Preliminary analysis of LinkedIn user passwords

As you've no doubt heard, a large tranche of hashed LinkedIn passwords has been leaked onto the net. There's no known way to turn the hash of a password back into the password itself, but you can make guesses about passwords, hash the guesses, and see if the hashed guess matches anything in the leaked database. Bunnie Huang has been making some educated guesses about the passwords, and he's reported on his findings.

I thought it’d be fun to try to guess some passwords just based on intuition alone, using LeakedIn to check the guesses. Here’s some of the more entertaining passwords that are in the database: ‘obama2012′, ‘Obama2012′, ‘paladin’, ‘linkedinsucks’, ‘fuckyou’, ‘godsaveus’, ‘ihatemyjob’, ‘ihatejews’ (tsk tsk), ‘manson’, ‘starbucks’, ‘qwer1234′, ‘qwerty’, ‘aoeusnth’ (hello fellow dvorak user!), ‘bigtits’ (really?), ‘colbert’, ‘c0lbert’, ‘bieber’, ‘ilovejustin’, ’50cent’, ‘john316′, ‘john3:16′, ‘John3:16′, ’1cor13′, ‘psalm23′, ‘exodus20′, ‘isiah40′, ‘Matthew6:33′, ‘hebrews11′ (bible verses are quite popular passwords!).

Interestingly, there is no ‘romney2012′ or any variant thereof.

Leaked In