On 6 Jun 2012 at 18:28, Heaton, Joseph@DFG wrote: > What I had heard from my security guy was that what was hacked > was the hash for the encryption. So, doesn't really matter what > you change to until Linkedin changes the hash itself. Anyone hear > if they've done that?
Actually, it seems that LI hashed the passwords without salting them so a simple rainbow-tables attack on the database should reveal all the short passwords and all the common passwords (like "password1234" and "linkedinpassword"). If you have a long enough password I doubt they'll be able to find its hash in time. That said, I did change my LI pwd, including lengthening it somewhat. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
