Hacker News new | ask | show | jobs
by runesoerensen 3695 days ago
Yes they said that in the first paragraph of the incident report you posted a link to ;)

Unfortunately, the passwords were hashed with the SHA1 hashing algorithm, which by today’s standards is considered weak

Also, hashing != encryption
1 comments
tempestn 3695 days ago
Ahh thanks. I read the email they sent out, which had very similar content, but omitted that bit. Just skimmed the post itself, but obviously missed that key info.

Interesting that they don't include strengthening their encryption (ok, hashing) in the list of steps they plan to take, but presumably they will.

link
runesoerensen 3695 days ago
From the same incident report: When users reset their password, we’re going to be hashing it with the bcrypt algorithm with a strong cost value.
link
tempestn 3695 days ago
My god, I swear they're ninja editing the thing on me! I'm really not normally someone to comment before RTFA. Thanks for patiently leading me through it. :P
link