[Cryptography] How secure are hashed passwords?
John R. Levine
johnl at iecc.com
Wed May 21 20:47:25 EDT 2014
I see in the press that eBay had a large security breach, in which the
bad guys stole a lot of personal information such as physical address
and birth date, and the encrypted passwords. So eBay wants everyone
to change their passwords. Huh?
Assuming a reasonably competent implementation of password hashing
(which I realize is a leap of faith here), with a strong hash and a
large enough salt to make rainbow tables impractical, how much can the
bad guys recover from the hashes?
R's,
John
More information about the cryptography
mailing list