NNSquad - Network Neutrality Squad
[ NNSquad ] LinkedIn and eHarmony reportedly did not "salt" their password hashes
LinkedIn and eHarmony reportedly did not "salt" their password hashes http://j.mp/LfSauj (Security News Daily) "LinkedIn and eHarmony encrypted, or "hashed," the passwords of registered users, but neither salted the hashes with random data that would have made them much more difficult to decrypt. Without salting, it's very easy to crack" - - - For LinkedIn and eHarmony to have reportedly not been "salting" their password cryptographic systems amounts to gross negligence. UNIX/Linux systems have been routinely using salted functions for decades. This isn't rocket science. There is *no* excuse. --Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren Co-Founder: People For Internet Responsibility: http://www.pfir.org Founder: - Data Wisdom Explorers League: http://www.dwel.org - Network Neutrality Squad: http://www.nnsquad.org - Global Coalition for Transparent Internet Performance: http://www.gctip.org - PRIVACY Forum: http://www.vortex.com Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren Tel: +1 (818) 225-2800 / Skype: vortex.com _______________________________________________ nnsquad mailing list http://lists.nnsquad.org/mailman/listinfo/nnsquad