undefined | Better HN

0 pointsdiego7y ago0 comments

In this particular case it doesn't seem too bad. Someone's name and address are not (or should not be) particularly sensitive information. Passwords are, and that's why best practices only keep a one-way function of the password ("encrypted" implies that it can be decrypted to plaintext, which should not be the case).

Luckily you can sign up for Quora with any name and email. You have to assume that no matter how hard a site tries to protect your info, it will get compromised sooner or later. The best they can do is what Quora does: demand as little info about you as they need.

0 comments

larkeith7y ago

For anyone who missed it in Quora's post, passwords were salted and hashed, which makes it functionally impossible to decrypt en-masse. Targeted attacks (trying to discover a specific user's password) may or may not be feasible, depending on if the salts were retrieved, how many iterations and which hashing algorithm was used, and the processing power available to the attacker.

j / k navigate · click thread line to collapse

0 pointsdiego7y ago0 comments

0 comments

larkeith7y ago

j / k navigate · click thread line to collapse