Hacker News new | ask | show | jobs
by atmanactive 752 days ago
Ah yes, thanks for the clarification. So, two mishaps are needed for this to work: a site needs to be hacked and the user database stolen, and, a person needs to use the same user/password for all sites. Takeaway: never use the same password twice. Got it.
1 comments
matthewmacleod 751 days ago
AND that site has to be using unsalted MD5 password hashes, in which case you were already doomed
link
ranger_danger 751 days ago
Salts do not make brute-forcing any more "difficult" though if that's the method you're using to crack with.
link
matthewmacleod 750 days ago
Of course this is correct (merely makes it so that you have to brute force instead of look up in your book)!
link