Hacker News new | ask | show | jobs
by kazinator 3032 days ago
> Hash lists are bought, sold, traded, ...

All only possible after the horse has escaped the barn.

> Someone who possesses that particular hash may be multiple hops away from the group that originally acquired them.

But if the hash is for a password that was only used on the original compromised system, it is useless, even if the password is recovered.
1 comments
royce 3032 days ago
Just because the horse is out of the barn doesn't mean that the owner of the barn knows about it yet.
link
kazinator 3032 days ago
Right! So (from the perspective of the password alone) the owner doesn't have to care if that password is used only on that site where the horse has left the barn.

If the password is used on other sites, then of course all that protects them its strength relative to the compute resources thrown at it, relative to the time between the breach and discovery.

(From other perspectives, the user does care: like their credit card number was stolen and is being misused.)

link