Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@zlice I demonstrated it using one of those sites by decoding their own password and secret question answer in front of them. They were just like, wow, that's cool. I've tried to explain rainbow attacks, to no avail. I think they just don't want to fix because we'd have to ask users to change passwords. Of course, I could just reverse engineer most of the passwords and rencrypt in a more secure way, but there are thousands of users and no guarantee of correct md5 lookups.
-
Since last Friday that's Illegal i guess. And don't you get fined 4% of the companies revenue for data breaches according to the new GDPR law.
-
ydfntn386y@chabad360 Exactly. This way insecure password hashes of inactive users can linger, but if that is a concern you can always send out password reset emails for them.
Related Rants
-
wrkuijpers82Me: *Watching a movie* Main Character: "Oh no, we have to hack the CIA to figure out how this machine works! ...
-
molynerd12Writing some code on a flight "ARE YOU HACKING?!?!" "Ugh... Well yeah but not in the way you're thinking" "Om...
-
harshitks10Hacking is like sex. You get in, you get out, and hope that you didn’t leave something that can be traced ba...
No, MD5 hash is not a safe way to store our users' passwords. I don't care if its been written in the past and still works. I've demonstrated how easy it is to reverse engineer and rainbow attack. I've told you your own password for the site! Now please let me fix it before someone else forces you to. We're too busy with other projects right now? Oh, ok then, I'll just be quiet and ignore our poor security. Whilst I'm busy getting on with my other work, could you figure out what we're gonna do with the tatters of our client's business (in which our company owns a stake) in the aftermath of the attack?
rant
hacking
passwords
md5 only
data breach