[sillysaurus2]

Ah yes, here's another website that stores "encrypted passwords." What's an encrypted password, again?

More seriously, why is the social convention to lie in these situations? Why not just say what methods they were actually using?

I suppose it's possible they were storing encrypted passwords. But then an attacker would be able to break all of them at once.

[kenrikm]

Hashed Passwords, layman don't know what a "hash" is so they use the term encrypted since most people know what that is (even if it's incorrect terminology) It's pretty clear when they say that a weak or obvious password would be easier to crack, hash tables.

[sillysaurus2]

True, but we'll never know if they used unsalted SHA1 or scrypt. Is there no value in putting a technical note at the end of press releases like this?

[mecredis]

sillysaurus2: We used SHA1, see my comment above.

[SideburnsOfDoom]

> True, but we'll never know if they used unsalted SHA1 or scrypt

Except that we already do know ( https://news.ycombinator.com/item?id=7245439 ) . This notice to the general public is not the sum total of their communications. (https://news.ycombinator.com/item?id=7245598 )

[wglb]

Hashing is sometimes known as "one-way encryption."