undefined | Better HN

0 pointsatmanactive1y ago0 comments

Ah yes, thanks for the clarification. So, two mishaps are needed for this to work: a site needs to be hacked and the user database stolen, and, a person needs to use the same user/password for all sites. Takeaway: never use the same password twice. Got it.

0 comments

matthewmacleod1y ago

AND that site has to be using unsalted MD5 password hashes, in which case you were already doomed

ranger_danger1y ago

Salts do not make brute-forcing any more "difficult" though if that's the method you're using to crack with.

matthewmacleod1y ago

Of course this is correct (merely makes it so that you have to brute force instead of look up in your book)!

j / k navigate · click thread line to collapse

0 pointsatmanactive1y ago0 comments

0 comments

matthewmacleod1y ago

AND that site has to be using unsalted MD5 password hashes, in which case you were already doomed

ranger_danger1y ago

Salts do not make brute-forcing any more "difficult" though if that's the method you're using to crack with.

matthewmacleod1y ago

Of course this is correct (merely makes it so that you have to brute force instead of look up in your book)!

j / k navigate · click thread line to collapse