/ Java Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Password Security and Hash Slippage

DZone's Guide to

Password Security and Hash Slippage

by
Gunnar Hillert
·
Jun. 12, 12 · Java Zone
Free Resource

Comment (1)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Download Microservices for Java Developers: A hands-on introduction to frameworks and containers. Brought to you in partnership with Red Hat.

The massive losses of password hashes at LinkedIn [1], eHarmony [2] and Last.fm [3] are very concerning, to say the least. These are companies that are generally perceived as technology leaders, particularly LinkedIn. Also, as far as I now, eHarmony and LinkedIn are Java/JVM shops. Just some data that I gathered today regarding the scope of the issue:
  • Last.fm - presumably up to 17 million lost hashes - Algorithm used: MD5 - Hashes were Not salted
  • eHarmony - 1.5 million hashes - MD5 - No salted - All upper-case-passwords
  • LinkedIn - 6.5 million hashes - SHA1 - Not salted
Some of the leaks supposedly happened as far back as 2011. Here is some further background information: 
What is quite amazing to me, is that the basic measures that would prevent the cracking of the hashes, like better hash algorithms, salting, re-hashing are not rocket science. There is even a very nice library [4] out there that does it for you and it even hooks into e.g. Spring Security [5] - Not even Java coding is necessary.

I just wonder how the hackers got access to the hashes in the first place...I could not find any information on that, yet. Maybe another juicy story...

Download Building Reactive Microservices in Java: Asynchronous and Event-Based Application Design. Brought to you in partnership with Red Hat

Like This Article? Read More From DZone

VirtualBox CentOS Second Network Dynamic Host
Stack vs. Heap: Understanding Java Memory Allocation
Eclipse IoT in London

Free DZone Refcard

Getting Started With Vaadin Framework 8
DOWNLOAD
Topics:

Comment (1)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of Gunnar Hillert. See the original article here.

Opinions expressed by DZone contributors are their own.

Java Partner Resources

Kubernetes Deployment Models: The Ultimate Guide
Reactive Microsystems - The Evolution of Microservices at Scale
We have the data behind great user experiences. Now you can too. Read the infographic.
Discover How Not to be Slowed Down by a Rigid Relational schema or a Complicated ORM Layer
Modern Java EE Design Patterns: Building Scalable Architecture for Sustainable Enterprise Development
Headless CMS and Your Business Team
Combine the Innovations of NoSQL with the Critical Capabilities of Relational Databases
Making Sense of the Container Ecosystem: Kubernetes Comparison eBook
Develop and Deploy Microservices with JHipster
Microservices for Java Developers: A Hands-On Introduction to Frameworks & Containers
The single app analytics solutions to take your web and mobile apps to the next level. Try today!
An Introduction to Progressive Web Applications with Spring Boot and Angular

Java Partner Resources

Kubernetes Deployment Models: The Ultimate Guide
Reactive Microsystems - The Evolution of Microservices at Scale
We have the data behind great user experiences. Now you can too. Read the infographic.
Discover How Not to be Slowed Down by a Rigid Relational schema or a Complicated ORM Layer
THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone