Coffeehouse Post

Single Post Permalink

View Thread: Apparently the IPO didn't fund Linkedin enough to hire decent programmers
  • User profile image

    It doesn't matter what algorithm you use (short of a public/private key). As long as you have the salt, you can run a dictionary against the sums, MD5, SHA1, ect...

    The salt can be computed from the hash of one single username which you know the password to.

    A portion of decrypted passes were posted after the LinkedIn attack which means they've already brute forced the passwords at this point.

    The real risk is not the compromised Linkedin accounts, but the fact that people trust linkedin enough to use the same passwords as their bank, gmail, paypal, ect...