[GTALUG] blackmail
D. Hugh Redelmeier
hugh at mimosa.com
Sat Aug 4 12:59:57 EDT 2018
| From: Stephen via talk <talk at gtalug.org>
| Is it not terrible practise to store unencrypted passwords on a web site?
Yes.
But even if you hash them (best practice) with a slow hash function
(best practice but not as common as one would hope) with salt (also
best practice), they may well be crackable off-line using GPUs and
rainbow tables.
Most peoples' passwords area easy to brute force. I would have
thought mine was a bit tough.
More information about the talk
mailing list