If they don’t know the function generating the hash-key, what do they test it against? I assume every website uses a unique function for converting passwords into keys.
In: Technology
> I assume every website uses a unique function for converting passwords into keys.
You are wrong. they all use the same well known hashing algorithms (in the case of the Internet Archive leak, bcrypt) . Security through obscurity doesnt really work so there isnt a point to using a unique algorithm.
and since the hashes were leaked and the hacker has them and the algorithm locally, there is nothing to shut them out of.
if you want something “fun” to do, try to find the password that hashes to `$2y$10$fksFP0dp5MOKVhl9z8mTqe1Jx8r0zr1EOEkCpjo7Kf9JJpZ11V0NO` in bcrypt. (here is a website to generate the hashes even if you dont know how locally https://bcrypt.online/)
Latest Answers