Crosswords2 mins ago
Linkedin Pw/ids Stolen?
6 Answers
http:// www.bbc .co.uk/ news/te chnolog y-36320 322
Why is a site of this public standing not using 1 way encryption? It's not possible to steal a PW if it is only stored as encrypted using a 1 way algorithm.
Why is a site of this public standing not using 1 way encryption? It's not possible to steal a PW if it is only stored as encrypted using a 1 way algorithm.
Answers
Best Answer
No best answer has yet been selected by ToraToraTora. Once a best answer has been selected, it will be shown here.
For more on marking an answer as the "Best Answer", please visit our FAQ.They were using hashing which is one way. One way doesn't mean it's uncrackable, merely that it's more difficult to crack. What they were NOT doing was salting the passwords. Without salting the same password will always produce the same hash, so it's possible to work out the password by comparing its hash to a (massive) table of known hashes.
TTT
Thanks for posting this. I use 1Password to generate randomised complex passwords, and I've just checked and found that I last changed my LinkedIn password last year, so whatever has been stolen is useless.
I highly recommend that other AB members look into a password management app to generate complex passwords for all their online activity. That way, if one site is breached, you aren't in danger of hackers checking your other online accounts to see whether you've used the same password.
With 1Password, you don't even have to remember your login details. You simply go to a site, and hit the 1Password icon which then submits your details encrypted. And the passwords it generates can be as complex as:
tTq9wVZhgQ)aN0tlv}Gpew
(I don't work for 1Password by the way).
Thanks for posting this. I use 1Password to generate randomised complex passwords, and I've just checked and found that I last changed my LinkedIn password last year, so whatever has been stolen is useless.
I highly recommend that other AB members look into a password management app to generate complex passwords for all their online activity. That way, if one site is breached, you aren't in danger of hackers checking your other online accounts to see whether you've used the same password.
With 1Password, you don't even have to remember your login details. You simply go to a site, and hit the 1Password icon which then submits your details encrypted. And the passwords it generates can be as complex as:
tTq9wVZhgQ)aN0tlv}Gpew
(I don't work for 1Password by the way).
one way means they have to first work out the algoirithm, then apply it to guessed PWs and compare the encrypted output, extremely time consuming and difficult, ie they won't bother and they'll go and find and easier one, ie in this case linkedin!
Yes SP that helps but that makes it more difficult for the user when it is really the responsibility of the site to do what they can.
You all probably know by now I work in a bank in IT and this is a constant battle.
Yes SP that helps but that makes it more difficult for the user when it is really the responsibility of the site to do what they can.
You all probably know by now I work in a bank in IT and this is a constant battle.
Related Questions
Sorry, we can't find any related questions. Try using the search bar at the top of the page to search for some keywords, or choose a topic and submit your own question.