[Cryptography] How secure are hashed passwords?
Tony Arcieri
bascule at gmail.com
Wed May 21 21:45:51 EDT 2014
Previous breaches have given us a lot of data about how people use
passwords. An awful lot of people are still using extremely weak passwords
like "123456" or "password". No password hashing algorithm that's actually
useful can reasonably defend against these commonly used, weak passwords.
On Wed, May 21, 2014 at 5:47 PM, John R. Levine <johnl at iecc.com> wrote:
> I see in the press that eBay had a large security breach, in which the
> bad guys stole a lot of personal information such as physical address
> and birth date, and the encrypted passwords. So eBay wants everyone
> to change their passwords. Huh?
>
> Assuming a reasonably competent implementation of password hashing
> (which I realize is a leap of faith here), with a strong hash and a
> large enough salt to make rainbow tables impractical, how much can the
> bad guys recover from the hashes?
>
> R's,
> John
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140521/2dcefca3/attachment.html>
More information about the cryptography
mailing list