[Owasp-Malaysia] gawker password leak: Friendly reminder to encrypt *and* salt your stored passwords.

Ang Chin Han ang.chin.han at gmail.com
Wed Dec 15 06:56:58 EST 2010


Surprised not posted yet, but plenty of lessons to be learnt:

http://www.codinghorror.com/blog/gawker-hack-release-notes.html

http://en.wikipedia.org/wiki/Salt_(cryptography)

See also http://www.reddit.com/r/programming/comments/ekpr3/gawkergizmodo_does_not_salt_their_passwords_uses/

Salt your passwords, I'm looking at you Drupal 6! :(

/me hypocrite


More information about the Owasp-Malaysia mailing list