←back to thread

Accessing Max Verstappen's passport and PII through FIA bugs

(ian.sh)
396 points galnagli | 5 comments | 22 Oct 25 18:21 UTC | HN request time: 0.46s | source
Show context
forgotaccount22 ◴[22 Oct 25 20:19 UTC] No.45674635[source]
Archaic company has archaic security. Well done on the RD, but boy does it not surprise me one bit. Would almost be willing to bet that the hash was MD5 too.
replies(2): >>45674810 #>>45674956 #
1. veqq ◴[22 Oct 25 20:34 UTC] No.45674810[source]
What hash do you use?
replies(3): >>45674884 #>>45675297 #>>45677005 #
2. scq ◴[22 Oct 25 20:42 UTC] No.45674884[source]
bcrypt is the industry standard.
replies(1): >>45675775 #
3. ◴[22 Oct 25 21:21 UTC] No.45675297[source]
4. maxbond ◴[22 Oct 25 22:08 UTC] No.45675775[source]
`bcrypt` is probably the "standard" in the sense that it has the widest adoption, but since 2015 [1] the "standard" in terms of what you should recommend for new work has been `argon2id` (and you can find parameter recommendations here [2]).

[1] https://en.wikipedia.org/wiki/Password_Hashing_Competition

[2] https://cheatsheetseries.owasp.org/cheatsheets/Password_Stor...

5. megous ◴[23 Oct 25 00:55 UTC] No.45677005[source]
yescrypt is very common these days, default in Debian