Yes, Bill. Off the top of my head the common use case scenario would be that, an attacker
in possession of some hashed passwords, could try to break it. Two examples:
- MITM: I’m just collection the data into the network and once I know that: Bob and Alice
has the same hash, if you are doing SHA-* is easy to guess that they have the same
password.
- Database compromised: Like happend with LinkedIn
(
http://www.zdnet.com/blog/btl/6-46-million-linkedin-passwords-leaked-onli...) and
you already mentioned.
--
abstractj
On January 22, 2014 at 11:55:12 AM, Bill Burke (bburke(a)redhat.com) wrote:
> Question:
How can they easily be broken? If somebody gets the password database?