Hacker News new | past | comments | ask | show | jobs | submit login

What's the point of these tools that let you know whether Gawker's database held my email address? It's no secret that I have a Gawker account, and a Twitter account, and a Facebook account... What I would like to know is how likely it is that my password could be compromised. How were the passwords stored? Hashed? Salted and hashed?



Because some of us don't remember if we have an account on the site and might not be able to download a ~500mb torrent to verify if we do/did.


If you do have an account but your password is not a dictionary word and it's been hashed and salted, do you care?


Just go to Gawker site and try the link "Forgot Password". If your email is not registered with Gawker, it will tell you the same.


This sounds like a bad idea if the site is still comprimised.


It is very, very easy. The first 8 characters of your password were hashed using DES without a salt. Your cell phone has enough CPU to crack them all.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: