Comments on: LinkedIn Password Hacking confirmed

By: Guest

Guest — Thu, 07 Jun 2012 16:02:00 +0000

I’m sure glad those hackers are working against big companies… and supporting the general public instead.

Hey, wait a minute. How did posting my password online… help me exactly????

By: Patty

Patty — Thu, 07 Jun 2012 15:58:00 +0000

I think he was trying to say:

Do you have a list of passwords?
Or do you have a list of user names?
Or do you have both?

… or… do you have a *MATCHING* relationship list????

By: Bonnie T.

Bonnie T. — Thu, 07 Jun 2012 15:56:00 +0000

I’m thinking of a number. When you take the square-root of it… the 11th digit is a 4.

What’s my original number?

There is no answer. Because there are millions of solutions…. and absolutely no way to know which 1 the original user picked.

The whole point of “a password file was stolen” is to PREVENT hackers from posting everyone’s password online.

LinkedIn didn’t think. Now I know your password… and can use it on other sites.

By: Jill

Jill — Thu, 07 Jun 2012 15:52:00 +0000

You can “brute-force” without a need to even steal the password list. That’s not the point.

But a lossy 1-way encryption would *NEVER* get you back to the original user’s password. It could (maybe) get you 1000s of guesses at it. But never the original one. Only the user would know that one.

By: Guest

Guest — Thu, 07 Jun 2012 15:49:00 +0000

They have something far, far more powerful than an old Cray.

They can combined the power of 1,000,000 individual computers all over the world.

And that’s exactly what they did yesterday.

By: Jeff Nonya

Jeff Nonya — Thu, 07 Jun 2012 10:09:00 +0000

They don’t have Crays. What you propose would take billions of years, if not longer.

By: Joan Respondi

Joan Respondi — Thu, 07 Jun 2012 00:12:00 +0000

Correct.

By: Joan Respondi

Joan Respondi — Thu, 07 Jun 2012 00:11:00 +0000

…who noted that the company does indeed correspond directly with LinkedIn accounts…” Author, what on earth does that sentence mean?

By: jdeberhart

jdeberhart — Wed, 06 Jun 2012 21:50:00 +0000

They brute-force passwords until they match the hash.

By: Guest

Guest — Wed, 06 Jun 2012 21:06:00 +0000

They should always be using a lossy 1-way hash algorithm. Even if you GIVE someone the entire password file… no passwords will ever be found there. Just a useless load of coded letters/numbers that can *NEVER* be decoded back into their original passwords.

My password is: poodle
The database encodes it and stores: 3j3h228s8s83930922dfdf4686
A talented hacker “successfully” decodes it, but only gets: xxksej3322kx3343kxkxfgf

The original word “poodle” is *NEVER* stored or obtainable by anyone. Not by me. Not by a hacker. Not even by the staff of the company itself.