, Security Issues
> To hash or to encrypt — that is the question
To hash or to encrypt — that is the question
Can somebody explain this to me, please? I don’t understand.
In LinkedIn’s data breach, customer passwords were stolen because they had been hashed instead of encrypted.
It’s from the Vormetric blog under the title Breach Blog Roll posted today. My understanding is that it refers to the 2012 LinkedIn breach that resulted in the theft of more than 6 million user passwords. Again, my understanding is that the passwords were hashed but not salted.
What I don’t understand, however, is how being hashed rather than encrypted was the cause of their theft.
For the record, the best response I’ve had so far came via Twitter:
Kurt Wismer operates the excellent ‘anti-virus rants’ blog
‘anti-virus rants’ is here.