|LinkedIn targeted by password hacking ninjas|
David Goldman of CNN Money says that LinkedIn was using an outdated form of cryptography to secure its users' private information: SHA-1, a publicly available cryptographic hash function designed by the United States National Security Agency. That is why security experts recommend that companies add another security layer called ‘salt’.
Goldman explains: “Salt randomly adds another piece of information to the password. It could be a user name, first name, or even a random number - it changes the underlying text enough to make it almost impossible to decode.”
Some people have questioned how it is possible that a company like LinkedIn uses a reversible encryption algorithm to store the passwords when passwords should always be encrypted one-way and should never be recoverable. Others argue that LinkedIn does not use reversible encryption - hackers just have to run a dictionary attack, encrypt the dictionary words and then compare the returned values.
The fact that the perpetrators are based in Russia, will make the job of the FBI investigators a tricky one. . As for me, I have difficulty in remembering all the passwords I use for different sites – some want characters and numerals, other want upper and lower case, and so on. Maybe the hackers are out to help people like me. Just joking!
Photo courtesy of www.FreeDigitalPhotos.net.
Subscribe to Insights into PR and online marketing