(links.plex.tv)

104 points andyexeter | 1 comments | 08 Sep 25 22:11 UTC | HN request time: 0.296s | source

Show context

Someone1234 ◴[08 Sep 25 22:46 UTC] No.45175111[source]▶

> Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party.

I am glad they were hashed, but that's a misleading statement. The point of hashing is to slow an attacker down, even with full best security practices (e.g. salt + pepper + argon2 w/high factors) they can still be reverse engineered. It is a matter of when, not if.

replies(6): >>45175194 #>>45175199 #>>45175211 #>>45175220 #>>45175316 #>>45175644 #

Urist-Green ◴[08 Sep 25 23:08 UTC] No.45175316[source]▶

>>45175111 #

One of the aspects of MtGox's database leak that I found most fascinating to watch was the public effort to figure out users' passwords from the hashes. Checking common passwords, patterns, and people's public interests on Twitter was all shockingly effective.

replies(1): >>45177338 #

1. internetter ◴[09 Sep 25 04:16 UTC] No.45177338[source]▶

>>45175316 #

This sounds fascinating. Has there been any literature produced on this specific incident and unfolding attempts?

↑

Plex Security Incident