LinkedIn: No Reports of Unauthorized Account Access in Wake of Hack
LinkedIn beefs up security after passwords leaked
Salts are designed to ensure that the generated hash is different even if the same password is being hashed. The larger the salt, the more different hashes exist for the same passwordTy Millerchief technology officer, Pure hacking
The company also revealed that passwords of the service's users are now salted as well as hashed. "That transition was completed prior to news of the password theft breaking on Wednesday," Silveira wrote.
Ty Miller, chief technology officer of penetration testing firm Pure hacking, said that although the salting of password hashes has been around for a long time, "we find that many Web applications either do not hash their passwords at all, or use common hashing algorithms, such as MD5, without a salt".
"Social and professional networking sites such as LinkedIn are major targets for hackers," Miller said. "Combining this with the complexity of these types of web applications, the chance of a critical vulnerability being present is likely. This means that a defence-in-depth approach should be a necessity for LinkedIn, which includes protecting passwords with strong cryptographic methods."
The company also revealed that passwords of the service's users are now salted as well as hashed
Miller said that social networking services such as LinkedIn store a wealth of personal information about their users and have a responsibility to implement a very high standard of security, with security measures, such as salting password hashes, implemented as part of application design.
Salting a password makes it less likely an account will vulnerable to hackers using rainbow tables, which are essentially dictionaries of hashes that allow someone to discover what a user's unencrypted password is.
"Salts are designed to ensure that the generated hash is different even if the same password is being hashed," Miller said. "The larger the salt, the more different hashes exist for the same password. This generally means that Rainbow Tables are not a feasible option for cracking salted hashes because there are too many combinations to create.
"This means that attackers have to rely on dictionary-based password attacks, which has to calculate every possible salted hash for each password in the password dictionary. This means that weak passwords will be able to be cracked easily, and stronger passwords are more likely to remain secured."
The long-expected Lumia 530 budget phone is Microsoft's first official post-acquisition Lumia release.
IT bellwether TCS scripted history by becoming the first Indian company to stage a grand entry into the Rs 5 lakh crore market cap club.
IBM is offering a potentially powerful incentive in its attempts to entice organizations to move supercomputing jobs to the cloud: a high-speed network communications link called InfiniBand.
Indian IT services company Tech Mahindra has announced that it plans to expand significantly in Korea and hire 300 in next 3 years and create an ecosystem involving universities, trade bodies and alliances to create jobs.