Password storage?
Joshua Judson Rosen
rozzin at geekspace.com
Fri Jul 19 18:36:36 EDT 2013
Tom Buskey <tom at buskey.name> writes:
>
> On Fri, Jul 19, 2013 at 12:33 PM, Tyson Sawyer <tyson at j3.org> wrote:
>
> > On Fri, Jul 19, 2013 at 12:19 PM, Peter M. Petrakis
> > <peter.petrakis at gmail.com> wrote:
> > > Besides the notebook next to my computer (yup I admit it!) I'm migrating
> > > to this, https://www.passwordcard.org/en.
>
> If you do use a cloud servers to copy the DB everywhere, make sure you use
> a long enough key. There are pre made hashes for passwords up to 8
> characters already out there. In formats for /etc/shadow, SAM, keypass,
> etc...
This is why software developers are supposed to be salting their
password-hashes.
You can reverse a lot of unsalted md5 hashes with Google, e.g.:
http://www.google.com/search?q=31edaffbaba455bc30c52681ceb1ea9d
Salted hashes like "97b21567d3efdda2bb79db1f64a968ca" (which is for
the same password) are much harder.
--
"'tis an ill wind that blows no minds."
More information about the gnhlug-discuss
mailing list