Lessons From The LinkedIn Password AttackJun 08, 2012, 02:00 (2 Talkback[s])
(Other stories by Sean Michael Kerner)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
There has been some speculation that the fact that LinkedIn did not "salt" their passwords has made it easier for attackers to crack them. The leaked LinkedIn passwords were stored as SHA-1 hashes.
"Salting stored hashes increases the complexity of the encrypted password data, beyond the point where it can be cracked in a reasonable amount of time," said Jim Walter, manager of McAfee's Threat Intelligence Service (MTIS), in an interview with eSecurity Planet. "Failing to store passwords in a secure manner allows for quick and easy decryption of the hashes, revealing the plain-text passwords."
0 Talkback[s] (click to add your comment)