Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stolen Adobe Passwords Were Encrypted, Not Hashed

Posted by timothy on Tuesday November 5, 2013 @05:24AM from the getting-around-to-it dept.

rjmarvin writes "The hits keep coming in the massive Adobe breach. It turns out the millions of passwords stolen in the hack reported last month that compromised over 38 million users and source code of many Adobe products were protected using outdated encryption security instead of the best practice of hashing. Adobe admitted the hack targeted a backup system that had not been updated, leaving the hacked passwords more vulnerable to brute-force cracking."

1 of 230 comments (clear)

Min score:

Reason:

Sort:

Re:Strange advice by VortexCortex · 2013-11-05 07:17 · Score: 1, Flamebait

SHA-2 is a family of hashes including SHA-256, SHA-512, etc. you dolt. Additionally: Keystretching is fine, so is key stretching and recording the resultant hashes into a chunk of RAM, then hashing that and continuing the process for your keystretching to make it memory hard. SHA-2 can be every bit as effective as any other option you'd go for. You're clearly an ignorant fuck.