On the other front, these passwords are all encrypted (not hashed) using 3DES in...

anonymouz · on Nov 2, 2013

> ... could get the key within 3 weeks (3DES being ~3 times the work of single DES).

Absolutely not! Trippling the key length does not just triple the strength... Against brute force every extra bit will force you to invest twice the time. Though 3DES only provides an effective security equivalent to 112 bits even with the strongest keying option due to an attack on it (instead of 168 bits). It's still probably infeasible to brute force currently: The factor between brute forcing DES and 3DES is about 2^56=7*10^16 (that's a big number!), not 3 as you seem to believe.

Buge · on Nov 2, 2013

>If Adobe have been using the same key for each part of the triple DES key

theboss · on Nov 2, 2013

Using the same key 3 times would be equivalent to using 1 key and performing 1 encrypt operation.

It is almost certainly not the case that adobe is using the same key for all 3 operations. It's probably more effort to do anyways

alexkus · on Nov 2, 2013

Ah yes, I was getting the various Keying options mixed up in my head:-

http://en.wikipedia.org/wiki/Triple_DES#Keying_options

[EDIT]

It does seem odd though that the passwords are encrypted and not hashed, but the hints are in plaintext. Why didn't they also encrypt the hints? (Rhetorical, the answer is probably just laziness/incompetence).

Even if you do use bcrypt() or similar for hashing the passwords then encrypting the hints would prevent similar tactics being available from just a dump of the table contents.

theboss · on Nov 2, 2013

Hashing is the correct way but big companies commonly do things wrong. If they had a sqli vulnerability in their site without knowing it's also possible that they didn't even know this database existed.