[Cryptography] Sony "root" certificates exposed

Ryan Carboni ryacko at gmail.com
Thu Dec 18 17:28:02 EST 2014


>
> The Ars story confuses certificates and keys, for example in the second
> picture they show (and highlight the names of) certificates for GTE
> Cybertrust
> Global Root and JP Morgan, US, which it's unlikely that Sony have the
> private
> keys for.  I can do something similar to what's shown in the story by
> going to
> (for example) https://account.sonyentertainmentnetwork.com/ and clicking
> on
> the padlock icon.



Ars most recently promoted a comment saying that salting reduces the speed
of a brute force password search by 1000x in an attempt to argue that the
recent hacking against Ars won't crack many passwords, using their KDF of
md5 several thousand times.

Naturally my password for Ars is at least 56 bits secure, so I don't think
a hacker is going to spend several thousand dollars just to crack a
password I use no where else.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141218/af12add8/attachment.html>


More information about the cryptography mailing list