Linked by Thom Holwerda on Mon 4th Jul 2011 21:43 UTC
Apple So, Anonymous, under the guise of its AntiSec campaign, has hacked an Apple server, got access to 27 administrator usernames and passwords, and put them on Pastebin. Is it time to panic? Is it time to point and laugh at Apple? Is it time to stop using iTunes? Not really - this is a small hack that will cause little to no damage.
Thread beginning with comment 479544
To read all comments associated with this story, please click here.
Comment by Kroc
by Kroc on Mon 4th Jul 2011 22:25 UTC
Kroc
Member since:
2005-11-10

A "Googleable" hash means that the passwords were not salted; this means that anybody can create a rainbow-table of precomputed hashes and match up Appleā€™s hash with a known original password. If the passwords were salted (and ideally salted per-password), all possible original passwords would have to be computed for each known Apple hash, significantly increasing the workload. With GPU computing so relatively cheap now, reverse-hashing passwords, even strong ones, can be achieved in as little as 10 seconds with a single rack of computers.

Reply Score: 8

RE: Comment by Kroc
by asharism on Tue 5th Jul 2011 22:01 in reply to "Comment by Kroc"
asharism Member since:
2005-06-30

Jeff Atwood (of the codinghorror.com and stackoverflow.com fame) has blog post a long time ago on this topic.

It is an insightful and enlightening read.

http://www.codinghorror.com/blog/2007/09/youre-probably-storing-pas...

Reply Parent Score: 2