Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why is everyone worried about what hashing algorithm was used and not if their company's private chat logs are about to become public knowledge?


Because obtaining a hash of a password does not mean the attacker can access the accounts and the chat logs.

If the passwords were not hashed or hashed in a weak manner then that means the attacker could figure out the account passwords, then gain access to the accounts, which would be bad.


I completely understand the risks associated with user passwords and hashing algorithms. But you know what? That shit gets leaked all the time. It's not uncommon and unfortunately, users are accustomed to it by now. It's relatively easy to fix.

You know what's a big deal? Having your company's internal private communications suddenly public or sold to the highest bidder. That's the sort of thing that doesn't have a "reset password" simple fix.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: