Rich Freeman on 7 Jan 2016 09:56:29 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] Time Warner and Linode report possible password breaches |
On Thu, Jan 7, 2016 at 12:47 PM, Thomas Delrue <delrue.thomas@gmail.com> wrote: > > That being said, you will have bad apples anywhere. If someone in a > privileged position is out to get you, they will get you (and it's going > to sting). Agree, the real problem here wasn't that the password hashes were leaked, but the fact that passwords are being used at all. If you're going to use passwords, you're running the risk that the hashes will get stolen, or even that the plaintext gets skimmed if a server handling them is compromised. While you can certainly take steps to reduce the risk, they're fundamentally part of the design. Obviously a stronger hash is going to be more resistant, as will be a stronger password. The real fix is to move to an authentication system which is cryptographically secure against brute-force attacks, like RSA. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug