Reading this article reminds me of the recent breach of Twitter (although I believe the passwords were properly hashed but the deciphering key was compromised?!)
Reading this article reminds me of the recent breach of Twitter (although I believe the passwords were properly hashed but the deciphering key was compromised?!)
hehe yeah, it was the reason I wrote this article.
No in hashing is no deciphering key. A deciphering key only exists in encryption systems that work on both sites, but as explained you only can hash plain to hash. Hash to plain is not possible, therefor no deciphering exists in hashing.
The problem with twitter was, that they are logged the password before they hashed it.
Like this:
User enters password as plaintext -> send to twitter server -> LOGGED PASSWORD as plain (they should not do that) -> hashed the password -> notify the user if password was correct or not.
Thank you very much for the detailed explanation, now I understand exactly what happened at Twitter.
BTW that reminds me that I should change my password there ASAP :)