Doug Stewart on 7 Jan 2016 10:03:02 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Time Warner and Linode report possible password breaches


Even RSA got hacked:
http://bits.blogs.nytimes.com/2011/04/02/the-rsa-hack-how-they-did-it/

On Thu, Jan 7, 2016 at 12:56 PM, Rich Freeman <r-plug@thefreemanclan.net> wrote:
On Thu, Jan 7, 2016 at 12:47 PM, Thomas Delrue <delrue.thomas@gmail.com> wrote:
>
> That being said, you will have bad apples anywhere. If someone in a
> privileged position is out to get you, they will get you (and it's going
> to sting).

Agree, the real problem here wasn't that the password hashes were
leaked, but the fact that passwords are being used at all.

If you're going to use passwords, you're running the risk that the
hashes will get stolen, or even that the plaintext gets skimmed if a
server handling them is compromised.  While you can certainly take
steps to reduce the risk, they're fundamentally part of the design.
Obviously a stronger hash is going to be more resistant, as will be a
stronger password.

The real fix is to move to an authentication system which is
cryptographically secure against brute-force attacks, like RSA.

--
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug



--
-Doug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug