This is Adam Rosenfield's TypePad Profile.
Join TypePad and start following Adam Rosenfield's activity
Adam Rosenfield
Recent Activity
Gawker did NOT store passwords. You are flat-out wrong there, Jeff. They stored the standard DES hashes of passwords as computed by crypt($password, "xy"), where "xy" is a random two-character salt (http://php.net/manual/en/function.crypt.php).
Using some kind of brute force (perhaps a dictionary attack, perhaps rainbow tables, perhaps something else), the hacker managed to crack about 200,000 of the 1.3 million passwords in the database. The other 1.1 million are still crackable, but only the hashes, not the plaintext passwords, are in the database that the crackers released.
Commented Dec 14, 2010 on The Dirty Truth About Web Passwords at Coding Horror
The Dirty Truth About Web Passwords
This weekend, the Gawker network was compromised. This weekend we discovered that Gawker Media's servers were compromised, resulting in a security breach at Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot. If you're a commenter on any of our sites, you prob...
Adam Rosenfield is now following The Typepad Team
Dec 14, 2010
Subscribe to Adam Rosenfield’s Recent Activity
