Redux: Are you sure SHA-1+salt is enough for passwords?

By | June 10, 2012

Source: F-Secure

In this article “Yesterday, LinkedIn confirmed reports that some member passwords have been compromised.

Here’s some info from their blog:

“It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.”

Hashing and salting? Is that enough? That’s the question our own Jarno Niemela asked last year in this reprinted post (with updates).

—————

The anarchic Internet group called Anonymous recently hacked HBGary Federal and rootkit.com, an online forum dedicated to analyzing and developing rootkit technologies. All user passwords at rootkit.com have been compromised.

Leave a Reply