Comment on Former IT contractor convicted for wiping 96 US government databases
alia@nord.pub 16 hours agoThey’re likely storing hashes. Which you can derive from the password.
Comment on Former IT contractor convicted for wiping 96 US government databases
alia@nord.pub 16 hours agoThey’re likely storing hashes. Which you can derive from the password.
dabster291@lemmy.zip 9 hours ago
You can’t un-hash a hash back into plaintext, though…
Overwrite7445@lemmy.ca 1 hour ago
Still possible to find the plaintext using rainbow tables. Especially so if hashed without a salt and using MD5.
Do you really think they implemented proper password hashing?
alia@nord.pub 4 hours ago
From the article: “According to court evidence, the incident began on Feb. 1, 2025, when Muneeb Akhter asked his brother for the plaintext password of a user who had submitted a complaint through the Equal Employment Opportunity Commission’s Public Portal.”
shiftymccool@piefed.ca 2 hours ago
Copying and pasting doesn’t prove your point. HOW did they get the plain text password? Hashes aren’t reversible so they must be stored in plain text or are encrypted in a reversible fashion which is an amateur move as well. Either way, they somehow had access to the user’s password which is a huge no-no