Unfortunately, part of the company's damage control efforts included mis-information about the risk posed by the stolen encrypted passwords. Dictionary-based attacks on encrypted passwords only depend on having enough computing power, especially given the poor quality of most passwords. But in an environment where the Internet is swimming in easily hackable powerful computers, computing power is not much of a barrier to entry.
(Since many people use a single password across platforms, a stolen encrypted password for one account could allow an intruder to access a broad range of accounts, including bank accounts and accounts at a target's workplace.)
No comments:
Post a Comment