(links.plex.tv)

104 points andyexeter | 1 comments | 08 Sep 25 22:11 UTC | HN request time: 0.404s | source

Show context

Someone1234 ◴[08 Sep 25 22:46 UTC] No.45175111[source]▶

> Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party.

I am glad they were hashed, but that's a misleading statement. The point of hashing is to slow an attacker down, even with full best security practices (e.g. salt + pepper + argon2 w/high factors) they can still be reverse engineered. It is a matter of when, not if.

replies(6): >>45175194 #>>45175199 #>>45175211 #>>45175220 #>>45175316 #>>45175644 #

1. pixl97 ◴[08 Sep 25 22:57 UTC] No.45175199[source]▶

>>45175111 #

Technically you may have to burn more entropy than exists in the visible universe, so its a possible if in the case of the right hash and luck.

↑

Plex Security Incident