Log in

No account? Create an account

Previous Entry | Next Entry

Four weeks ago, Adobe disclosed a sustained hack on its corporate network that threatened to spawn a wave of meaner malware attacks by giving criminals access to the raw source code for the company's widely used Acrobat and ColdFusion applications. Now, researchers are warning the same breach could significantly strengthen the password crackers' collective hand by revealing a staggering 130 million passcodes used over the years by Adobe customers, many of them from the FBI, large corporations, and other sensitive organizations.

That's because Adobe engineers used reversible encryption to scramble the passwords contained in a 9.3-gigabyte file that's now available online. Surprisingly, they flouted almost universally recognized best practices that call for stored passwords to be protected by bcrypt or another one-way cryptographic hashing algorithm. Just as ground hamburger can't be converted back into steak, there's no mathematical way to reverse cryptographic hashes and return them to their plaintext origins. One-way hashing is designed to thwart cracking by requiring crackers to pass individual password guesses through the same algorithm and see if it produces the same long string of random-looking characters. When done correctly, it can take centuries to decipher long lists of credentials.

How an epic blunder by Adobe could strengthen hand of password crackers | Ars Technica

Latest Month

February 2018
Powered by LiveJournal.com
Designed by Naoto Kishi