Adobe encrypted passwords instead of hashing them... That's bad, as in incompetent amateur level bad.
If you're not technical, here's the reason it's bad: with encrypted passwords, it's possible that a hacker could discover the encryption keys and recover all the passwords “in the clear” (as someone would type them). With hashed passwords, that's not possible – nothing the hacker could do would ever recover all the passwords – the best he could do would be to break into a few accounts.
For shame, Adobe, for shame.
I wonder how many other major companies doing something this stupid?
No comments:
Post a Comment