Author

Topic: Your Facebook Account has Three Passwords - WTF? (Read 1148 times)

legendary
Activity: 1386
Merit: 1002
I wonder what kind of salting and hashing are they using... 3 hashes for each password, or no salting/hashing at all and they just see your facebook password in plain text, and consequently, for at least 50% of users, all of their other passwords?

Most big sites use either bcrypt or PBKDF2 for password hashing.  The latter because it's standards-based, the former because it's designed to be difficult to implement in hardware and thus slow to crack.

Yes, but my real doubt is if they are really storing 3 hashes for each password or just storing them in plain text... Wink
newbie
Activity: 12
Merit: 0
I wonder what kind of salting and hashing are they using... 3 hashes for each password, or no salting/hashing at all and they just see your facebook password in plain text, and consequently, for at least 50% of users, all of their other passwords?

Most big sites use either bcrypt or PBKDF2 for password hashing.  The latter because it's standards-based, the former because it's designed to be difficult to implement in hardware and thus slow to crack.





sr. member
Activity: 437
Merit: 250
Basically, an extremely minor reduction in your security to drastically lower tech support tickets...
legendary
Activity: 952
Merit: 1000
Confirmed Smiley

Weird.
I understand the complete case switch for when the capslock is on. But why would you just switch the case of the first character?

We accept three forms of the user’s password to help overcome the most common reasons that authentic logins are rejected. In addition to the original password, we also accept the password if a user inadvertently has caps lock enabled or their mobile device automatically capitalizes the first character of the password.
hero member
Activity: 1596
Merit: 502
Confirmed Smiley

Weird.
I understand the complete case switch for when the capslock is on. But why would you just switch the case of the first character?
legendary
Activity: 1386
Merit: 1002
So, as seen here: http://www.labnol.org/internet/facebook-account-passwords/21241/ your facebook account has 3 passwords.

Read the article first and then come back to comment on this...

I wonder what kind of salting and hashing are they using... 3 hashes for each password, or no salting/hashing at all and they just see your facebook password in plain text, and consequently, for at least 50% of users, all of their other passwords?

Facebook is funny Tongue
Jump to: