Slashdot Mirror

← Back to Stories (view on slashdot.org)

LinkedIn Password Leak: Salt Their Hide

Posted by Soulskill on from the i-see-what-you-did-there dept.

CowboyRobot writes "Following yesterday's post about Poul-Henning Kamp no longer supporting md5crypt, the author has a new column at the ACM where he details all the ways that LinkedIn failed, specifically related to how they failed to 'salt' their passwords, making them that much easier to crack. 'On a system with many users, the chances that some of them have chosen the same password are pretty good. Humans are notoriously lousy at selecting good passwords. For the evil attacker, that means all users who have the same hashed password in the database have chosen the same password, so it is probably not a very good one, and the attacker can target that with a brute force attempt.'"

3 of 192 comments (clear)

  1. Resume by tanujt · · Score: 5, Funny

    So if I crack other people's passwords on Linkedin, can I put that up as a skill in my resume on Linkedin?

    1. Re:Resume by SydShamino · · Score: 5, Funny

      You can put it on everybody's resume!

      --
      It doesn't hurt to be nice.
  2. Obese americans by Anonymous Coward · · Score: 1, Funny

    Always wanting to salt everything. Maybe LinkedIn just wanted to be leaner??