Home > All, Security Issues > To hash or to encrypt — that is the question

To hash or to encrypt — that is the question

December 12, 2013 Leave a comment Go to comments

Can somebody explain this to me, please? I don’t understand.

In LinkedIn’s data breach, customer passwords were stolen because they had been hashed instead of encrypted.

It’s from the Vormetric blog under the title Breach Blog Roll posted today. My understanding is that it refers to the 2012 LinkedIn breach that resulted in the theft of more than 6 million user passwords. Again, my understanding is that the passwords were hashed but not salted.

What I don’t understand, however, is how being hashed rather than encrypted was the cause of their theft.

Help? Anyone?

UPDATE
For the record, the best response I’ve had so far came via Twitter:

Kurt Wismer operates the excellent 'anti-virus rants' blog

Kurt Wismer operates the excellent ‘anti-virus rants’ blog

‘anti-virus rants’ is here.

Categories: All, Security Issues
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s