Dan Goodin writes in Ars Technica about how there appear to be parallel sets of passwords in Ashley Madison’s data dump. One encrypted with bcrypt, a slower method that takes longer to crack, and the other MD5, which is faster. The second appears to have been for user convenience.
I’d been re-reading Clifford Stoll’s The Cuckoo’s Egg, which has an excellent, non-technical explanation on how you undo a one-way encryption of a password (spoiler: you don’t. You just match the encrypted ends after running known words through the encryption; the ends will match, indicating the starting point). I was reminded of this because the Ashley Madison passwords hashed with MD5 were then compared with the bcrypt versions.
Goodin’s piece is particularly interesting as it walks through how the cracking team tests the uncovered MD5 version of the password against bcrypt if it’s not a perfect match. If it isn’t already on your law firm’s list of questions for companies providing security around your data (in the cloud or elsewhere), it looks like knowing how they’re salting and hashing passwords should probably be on it.