Facebook & Others Help Users Hit by Adobe Data Breach

Status
Not open for further replies.

razor512

Distinguished
Jun 16, 2007
501
0
18,940
The fact that other sites are able to do this, means that they are using the same weak encryption, or likely no encryption at all.

When a site restricts the max length of a password, or character types, it generally means that they are likely storing your passwords in some sql server completely unencrypted.

If a website is properly salting and encrypting your passwords, then they should have no way of determining what your password is. or even if 2 people on the site have the same password as proper encryption creates a new hash each time the came exact text is encrypted.

a billion people could have a password of 1234, and every single hash would be different.

For even more security, the salt can be stored on a separate server, though it is not a requirement, but a salt prevents a precomputed attack on a users password, as each user will have a different salt, thus they will be forced to brute force every single hash, and likely never crack any reasonably long and properly random password.

If a site is able to tell you your password, it means they are not securing your data. (if they can e-mail you your password, it is a red flag that they are not even encrypting your password.

if your bank does any of this, then switch banks.
 

f-14

Distinguished
Apr 2, 2010
774
0
18,940
this sounds like a perfect benchmark tool:
"To check the data yourself would require you to download the 3.4-gigabyte dataset (it's available in several places online) and perform a potentially time-consuming search that would temporarily eat up your machine's processing power."
 

reactive

Distinguished
Mar 30, 2009
38
0
18,580
Just consider that Adobe now force you to hand over credit card details to them, since you can't buy boxed CS products any more. How I despise Adobe!
 

Niva

Distinguished
Jul 20, 2006
141
0
18,630
I love Photoshop, but Adobe has been the source of much hacks over the years, especially Adobe reader. They seriously have got to get their sheite together, such a big company and they fall to this?
 

ddpruitt

Honorable
Jun 4, 2012
226
0
10,860
@razor512 Before you get all Fox news A) read the article B) research encryption so you know why Facebook doesn't need the original password to see if you're using the same one as for Adobe C) Please don't spout misinformation until you get a firm grasp of the facts

At this point given all the security breaches I say that any company storing a username/password combination should be required to provide you with the details of the security mechanisms in place. Seriously, how many websites still use MD5 and reversible encryption? Security today needs to be one of the first things considered not an afterthought.
 
Status
Not open for further replies.