[keycloak-dev] Password storage and KDFs
Bruno Oliveira
bruno at abstractj.org
Wed Jan 22 09:00:26 EST 2014
Yes, Bill. Off the top of my head the common use case scenario would be that, an attacker in possession of some hashed passwords, could try to break it. Two examples:
- MITM: I’m just collection the data into the network and once I know that: Bob and Alice has the same hash, if you are doing SHA-* is easy to guess that they have the same password.
- Database compromised: Like happend with LinkedIn (http://www.zdnet.com/blog/btl/6-46-million-linkedin-passwords-leaked-online/79290) and you already mentioned.
--
abstractj
On January 22, 2014 at 11:55:12 AM, Bill Burke (bburke at redhat.com) wrote:
> > Question:
>
> How can they easily be broken? If somebody gets the password database?
More information about the keycloak-dev
mailing list