This is Adam Rosenfield's Typepad Profile.
Join Typepad and start following Adam Rosenfield's activity
Join Now!
Already a member? Sign In
Adam Rosenfield
Recent Activity
Gawker did NOT store passwords. You are flat-out wrong there, Jeff. They stored the standard DES hashes of passwords as computed by crypt($password, "xy"), where "xy" is a random two-character salt (http://php.net/manual/en/function.crypt.php). Using some kind of brute force (perhaps a dictionary attack, perhaps rainbow tables, perhaps something else), the hacker managed to crack about 200,000 of the 1.3 million passwords in the database. The other 1.1 million are still crackable, but only the hashes, not the plaintext passwords, are in the database that the crackers released.
Toggle Commented Dec 14, 2010 on The Dirty Truth About Web Passwords at Coding Horror
Adam Rosenfield is now following The Typepad Team
Dec 14, 2010