Slashdot Mirror

← Back to Stories (view on slashdot.org)

Learning From Gawker's Failure

Posted by CmdrTaco on from the i-see-what-you-did-there dept.

Gunkerty Jeb writes "The Gawker hack has completely disenfranchised their users, not to mention the breach in trust that may well be impossible to regain. Users are demanding that they be allowed to delete their accounts immediately, and beyond implementing such a mechanism, it is likely that Gawker systems will have to be rebuilt from the ground up to avoid future hacks. So, what is to be learned from this perfect storm of bluster and bravado?"

1 of 236 comments (clear)

  1. Salting is merely a good start by QuoteMstr · · Score: 4, Informative

    Salting addresses some attacks, but as CPU time becomes cheaper, it becomes increasingly feasible to brute-force even salted hashes. To address this issue, you need key strengthening as well.

    Or, better yet, just use the system designed to store passwords: bcrypt.

    *sigh* Then again, I'm confident that we'll see incompetent web application developers using unsalted MD5 for decades to come. People don't learn from others' mistakes it seems.