 | Forum Threads |  |
| Random Photo | |
| Member Poll | |
|
| Comments |
on June 08 2012 09:17:26
Think this is a good idea?
No https, no verification of who you're sending it to, etc., or as one said in this thread:
"However, you should note that once you try this service, even if linkedin didn't leak your unsalted hash, you just leaked your unsalted hash to an unknown entity (and that entity now has tied your password to a specific IP address) -- the very thing you were initially worried about" |
on June 08 2012 10:03:42
Well, whenever there's a story about password leaks on a service you're using, you should change your password. You should change your LinkedIn password now, regardless of the results of using this service, and also if you don't use the service.
To clarify the thread quote you posted, having a hash is not the same as having a password, and even if someone has a hash of your password, they will still have to brute-force crack it, just as they would, and with basically the same efficiency as if they were using brute-force to find your password (i.e. going through all possible key combinations in the world until they find yours). The fact that it is 'unsalted' just means it will take less time to crack than otherwise, but it will still basically have to be brute-force cracked.
Of course, you can just test the service after you changed your LinkedIn password; then there's definitely nothing to worry about...
But it is certainly good that you are paranoid, and it is better to be on the safe side. |
|
|
| Post Comment | |
Please Login to Post a Comment.
|
|
|
| Login | |
Forgotten your password? Request a new one here.
|
| | 
| Last Seen Users | |
| Obituaries | |
You must login to post a message.
|
| |
|
Useful
