|
|
|
|
|
|
by makomk
2535 days ago
|
|
|
I doubt they were storing plaintext passwords. If I remember rightly the way LiveJournal login worked back in the day is that the server stored the MD5 of the password. Then when someone went to log in the server sent a random challenge to the client, which computed the MD5 of the password locally, concatenated that with the challenge, and sent the MD5 of that to the server. This does have the unfortunate consequence that knowing the server-stored MD5 is equivalent to having the plaintext password when logging into LiveJournal, but it doesn't give the server an actual plaintext password that can be used elsewhere. Someone's probably been busy doing some password cracking. |
|
|