←back to thread

Accessing Max Verstappen's passport and PII through FIA bugs

(ian.sh)
396 points galnagli | 9 comments | 22 Oct 25 18:21 UTC | HN request time: 0s | source | bottom
1. forgotaccount22 ◴[22 Oct 25 20:19 UTC] No.45674635[source]
Archaic company has archaic security. Well done on the RD, but boy does it not surprise me one bit. Would almost be willing to bet that the hash was MD5 too.
replies(2): >>45674810 #>>45674956 #
2. veqq ◴[22 Oct 25 20:34 UTC] No.45674810[source]
What hash do you use?
replies(3): >>45674884 #>>45675297 #>>45677005 #
3. scq ◴[22 Oct 25 20:42 UTC] No.45674884[source]
bcrypt is the industry standard.
replies(1): >>45675775 #
4. zozbot234 ◴[22 Oct 25 20:48 UTC] No.45674956[source]
It's an F1 racing site, their job is literally to move fast and break things. https://xkcd.com/1428/
replies(2): >>45675118 #>>45675695 #
5. olyjohn ◴[22 Oct 25 21:04 UTC] No.45675118[source]
You break things in F1, you lose. Reliability and consistency is key.
6. ◴[22 Oct 25 21:21 UTC] No.45675297[source]
7. mikey_p ◴[22 Oct 25 21:59 UTC] No.45675695[source]
No, this is the FIA[1], not Formula 1. They are very very different organizations.

[1] https://en.wikipedia.org/wiki/F%C3%A9d%C3%A9ration_Internati... https://en.wikipedia.org/wiki/Formula_One_Group

8. maxbond ◴[22 Oct 25 22:08 UTC] No.45675775{3}[source]
`bcrypt` is probably the "standard" in the sense that it has the widest adoption, but since 2015 [1] the "standard" in terms of what you should recommend for new work has been `argon2id` (and you can find parameter recommendations here [2]).

[1] https://en.wikipedia.org/wiki/Password_Hashing_Competition

[2] https://cheatsheetseries.owasp.org/cheatsheets/Password_Stor...

9. megous ◴[23 Oct 25 00:55 UTC] No.45677005[source]
yescrypt is very common these days, default in Debian