Bitcointalk?
SMF uses SHA-1 hashes salted with the username. Not the greatest, though better than LinkedIn. (I'm trying to improve our password security.)
Topic: [Password Leak] LinkedIn database hacked - page 5. (Read 12914 times)
SMF uses SHA-1 hashes salted with the username. Not the greatest, though better than LinkedIn. (I'm trying to improve our password security.)
If you have a LinkedIn account and use the same password for other services (such as mtgox), please change your password. If you are unsure, visit LeakedIn to check.
Seriously people: don't go to LEAKEDin and type your password. Whether it's honest or not, you gain nothing from potentially handing your password over to some random site on the Internet.
"Just provide your password (which we hash with JavaScript; view source to verify) or a SHA-1 hash of your password below, and we'll check."
browser hashes password -----sends to server-----> server replies if hash matches.
If you have a LinkedIn account and use the same password for other services (such as mtgox), please change your password. If you are unsure, visit LeakedIn to check.
Seriously people: don't go to LEAKEDin and type your password. Whether it's honest or not, you gain nothing from potentially handing your password over to some random site on the Internet.
Bitcointalk?
bitcointalk salts their passwords since I saw a thread talking about it
CoinDL and ExchB both use salt and multiple rounds of hashing.
Oh, found it. This is fun.
Honestly I feel it is going to take companies being force to publicly disclose their exact mechanism for storing passwords and face civil penalties for inaccurate disclosures. I mean it is 2012 not 1971. There is absolutely no possible excuse for not using bcypt (or similar) much less not even salting the passwords. Security through obscurity is no security at all.
Maybe we can get such information from Bitcoin websites via public pressure.
So major Bitcoin businesses and exchanges how are you storing your passwords?
MtGox?
CampBX?
Bitcointalk?
Bitmit?
Deepbit?
Bitcoinica?
Any volunteers?
Maybe we can get such information from Bitcoin websites via public pressure.
So major Bitcoin businesses and exchanges how are you storing your passwords?
MtGox?
CampBX?
Bitcointalk?
Bitmit?
Deepbit?
Bitcoinica?
Any volunteers?
Who salts a password? Is that something I have to do when creating a password, or is that directed at the password manager to make sure to salt the passwords?
kjlimo,
It is, unfortunately, up to the website operator to do. The safest thing you can do as a consumer is user a random password at each site.
Is that something I have to do when creating a password, or is that directed at the password manager to make sure to salt the passwords?
The latter. And remember to always salt your passwords 
Who salts a password? Is that something I have to do when creating a password, or is that directed at the password manager to make sure to salt the passwords?
And remember to always salt your passwords
This morning, a dump of unique passwords from LinkedIn databases had been posted. From the dump, it is revealed that password hashes did not include a salt. This allows the attacker to generate a rainbow table that is valid with all the hashes. So expect your password compromised. (feel the same as if your password were leaked plain-text)
If you have a LinkedIn account and use the same password for other services (such as mtgox), please change your password. If you are unsure, visit LeakedIn to check.
More news here: https://news.ycombinator.com/item?id=4073309
If you have a LinkedIn account and use the same password for other services (such as mtgox), please change your password. If you are unsure, visit LeakedIn to check.
More news here: https://news.ycombinator.com/item?id=4073309
Jump to: