Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Lessons From The LinkedIn Password Attack

Jun 08, 2012, 02:00 (2 Talkback[s])
(Other stories by Sean Michael Kerner)

There has been some speculation that the fact that LinkedIn did not "salt" their passwords has made it easier for attackers to crack them. The leaked LinkedIn passwords were stored as SHA-1 hashes.

"Salting stored hashes increases the complexity of the encrypted password data, beyond the point where it can be cracked in a reasonable amount of time," said Jim Walter, manager of McAfee's Threat Intelligence Service (MTIS), in an interview with eSecurity Planet. "Failing to store passwords in a secure manner allows for quick and easy decryption of the hashes, revealing the plain-text passwords."

Complete Story