Hacker News new | past | comments | ask | show | jobs | submit login

They could've just said "...as this is not possible" or something like that. I wasn't suggesting they need to drop in acronyms like PBKDF2 or whatever. They go out of their way to say "through the tools used in the attack" which might as well imply there are other tools through which the passwords are available...



They said "those [passwords] are not stored in plain text or available through the tools used in the attack." - "Or" means both clauses are true.

I think it most likely means, the passwords are hashed, and the hashes aren't available in this tool. There's undoubtedly other tools that allow people to view the hash, (Mysql command line client is a "tool" after all ;) Although I agree the statement is ambiguous enough, that it could mean things that aren't best practise.


Maybe they should hire a better writer because "and are not" is much clearer writing.


But technically you could try a dictionary-based brute-force attack on a user with a weak password and crack it regardless of the hashing scheme.


Not possible is like unhackable; if you say it you're guaranteed to be proven wrong. Publicly.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: