![]() ![]() That would mean that attackers would have a colossal store of emails and passwords which they could test on other sites around the web. ![]() There is no simple way to reverse the encryption, but "brute force" attacks can sometimes figure out what the key used to encrypt them is. ![]() That last one is most likely the password itself and so the 1.9m who used 123456 as their password have had it compromised. From there, they can look at the password hints, which Adobe didn’t encrypt at all, to try and guess what the password might be. So if the database shows 1.9 million people whose password, when encrypted, reads “EQ7fIpT7i/Q”, then researchers know that they all have the same password. The method, called ECB mode, means that every identical password also looks identical when encrypted. Firstly, it encrypted all the passwords with the same key secondly, the encryption used a method which renders the encrypted data insecure. Encryption errorĪs well as allowing the data to be stolen in the first place, Adobe made two other serious errors when storing the data. If it isn’t, then they are safe, but if it is, then they need to seriously check whether they reused the password anywhere else – because it is as good as revealed. ![]() Using , a tool created by programmer users can check if their email address was included in the 10GB database leaked last week. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |