June 07, 2012, 2:26 PM — As reports have swirled throughout the day that approximately 6.5 million LinkedIn passwords have been leaked, security experts have been trying to figure out what happened, as well as checking to see if their own passwords have been compromised.
LinkedIn says it will e-mail affected users and invalidate the compromised passwords. But, security experts say there are ways to check for yourself if your password was on the list.The process involves downloading the dataset of leaked passwords, converting your password into the encrypted format in which the passwords are displayed, and searching for the password in the dataset.
All of the leaked passwords are hashed, or encrypted using SHA-1, which converts the characters that make up the password into a 40-character hash. To find the hash that's connected to your password, there are a variety of free SHA-1 conversion tools, including from websites such as Hash.online-convert.com; Sha1hash.com and this free online hash converter.
Some experts warn about using such online conversion tools, however. Dave Pack is a director at LogRhythm, a log management and IT security firm, who says some of the online conversion websites hold logs of hashes that have been calculated, so he warns about using such tools if your LinkedIn password is also used as a credential for other websites.
Another way to create a hash and avoid using a conversion tool is to use a command line transcript that creates the hashtag automatically and searches for it directly in the datadump. Those command line transcripts are specific to individual operating systems.
For users of the online conversion tool, the next step is to download the set of hashed passwords. The dataset can be accessed from a variety of sites. One that continues to host the dataset is here at MediaFire. Once the file is downloaded, simply search within the text file for the password in its SHA-1 hashed format.
If the hashed password is not found, it may be listed in another form within the database. The hackers seem to have replaced the first five characters of a portion of the hashed passwords with five zeros. Pack believes those indicate hashes that have already been converted back into their native password form. To search for the hashed passwords, replace the first five characters of the hashed password with five zeros and search the document again.