[Cryptography] eBay hack
Stuart Longland
stuartl at longlandclan.yi.org
Fri May 23 22:49:16 EDT 2014
On Fri, 23 May 2014 02:55:18 +0200, R. Hirschfeld wrote:
> According to the New York Times, the eBay passwords were salted and
> hashed:
>
> http://www.nytimes.com/2014/05/22/technology/ebay-reports-attack-on-its-
computer-network.html
>
> But you might not trust the New York Times:
>
> http://www.dailykos.com/story/2014/05/15/1299692/-The-New-York-Times-
Busted-Lying-Through-its-Teeth
>
> (an exaggerated indictment, but the comparison with the Washington
Post's
> reporting of the same story is remarkable).
There is a claim by a comment on The Register that the following is the
algorithm used, and that over the years they've changed hashing
algorithms:
SHA-512(RSA-Encrypt(RSA-Encrypt(Password + Username) + Password))
-- http://forums.theregister.co.uk/forum/containing/2196088
Obviously, an anonymous source, and we've got no real way of proving it
right or wrong. Apparently the RSA key is thrown away, so exactly how
you'd go about re-generating the data for comparison to the SHA-512 hash
is anyone's guess, so I'm a little dubious of the above.
More information about the cryptography
mailing list