Editing 1286: Encryptic
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 6: | Line 6: | ||
| titletext = It was bound to happen eventually. This data theft will enable almost limitless [xkcd.com/792]-style password reuse attacks in the coming weeks. There's only one group that comes out of this looking smart: Everyone who pirated Photoshop. | | titletext = It was bound to happen eventually. This data theft will enable almost limitless [xkcd.com/792]-style password reuse attacks in the coming weeks. There's only one group that comes out of this looking smart: Everyone who pirated Photoshop. | ||
}} | }} | ||
− | + | {{Incomplete}} | |
==Explanation== | ==Explanation== | ||
Web sites and other computers that authenticate users via passwords need to be able to know if the user typed in the right password. But storing the password itself on the computer has been known to be unnecessarily risky since the publication of [http://www.neurosecurity.com/articles/security/passwd.pdf Password Security: A Case History] in 1978. In that paper, Robert Morris and Ken Thompson demonstrated the practice of using a slow, cryptographically-secure one-way {{w|hash function}}, so that even if the password file is stolen, it will be very hard to figure out what the passwords are, so long as the passwords themselves are suitably complex. They also pioneered the use of {{w|Salt (cryptography)|a "salt"}} which makes each password hash completely different even if two users use the same password. See [http://security.blogoverflow.com/2011/07/a-tour-of-password-questions-and-answers/ A tour of password questions and answers] for background on salts and suitably slow hash functions. | Web sites and other computers that authenticate users via passwords need to be able to know if the user typed in the right password. But storing the password itself on the computer has been known to be unnecessarily risky since the publication of [http://www.neurosecurity.com/articles/security/passwd.pdf Password Security: A Case History] in 1978. In that paper, Robert Morris and Ken Thompson demonstrated the practice of using a slow, cryptographically-secure one-way {{w|hash function}}, so that even if the password file is stolen, it will be very hard to figure out what the passwords are, so long as the passwords themselves are suitably complex. They also pioneered the use of {{w|Salt (cryptography)|a "salt"}} which makes each password hash completely different even if two users use the same password. See [http://security.blogoverflow.com/2011/07/a-tour-of-password-questions-and-answers/ A tour of password questions and answers] for background on salts and suitably slow hash functions. |