Hacker News new | past | comments | ask | show | jobs | submit login

So, if Adobe engineers eventually realized that they needed to upgrade their password security, and they had access to the passwords in their DB (they used 3DES, and they had the key) - why did they not immediately decrypt and hash all passwords?



It sounds like they did do that, and this system was the old database which was no longer in use, but they didn't shut it down.


See neya's comment here, who believes his credit card was taken from there amd he claims to have recently purchase something.

My theory is Adobe didn't use SHA2 even recently, it's probably something that they only started to develop.

And SHA2 is still wrong, BTW. See other comments here.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: