[Password Leak] LinkedIn database hacked

<< < (6/18) > >>

BrightAnarchist:
This pisses me off. Really, I mean really?? I thought LinkedIn was supposed to be professional. Every newb knows that you always want some salt with your hash ( and maybe some eggs too ). Otherwise it's bland and tasteless.

BCB:
Check This out.
http://shiflett.org/blog/2012/jun/leakedin
Link to Chris Shiflet's blog and another link to "Leakedin"
Their leaked password checker. 

Happy Hunting....

zhoutong:
Quote from: TangibleCryptography on June 06, 2012, 07:37:38 PM

Honestly I feel it is going to take companies being force to publicly disclose their exact mechanism for storing passwords and face civil penalties for inaccurate disclosures.   I mean it is 2012 not 1971.  There is absolutely no possible excuse for not using bcypt (or similar) much less not even salting the passwords.     Security through obscurity is no security at all.

Maybe we can get such information from Bitcoin websites via public pressure.

So major Bitcoin businesses and exchanges how are you storing your passwords?
MtGox?
CampBX?
Bitcointalk?
Bitmit?
Deepbit?
Bitcoinica?

Any volunteers?


Bitcoinica: Salted BCrypt with 20 iterations. Enforce minimum 8 characters. It can take months to crack a simple password. (And I use this for all my future app projects. Also recommend everyone to do the same.)

rjk:
Quote from: zhoutong on June 07, 2012, 01:11:30 AM

It can take months to crack a simple password.

Only if it isn't in a dictionary somewhere already. But yes, even dictionary cracks are slowed down, somewhat.

weex:
We salt for the rainbow and iterate for the dictionary. You gotta love technology lingo.

Navigation

[0] Message Index

[#] Next page

[*] Previous page