Surpirsed they haven’t really solved this whole dilemma.
People should have more difficult pass codes to crack as some of these are pretty funny.
Imagine having a password like that and some idiot can login as easy as 123…
This news continued for the past 2 months though, so they definitely have been hiding a trail of future articles potentially.
Sadly this dilemma had been solved here, then they fucked it up by doing something very stupid.
When you create a password for a website, the website takes your password and it goes through a one way cryptographic function to produce a hash of the password. There are many algorithms for this hashing, some are very fast like MD5 should be used for anything other than hashing passwords as right now password crackers can try over 8 BILLION pASSWORDS A SECOND meaning if ashley maddison used that function, they were screwed.
They had actually used an excellent hashing algorithm know as bcrypt that slows crackers right down. With bcrypt your password does not just get hashed once with a fast function, this passes the password through the function, then repeats and hashes the hash produced from the 1st round, then does this around 10,000 times in total making it orders of magnitute harder to crack the hashes (I gave over 8 billion guesses/s for MDS, bcrypt, being attacked by exactly the same hardware and software cut the number of guesses down to 238 a second). Sadly the programmers decided to assosciate a token with many of these accounts and it was the existance of those tokens that make their excellent usage of bcrypt useless and without those tokens almost none of those passwords would have been cracked for decades if not millennia.
0
Voices
2
Replies
Tags
This topic has no tags