ASUS has ~65 MAC prefixes registered, each has 16.8M addresses, totaling ~1G. AWS 16 GPU p2.16xlarge does 12275.6 MH/s. You can check all these addresses, 1000 hashes each, in less than <2 minutes for less than $1. Someone should do that...
-
-
- End of conversation
New conversation -
-
-
Maybe they are worried about being sued by a victi for releasing PII.
-
If they truly were worried, why'd they use sha256? Switch to a key-stretching algorithm like bcrypt and instead of 1 hour to bruteforce, it'd take more than 2000 years on the same hardware.
End of conversation
New conversation -
-
-
Maybe it's the same routine from the malware and they don't want to precomptue every MAC?
-
Per the original article, the original malware has a hard-coded list of targeted MAC address MD5 hashes. The Kaspersky tool uses a sha256 of a string generated by concatenating some magic dword and the mac address 10,000 times.
- 2 more replies
New conversation -
-
-
Was asking that question myself as well ... but I think it would not be compliant with privacy laws like GDPR and might be considered personal information. That’s also why we did not want to publish the list with plain text Mac addresses ourselves.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Will they be included in the full report that gets released during SAS?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
My assumption is that they want enterprises to buy their services rather than be able to check their inventory database against a list.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.