Hacker News new | ask | show | jobs
by ssafejava 4605 days ago
So, if Adobe engineers eventually realized that they needed to upgrade their password security, and they had access to the passwords in their DB (they used 3DES, and they had the key) - why did they not immediately decrypt and hash all passwords?
1 comments
jordanthoms 4605 days ago
It sounds like they did do that, and this system was the old database which was no longer in use, but they didn't shut it down.
link
acqq 4605 days ago
See neya's comment here, who believes his credit card was taken from there amd he claims to have recently purchase something.

My theory is Adobe didn't use SHA2 even recently, it's probably something that they only started to develop.

And SHA2 is still wrong, BTW. See other comments here.

link