It is also interesting to note that since hashs do not have a notion of randomness, toto and tata share the same hash, as they have the same password.Ī simple search of the admin’s hash on the internet allows to directly retrieve their passwords.Īfter seeing the previous bad examples, it is tempting to use secure irreversible functions like sha256, sha512, or sha3.In our case, all passwords (except Billy’s) are very frequently used passwords and are among the most used passwords (for example in the 10-million-password-list-top-1000.txt).Let’s take the following database (the passwords are the same as earlier) Login
For example, the LinkedIn site used to store part of its passwords with sha1, and after the hash leaks in 2012, it took only three days to recover 90% of the passwords. In many cases, passwords are stored with outdated irreversible cryptographic functions (md5, sha1…).
0 kommentar(er)
