Archive for June 2012

Dealing with Passwords

Tags: Cryptography, Programming, Security

After the recent leaks of password hashes from LinkedIn and others, I thought it would be a good idea to write down some 'best practices' in how to properly deal with user passwords and sensitive data. This entry is by no means complete, nor is it the be all, end all there is to say about the topic. What it does try to do is give a decent starting point to eliminate basic mistakes which could lead to embarrasment later one. If you're developing a new website, or bringing another one up to date or are otherwise working with users and passwords, these tips might be of help. Let's start...

X-Ray Key

LinkedIn leak

Tags: Cryptography, Security

So LinkedIn had some security issues a couple of days ago: 6 million or so password hashes from their users were leaked on a Russian hacker site. There seems to be quite some confusion among people as to what the impact of this really is, with several websites claiming that the actual passwords were leaked, that the passwords can be 'decrypted' etc. Let's put some of these things straight, starting with some of the terminology.