[Password Leak] LinkedIn database hacked
i_rape_bitcoins:
This morning, a dump of unique passwords from LinkedIn databases had been posted. From the dump, it is revealed that password hashes did not include a salt. This allows the attacker to generate a rainbow table that is valid with all the hashes. So expect your password compromised. (feel the same as if your password were leaked plain-text)
If you have a LinkedIn account and use the same password for other services (such as mtgox), please change your password. If you are unsure, visit LeakedIn to check.
More news here: https://news.ycombinator.com/item?id=4073309
kjlimo:
Quote from: gweedo on June 06, 2012, 07:15:32 PM
And remember to always salt your passwords ;)
Who salts a password? Is that something I have to do when creating a password, or is that directed at the password manager to make sure to salt the passwords?
mcorlett:
Quote from: kjlimo on June 06, 2012, 07:29:22 PM
Is that something I have to do when creating a password, or is that directed at the password manager to make sure to salt the passwords?
The latter.
ErebusBat:
Quote from: kjlimo on June 06, 2012, 07:29:22 PM
Who salts a password? Is that something I have to do when creating a password, or is that directed at the password manager to make sure to salt the passwords?
kjlimo,
It is, unfortunately, up to the website operator to do. The safest thing you can do as a consumer is user a random password at each site.
TangibleCryptography:
Honestly I feel it is going to take companies being force to publicly disclose their exact mechanism for storing passwords and face civil penalties for inaccurate disclosures. I mean it is 2012 not 1971. There is absolutely no possible excuse for not using bcypt (or similar) much less not even salting the passwords. Security through obscurity is no security at all.
Maybe we can get such information from Bitcoin websites via public pressure.
So major Bitcoin businesses and exchanges how are you storing your passwords?
MtGox?
CampBX?
Bitcointalk?
Bitmit?
Deepbit?
Bitcoinica?
Any volunteers?
Navigation
[0] Message Index
[#] Next page