Hacker News new | ask | show | jobs
by kouiskas 4783 days ago
name.com's passwords were (still are?) not encrypted. They're unsalted MySQL 4.1 PASSWORD() hashes.
1 comments
edmond_dantes 4783 days ago
Where did you get this information from?

I was curious what algorithm is behind the MySQL PASSWORD() method. According to the MySQL reference manual, "you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead."[1]

1: https://dev.mysql.com/doc/refman/4.1/en/encryption-functions...

link
chrisbolt 4783 days ago
https://news.ycombinator.com/item?id=5677550

Hint: I'm the head of ops, the password matched what I had set (16 characters, mix of letters, numbers and symbols, not used anywhere else).

link
kouiskas 4783 days ago
Also, in addition to confirming that our own hash was genuine, 9gag's password was very weak and their hash can be reversed with online rainbow tables.
link