http://www.theguardian.com/technology/2 ... -can-check
As well as allowing the data to be stolen in the first place, Adobe made two other serious errors when storing the data. Firstly, it encrypted all the passwords with the same key; secondly, the encryption used a method which renders the encrypted data insecure.
The method, called ECB mode, means that every identical password also looks identical when encrypted. So if the database shows 1.9 million people whose password, when encrypted, reads “EQ7fIpT7i/Q”, then researchers know that they all have the same password. From there, they can look at the password hints, which Adobe didn’t encrypt at all, to try and guess what the password might be.
Bitmessage me with Questions, Help, or ChitChat
- BM-2cV5BzWc9P7vufQREE8Be4U64GBgRJ3GnT" Those who do not move, do not notice their chains." -Rosa Luxemburg