HKDF Scheme. International Association of Cryptologic Research (2010).

[10] LinkedIn. About us, 2017.

[11] Malvoni, K., Designer, S., and Knezovic, J. Are Your Passwords Safe: Energy-Efficient Bcrypt Cracking with Low-Cost Parallel Hardware. USENIX (2014). [OpenAIRE]

[12] National Institute of Standards and Technology. FIPS PUB 180-4: Secure Hash Standard, 2014.

[13] Oechslin, P. Making a Faster Cryptanalytic Time-Memory Trade-Off. Annual International Cryptology Conference (2003). [OpenAIRE]

[14] Percival, C. Stronger Key Derivation via Sequential Memory-Hard Functions. TarSnap (2009).

[15] Perez, S. 117 million LinkedIn emails and passwords from a 2012 hack just got posted online, 2016.

17 references, page 1 of 2
Any information missing or wrong?Report an Issue