So as you may have heard. The adobe user database of 130 million was leaked recently. I want to find out what password I used for the adobe account I created to make sure that I'm not using it anywhere else. But how do I decrypt the Triple DES ECB Mode encrypted password? Is there a way to do this without knowing the Adobe Cipher Key? Is there a way to get the Cipher Key?
Asked
Active
Viewed 2,424 times
0
-
@Mike W are you sure there arent any strategies? – user2971112 Nov 13 '13 at 05:43
-
Passwords generally aren't stored in a decryptable form. Usually, a one way salted hash is used to generate the stored value. At login the password you enter is hashed the same way and the results compared. Adobe can't decrypt this, even knowing the hash mechanism and salt that were used. Even if Adobe had stored passwords in a decryptable form, do you think they'd make the cipher available just because someone can't remember their password? If you're concerned about it do what I have done - change every password everywhere. – Nov 13 '13 at 06:15
-
2@Mike W Adobe did by no means use best practices. They did indeed use a single Triple DES key to encrypt all passwords without salt etc. – Ebbe M. Pedersen Nov 14 '13 at 01:20
-
@EbbeM.Pedersen That is _truly_ scary! – Nov 14 '13 at 01:23
1 Answers
-1
You're using the wrong terminology. You don't want to decrypt your password, you want to know how to re-encrypt your plain-text password to see if it matches the stolen one. I'm sure there's a way. However, you can solve this issue a lot easier just by logging in at adobe.com. If you login successfully, they'll ask you to change your password.
desau
- 3,001
- 1
- 24
- 27