Adobe have some security trouble, XKCD makes fun of it, and an Adobe Crossword is created to demonstrate the problem it caused.

Adobe Crossword

Recently I found out about the Adobe Crossword, which has a bit of an interesting history.

The company Adobe recently had a large loss of login data. Actual passwords weren’t lost because those are encrypted, so for example the password “adobereader” would be hashed as wstSRNTKwz7zWtHl69lRxw==

But – the big problem is that the password hints weren’t revealed. A single person’s password hint isn’t that much of a loss of security, but when hundreds of people use the same password, that password results in the same encrypted value, and the password hints from all of those people can then be combined together:

Password hints:

adobe; reader; adobe reader; program; software; name; product; program name; programa; what is this; website; pdf; ar; product name; site; name of program; logiciel; Adobe Reader; Adobe; same; Program; adober; site name; read; programma; what this is; what is this?; software name; nombre del programa; company; ad; what it is; nombre programa; name of software; what is it; what; title; programme; programm; name of site; adobereader1; Adobe reader; adobereade; website name; this; the program; readeradobe; Reader; programmname; produit

Flow-on effect

As a result of this security breach going public, the XKCD comic did a satirical piece about the problem called Encryptic. And thanks to XKCD’s idea, a real Adobe Crossword has been created that is worth taking a good look at. Not only is it enjoyable to solve and find out commonly used weak passwords, but it also provides a good insight about people’s idea of security.

Advertisements