Submission + - LinkedIn Password Leak: Salt Their Hide (acm.org)
CowboyRobot writes: "Following yesterday's post about Poul-Henning Kamp no longer supporting md5crypt, the author has a new column at the ACM where he details all the ways that LinkedIn failed, specifically realted to how they failed to 'salt' their passwords, making them that much easier to crack.
"On a system with many users, the chances that some of them have chosen the same password are pretty good. Humans are notoriously lousy at selecting good passwords. For the evil attacker, that means all users who have the same hashed password in the database have chosen the same password, so it is probably not a very good one, and the attacker can target that with a brute force attempt.""
"On a system with many users, the chances that some of them have chosen the same password are pretty good. Humans are notoriously lousy at selecting good passwords. For the evil attacker, that means all users who have the same hashed password in the database have chosen the same password, so it is probably not a very good one, and the attacker can target that with a brute force attempt.""
LinkedIn Password Leak: Salt Their Hide More Login
LinkedIn Password Leak: Salt Their Hide
Slashdot Top Deals