Thanks a lot for this information, didn't know before that !
Comment has been collapsed.
a simple comparison of hashes would reveal the password, especially if it's common or easy
Comment has been collapsed.
If they now have the source code, does that not mean they may also have the salt?
Comment has been collapsed.
A cryptographic hash is meant to be a one-time function, the transformation for all intents is not reversible. The only way to crack it is to brute force generate all possible passwords (or at least common ones) and compare the hashes. Taking this one step further, a prepared attack can use tables of stored passwords and precomputed hashes (aka rainbow tables) to make the search much faster.
To foil this kind of attack, passwords are usually salted with a unique nonce before being hashed, this basically renders such tables useless. The salt is not exactly secret, only unique, and usually stored plain text next to the hash.
TLDR: knowing the salt does not make it easier to crack a hashed password, other than maybe the shorter length of the combined(password, salt)
string, and it's still beyond the reach of pretty much anyone to brute force.
Comment has been collapsed.
Or to put it another way: if your password has 200+ bits of entropy and the hashing function in use isn't broken (looking at you md5, sha1, etc), you're good. Salt or no salt.
Comment has been collapsed.
Thanks for the Info.
They have now my "will be maybe spammed" email adress (far from the main one) and a password that i use only for twitch.
So congratulations hackers, have fun with my 2 followers :-D muhahahahahaha
Of course, if they could hack the 2FA before all that.
Comment has been collapsed.
341 Comments - Last post 22 minutes ago by xxxka
341 Comments - Last post 27 minutes ago by MeguminShiro
15,203 Comments - Last post 3 hours ago by 1000mgGinseng
56 Comments - Last post 4 hours ago by spodamayn
46,758 Comments - Last post 4 hours ago by LieEater
217 Comments - Last post 5 hours ago by RomchEk
44 Comments - Last post 6 hours ago by Foxhack
40 Comments - Last post 19 minutes ago by PastelLicuado
233 Comments - Last post 1 hour ago by kinkami
65 Comments - Last post 1 hour ago by LoLaPaZoLa
190 Comments - Last post 1 hour ago by Herobility
46 Comments - Last post 1 hour ago by AlvinCanCabbage
33 Comments - Last post 2 hours ago by matsalkoshek
2,588 Comments - Last post 2 hours ago by actuallySIG
Link to Reddit Subforum
If you have a Twitch-Account, change your password and enable 2FA asap. And I hope that you did not reuse the Twitch-password on another site.
Comment has been collapsed.